Detection of malicious programs using hardware-based features has gained prominence recently. The tamper-resistant hardware metrics prove to be a better security feature than the high-level software metrics, which can be easily obfuscated. Hardware Performance Counters (HPC), which are inbuilt in most of the recent processors, are often the choice of researchers amongst hardware metrics. However, a lack of determinism in their counts, thereby affecting the malware detection rate, minimizes the advantages of HPCs. To overcome this problem, in our work, we propose a three-step methodology for fine-grained malware detection. In the first step, we extract the HPCs of each system call of an unknown program. Later, we make a dimensionality reduction of the fine-grained data to identify the components that have maximum variance. Finally, we use a machine learning based approach to classify the nature of the unknown program into benign or malicious. Our proposed methodology has obtained a 98.4% detection rate, with a 3.1% false positive. It has improved the detection rate significantly when compared to other recent works in hardware-based anomaly detection.

中文翻译：

---

基于硬件性能计数器的细粒度恶意软件检测

使用基于硬件的功能检测恶意程序最近变得越来越重要。与易于混淆的高级软件指标相比，防篡改硬件指标被证明是一种更好的安全功能。内置在大多数最新处理器中的硬件性能计数器 (HPC) 通常是研究人员在硬件指标中的选择。然而，它们的计数缺乏确定性，从而影响了恶意软件的检测率，从而最大限度地减少了 HPC 的优势。为了克服这个问题，在我们的工作中，我们提出了一种用于细粒度恶意软件检测的三步方法。第一步，我们提取未知程序的每个系统调用的 HPC。稍后，我们对细粒度数据进行降维，以识别具有最大方差的组件。最后，我们使用基于机器学习的方法将未知程序的性质分类为良性或恶意。我们提出的方法获得了 98.4% 的检测率，3.1% 的误报率。与最近在基于硬件的异常检测方面的其他工作相比，它显着提高了检测率。