RHMD: evasion-resilient hardware malware detectors
作者: Khaled N. Khasawneh , Nael Abu-Ghazaleh , Dmitry Ponomarev , Lei Yu
关键词: Computer science 、 Evasion (network security) 、 Detector 、 Computer security 、 Resilience (network) 、 Hardware security module 、 Adversarial machine learning 、 Malware 、 Computer hardware
摘要: Hardware Malware Detectors (HMDs) have recently been proposed as a defense against the proliferation of malware. These detectors use low-level features, that can be collected by hardware performance monitoring units on modern CPUs to detect malware computational anomaly. Several aspects detector construction explored, leading with high accuracy. In this paper, we explore question how well evasive avoid detection HMDs. We show existing HMDs effectively reverse-engineered and subsequently evaded, allowing hide from without substantially slowing it down (which is important for certain types malware). This result demonstrates current generation easily defeated Next, evolve if exposed during training. simple detectors, such logistic regression, cannot even retraining. More sophisticated retrained malware, but evaded again. To address these limitations, propose new type Resilient (RHMDs) stochastically switch between different detectors. shown provably more difficult reverse engineer based resent results in probably approximately correct (PAC) learnability theory. indeed are resilient both engineering evasion, resilience increases number diversity individual Our demonstrate offer effective at low additional complexity.CCS CONCEPTSSecurity privacy $\rightarrow $ security implementation; its mitigation;
acm.org 
sci-hub.se 参考文章(57)
Nedim Šrndić, Battista Biggio, Giorgio Giacinto, Igino Corona, Fabio Roli, Davide Maiorca, Blaine Nelson, Pavel Laskov, Evasion attacks against machine learning at test time european conference on machine learning. ,vol. 8190, pp. 387- 402 ,(2013) , 10.1007/978-3-642-40994-3_25
Igor Santos, Felix Brezo, Javier Nieves, Yoseba K. Penya, Borja Sanz, Carlos Laorden, Pablo G. Bringas, Idea: Opcode-Sequence-Based Malware Detection Lecture Notes in Computer Science. pp. 35- 43 ,(2010) , 10.1007/978-3-642-11747-3_3
Vinod Yegneswaran, Guofei Gu, Wenke Lee, Martin Fong, Phillip Porras, BotHunter: detecting malware infection through IDS-driven dialog correlation usenix security symposium. pp. 12- ,(2007)
Aditya P. Mathur, Nwokedi Idika, A Survey of Malware Detection Techniques ,(2007)
Pavel Laskov, Marius Kloft, Online Anomaly Detection under Adversarial Impact international conference on artificial intelligence and statistics. pp. 405- 412 ,(2010)
Ed Skoudis, Lenny Zeltser, Malware: Fighting Malicious Code ,(2003)
Ke Wang, Janak J. Parekh, Salvatore J. Stolfo, Anagram: A Content Anomaly Detector Resistant to Mimicry Attack Lecture Notes in Computer Science. pp. 226- 248 ,(2006) , 10.1007/11856214_12
Vern Paxson, Chris Grier, Juan Caballero, Christian Kreibich, Measuring pay-per-install: the commoditization of malware distribution usenix security symposium. pp. 13- 13 ,(2011)
Marianne Winslett, Sruthi Bandhakavi, P. Madhusudan, Samuel T. King, VEX: vetting browser extensions for security vulnerabilities usenix security symposium. pp. 22- 22 ,(2010)
Richard Colbaugh, Kristin Glass, Predictive defense against evolving adversaries intelligence and security informatics. pp. 18- 23 ,(2012) , 10.1109/ISI.2012.6283222