Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Kumar, Harshit, Chakraborty, Biswadeep, Sharma, Sudarshan, Mukhopadhyay, Saibal
Format: Preprint
Veröffentlicht: 2022
Schlagworte:
Online-Zugang:https://arxiv.org/abs/2206.12447
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
_version_ 1866913245582852096
author Kumar, Harshit
Chakraborty, Biswadeep
Sharma, Sudarshan
Mukhopadhyay, Saibal
author_facet Kumar, Harshit
Chakraborty, Biswadeep
Sharma, Sudarshan
Mukhopadhyay, Saibal
contents Hardware-based Malware Detectors (HMDs) have shown promise in detecting malicious workloads. However, the current HMDs focus solely on the CPU core of a System-on-Chip (SoC) and, therefore, do not exploit the full potential of the hardware telemetry. In this paper, we propose XMD, an HMD that uses an expansive set of telemetry channels extracted from the different subsystems of SoC. XMD exploits the thread-level profiling power of the CPU-core telemetry, and the global profiling power of non-core telemetry channels, to achieve significantly better detection performance than currently used Hardware Performance Counter (HPC) based detectors. We leverage the concept of manifold hypothesis to analytically prove that adding non-core telemetry channels improves the separability of the benign and malware classes, resulting in performance gains. We train and evaluate XMD using hardware telemetries collected from 723 benign applications and 1033 malware samples on a commodity Android Operating System (OS)-based mobile device. XMD improves over currently used HPC-based detectors by 32.91% for the in-distribution test data. XMD achieves the best detection performance of 86.54% with a false positive rate of 2.9%, compared to the detection rate of 80%, offered by the best performing signature-based Anti-Virus(AV) on VirusTotal, on the same set of malware samples.
format Preprint
id arxiv_https___arxiv_org_abs_2206_12447
institution arXiv
publishDate 2022
record_format arxiv
spellingShingle XMD: An Expansive Hardware-telemetry based Mobile Malware Detector to enhance Endpoint Detection
Kumar, Harshit
Chakraborty, Biswadeep
Sharma, Sudarshan
Mukhopadhyay, Saibal
Cryptography and Security
Hardware-based Malware Detectors (HMDs) have shown promise in detecting malicious workloads. However, the current HMDs focus solely on the CPU core of a System-on-Chip (SoC) and, therefore, do not exploit the full potential of the hardware telemetry. In this paper, we propose XMD, an HMD that uses an expansive set of telemetry channels extracted from the different subsystems of SoC. XMD exploits the thread-level profiling power of the CPU-core telemetry, and the global profiling power of non-core telemetry channels, to achieve significantly better detection performance than currently used Hardware Performance Counter (HPC) based detectors. We leverage the concept of manifold hypothesis to analytically prove that adding non-core telemetry channels improves the separability of the benign and malware classes, resulting in performance gains. We train and evaluate XMD using hardware telemetries collected from 723 benign applications and 1033 malware samples on a commodity Android Operating System (OS)-based mobile device. XMD improves over currently used HPC-based detectors by 32.91% for the in-distribution test data. XMD achieves the best detection performance of 86.54% with a false positive rate of 2.9%, compared to the detection rate of 80%, offered by the best performing signature-based Anti-Virus(AV) on VirusTotal, on the same set of malware samples.
title XMD: An Expansive Hardware-telemetry based Mobile Malware Detector to enhance Endpoint Detection
topic Cryptography and Security
url https://arxiv.org/abs/2206.12447