Proceedings of the 39th Annual IEEE/ACM International Symposium on Microarchitecture
Mining specifications of malicious behavior
Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Learning and Classification of Malware Behavior
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Discovering and Exploiting Program Phases
IEEE Micro
Automated classification and analysis of internet malware
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
AccessMiner: using system-centric models for malware protection
Proceedings of the 17th ACM conference on Computer and communications security
A sense of self for Unix processes
SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security
Stuxnet: Dissecting a Cyberwarfare Weapon
IEEE Security and Privacy
Measuring pay-per-install: the commoditization of malware distribution
SEC'11 Proceedings of the 20th USENIX conference on Security
Are hardware performance counters a cost effective way for integrity checking of programs
Proceedings of the sixth ACM workshop on Scalable trusted computing
SICE: a hardware-level strongly isolated computing environment for x86 multi-core platforms
Proceedings of the 18th ACM conference on Computer and communications security
W32.Duqu: the precursor to the next stuxnet
LEET'12 Proceedings of the 5th USENIX conference on Large-Scale Exploits and Emergent Threats
Abusing File Processing in Malware Detectors for Fun and Profit
SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
Dissecting Android Malware: Characterization and Evolution
SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
Side-channel vulnerability factor: a metric for measuring information leakage
Proceedings of the 39th Annual International Symposium on Computer Architecture
CFIMon: Detecting violation of control flow integrity using performance counters
DSN '12 Proceedings of the 2012 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)
Before we knew it: an empirical study of zero-day attacks in the real world
Proceedings of the 2012 ACM conference on Computer and communications security
Leveraging the short-term memory of hardware to diagnose production-run software failures
Proceedings of the 19th international conference on Architectural support for programming languages and operating systems
Proceedings of the 4th ACM conference on Data and application security and privacy
Hi-index | 0.00 |
The proliferation of computers in any domain is followed by the proliferation of malware in that domain. Systems, including the latest mobile platforms, are laden with viruses, rootkits, spyware, adware and other classes of malware. Despite the existence of anti-virus software, malware threats persist and are growing as there exist a myriad of ways to subvert anti-virus (AV) software. In fact, attackers today exploit bugs in the AV software to break into systems. In this paper, we examine the feasibility of building a malware detector in hardware using existing performance counters. We find that data from performance counters can be used to identify malware and that our detection techniques are robust to minor variations in malware programs. As a result, after examining a small set of variations within a family of malware on Android ARM and Intel Linux platforms, we can detect many variations within that family. Further, our proposed hardware modifications allow the malware detector to run securely beneath the system software, thus setting the stage for AV implementations that are simpler and less buggy than software AV. Combined, the robustness and security of hardware AV techniques have the potential to advance state-of-the-art online malware detection.