Anomaly Detection for malware identification using Hardware Performance Counters
This addresses malware identification for computer, smartphone, and IoT users, but it is incremental as it builds on existing anomaly detection and ML trends.
The authors tackled malware detection by proposing an anomaly-based method using hardware performance counters (HPC) to identify new and unknown threats, including APTs, in an unsupervised manner.
Computers are widely used today by most people. Internet based applications, like ecommerce or ebanking attracts criminals, who using sophisticated techniques, tries to introduce malware on the victim computer. But not only computer users are in risk, also smartphones or smartwatch users, smart cities, Internet of Things devices, etc. Different techniques has been tested against malware. Currently, pattern matching is the default approach in antivirus software. Also, Machine Learning is successfully being used. Continuing this trend, in this article we propose an anomaly based method using the hardware performance counters (HPC) available in almost any modern computer architecture. Because anomaly detection is an unsupervised process, new malware and APTs can be detected even if they are unknown.