EnsembleHMD: Accurate Hardware Malware Detectors with Specialized Ensemble Classifiers

Khasawneh Khaled N.; Ozsoy Meltem; Donovick Caleb; Abu-Ghazaleh Nael; Ponomarev Dmitry

首页> 外文期刊>IEEE transactions on dependable and secure computing >EnsembleHMD: Accurate Hardware Malware Detectors with Specialized Ensemble Classifiers

【24h】

EnsembleHMD: Accurate Hardware Malware Detectors with Specialized Ensemble Classifiers

机译：Ensemblehmd：精确的硬件恶意软件探测器，具有专门的集合分类器

获取原文

获取原文并翻译 | 示例

掌桥外文数据库（机构版） >>

开具论文收录证明 >>

文献代查 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

Hardware-based malware detectors (HMDs) are a promising new approach to defend against malware. HMDs collect low-level architectural features and use them to classify malware from normal programs. With simple hardware support, HMDs can be always on, operating as a first line of defense that prioritizes the application of more expensive and more accurate software-detector. In this paper, our goal is to increase the accuracy of HMDs, to improve detection, and reduce overhead. We use specialized detectors targeted towards a specific type of malware to improve the detection of each type. Next, we use ensemble learning techniques to improve the overall accuracy by combining detectors. We explore detectors based on logistic regression (LR) and neural networks (NN). The proposed detectors reduce the false-positive rate by more than half compared to using a single detector, while increasing their sensitivity. We develop metrics to estimate detection overhead; the proposed detectors achieve more than 16.6x overhead reduction during online detection compared to an idealized software-only detector, with an 8x improvement in relative detection time. NN detectors outperform LR detectors in accuracy, overhead (by 40 percent), and time-to-detection of the hardware component (by 5x). Finally, we characterize the hardware complexity by extending an open-core and synthesizing it on an FPGA platform, showing that the overhead is minimal.

机译：基于硬件的恶意软件探测器（HMDS）是一种抵御恶意软件的有希望的新方法。 HMDS收集低级架构功能，并使用它们来对来自普通程序的恶意软件进行分类。通过简单的硬件支持，HMD可以始终打开，作为优先考虑应用更昂贵和更准确的软件检测器的第一行防线。在本文中，我们的目标是提高HMDS的准确性，改善检测，减少开销。我们使用针对特定类型恶意软件的专用探测器来改善每种类型的检测。接下来，我们使用集合学习技术来通过组合探测器来提高整体精度。我们探索基于逻辑回归（LR）和神经网络（NN）的探测器。与使用单个探测器相比，所提出的探测器将假阳性率降低超过一半，同时提高了它们的灵敏度。我们开发指标来估计检测开销;与理想化的软件检测器相比，所提出的探测器在线检测期间实现了超过16.6倍的开销减少，相比具有相对检测时间的8倍提高了8倍。 NN探测器以准确性，开销（乘40％）和硬件组件（5倍）的时间检测，探测器探测器。最后，我们通过在FPGA平台上扩展开放核心并在FPGA平台上延伸并将其合成来表征硬件复杂性，显示开销是最小的。

著录项

来源
《IEEE transactions on dependable and secure computing》 |2020年第3期|620-633|共14页
作者
Khasawneh Khaled N.; Ozsoy Meltem; Donovick Caleb; Abu-Ghazaleh Nael; Ponomarev Dmitry;
展开▼
作者单位

Univ Calif Riverside Dept Comp Sci & Engn Riverside CA 92521 USA|Univ Calif Riverside Dept Elect Engn Riverside CA 92521 USA;

Intel Corp Secur & Privacy Lab Hillsboro OR 97124 USA;

Stanford Univ Dept Comp Sci Stanford CA 94305 USA;

Univ Calif Riverside Dept Comp Sci & Engn Riverside CA 92521 USA|Univ Calif Riverside Dept Elect Engn Riverside CA 92521 USA;

SUNY Binghamton Dept Comp Sci Binghamton NY 13902 USA;

展开▼
收录信息
原文格式 PDF
正文语种 eng
中图分类
关键词
Detectors; Malware; Hardware; Artificial neural networks; Training; Feature extraction; Malware detection; specialized detectors; ensemble learning; architecture; security;

机译：探测器;恶意软件;硬件;人工神经网络;培训;特征提取;恶意软件检测;专业探测器;集合学习;建筑;安全;

相似文献

外文文献
中文文献
专利

1. EnsembleHMD: Accurate Hardware Malware Detectors with Specialized Ensemble Classifiers [J] . Current Organic Synthesis . 2020,第3期

机译：Ensemblehmd：精确的硬件恶意软件探测器，具有专门的集合分类器
2. Hybrid Consensus Pruning of Ensemble Classifiers for Big Data Malware Detection [J] . Jemal H. Abawajy, Morshed Chowdhury, Andrei Kelarev Cloud Computing, IEEE Transactions on . 2020,第2期

机译：用于大数据恶意软件检测的合奏分类器的混合共识修剪
3. RAMD: registry-based anomaly malware detection using one-class ensemble classifiers [J] . Tajoddin Asghar, Abadi Mahdi Applied Intelligence: The International Journal of Artificial Intelligence, Neural Networks, and Complex Problem-Solving Technologies . 2019,第7期

机译：RAMD：基于注册表的异常恶意软件检测使用单级合奏分类器
4. Analyzing the Efficiency of Machine Learning Classifiers in Hardware-Based Malware Detectors [C] . Abraham Peedikayil Kuruvila, Shamik Kundu, Kanad Basu IEEE Computer Society Annual Symposium on VLSI . 2020

机译：分析基于硬件的恶意软件检测器中机器学习分类器的效率
5. Developing representative workloads for future hardware transactional memory research using a cycle-accurate, multidimensional hardware transactional memory model. [D] . Poe, James Michael, II. 2009

机译：使用周期精确的多维硬件事务存储模型为将来的硬件事务存储研究开发代表性的工作负载。
6. Accurate Determination of Imaging Modality using an Ensemble of Text- and Image-Based Classifiers [O] . Charles E. Kahn Jr., Jayashree Kalpathy-Cramer, Cesar A. Lam, 2012

机译：使用基于文本和图像的分类器的组合准确确定成像模态
7. Ensemble Learning for Low-level Hardware-supported Malware Detection? [O] . Khaled N. Khasawneh, Meltem Ozsoy, Caleb Donovick, 2015

机译：集成学习用于低级硬件支持的恶意软件检测？

EnsembleHMD: Accurate Hardware Malware Detectors with Specialized Ensemble Classifiers

摘要

著录项

相似文献

相关主题

期刊订阅