{"title":"MicroArchitectural events and image processing-based hybrid approach for robust malware detection: work-in-progress","authors":"Sanket Shukla, Gaurav Kolhe, S. D, S. Rafatirad","doi":"10.1145/3349569.3351538","DOIUrl":null,"url":null,"abstract":"To thwart the detection of malware through traditional and emerging approaches, malware development has seen a paradigm of embedding the malware into benign applications. This calls for a localized feature extraction scheme for detecting stealthy malware with more robustness. To address this challenge, we introduce a hybrid approach which utilizes the microarchitectural traces obtained through on-chip embedded hardware performance counters (HPCs) and the application binary for malware detection. The obtained HPCs are fed to multi-stage machine learning (ML) classifier for detecting and classifying the malware. To overcome the challenge of detecting the stealthy malware, image processing based approach is applied in parallel. In this approach, the malware binaries are converted into images, which is further converted into sequences and fed to recurrent neural networks to recognize patterns of stealthy malware. Based on the localized patterns, sequence classification is further applied to perform binary classification and further discover the variation of the identified malware family. Our proposed framework exhibits high resilience to popular obfuscation techniques such as code relocation.","PeriodicalId":306252,"journal":{"name":"Proceedings of the International Conference on Compliers, Architectures and Synthesis for Embedded Systems Companion","volume":"17 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-10-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the International Conference on Compliers, Architectures and Synthesis for Embedded Systems Companion","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3349569.3351538","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 9
Abstract
To thwart the detection of malware through traditional and emerging approaches, malware development has seen a paradigm of embedding the malware into benign applications. This calls for a localized feature extraction scheme for detecting stealthy malware with more robustness. To address this challenge, we introduce a hybrid approach which utilizes the microarchitectural traces obtained through on-chip embedded hardware performance counters (HPCs) and the application binary for malware detection. The obtained HPCs are fed to multi-stage machine learning (ML) classifier for detecting and classifying the malware. To overcome the challenge of detecting the stealthy malware, image processing based approach is applied in parallel. In this approach, the malware binaries are converted into images, which is further converted into sequences and fed to recurrent neural networks to recognize patterns of stealthy malware. Based on the localized patterns, sequence classification is further applied to perform binary classification and further discover the variation of the identified malware family. Our proposed framework exhibits high resilience to popular obfuscation techniques such as code relocation.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
