Quantifying and Improving the Efficiency of Hardware-based Mobile Malware Detectors
Venue: MICRO 2016
Authors: Mikhail Kazdagli, Vijay Janapa Reddi, Mohit Tiwari
This paper presents an analyze of hardware-based malware detection on a mobile platform, mainly Android. The paper does an exception job at modeling many different malware acts, analyzing not only their behaviors, but validating the attacks are operating correctly. The paper then uses hardware performance counters to detect malware. They note that this malware on mobile devices typically operates in the order of seconds.
They create Sherlock, a Hardware Malware Detector (HMD), which samples number of instructions, number of memory loads/stores, immediate and indirect control flow execution counts, and number of mispredicted branches. They sample at a frequency of 1kHz, finding the overhead to be 0.3%. They extract features from each 100ms long time interval using Discrete Wavelet Transform (using the coefficients as a feature vector). They use these feature vectors to construct two models: (a) bag-of-words algorithm followed by a ocSVM and a (b) probabilistic Markov Model. They report that (a) performs better in most scenarios, but (b) performs better in others and suggest a tournament style approach. See paper for more details.
Authors: Mikhail Kazdagli, Vijay Janapa Reddi, Mohit Tiwari
This paper presents an analyze of hardware-based malware detection on a mobile platform, mainly Android. The paper does an exception job at modeling many different malware acts, analyzing not only their behaviors, but validating the attacks are operating correctly. The paper then uses hardware performance counters to detect malware. They note that this malware on mobile devices typically operates in the order of seconds.
They create Sherlock, a Hardware Malware Detector (HMD), which samples number of instructions, number of memory loads/stores, immediate and indirect control flow execution counts, and number of mispredicted branches. They sample at a frequency of 1kHz, finding the overhead to be 0.3%. They extract features from each 100ms long time interval using Discrete Wavelet Transform (using the coefficients as a feature vector). They use these feature vectors to construct two models: (a) bag-of-words algorithm followed by a ocSVM and a (b) probabilistic Markov Model. They report that (a) performs better in most scenarios, but (b) performs better in others and suggest a tournament style approach. See paper for more details.
Comments
Post a Comment