Accurate and Robust Malware Detection: Running XGBoost on Runtime Data from Performance Counters

Rana Elnaggar, Lorenzo Servadei, Shubham Mathur, Robert Wille, Wolfgang Ecker, Krishnendu Chakrabarty

Publikation: Beitrag in FachzeitschriftArtikelBegutachtung

10 Zitate (Scopus)

Abstract

Malware applications are one of the major threats that computing systems face today. While security researchers develop new defense mechanisms to detect malware, attackers continue to release new malware families that evade detection. New defense mechanisms must therefore be developed to effectively counter malware. Hardware performance counters (HPCs) have been recently proposed as a means to detect malware. However, recent work has also shown that malware detection is not effective when performance counters are sampled in realistic scenarios. We show how proper data preprocessing and the use of the XGBoost classifier can be used to improve the performance of malware detection using HPCs by at least 15%. We also show that the proposed method can detect malware early (shortly after its launch) by classifying HPC datastreams at short time intervals. In addition, we propose a multitemporal classification model that ensures the early detection of a high percentage of malware while maintaining overall low false positive rates. Finally, we show that through robust training, the XGBoost classifier shows up to 50x less vulnerability to adversarial attacks that are intended to undermine its malware detection performance.

OriginalspracheEnglisch
Seiten (von - bis)2066-2079
Seitenumfang14
FachzeitschriftIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems
Jahrgang41
Ausgabenummer7
DOIs
PublikationsstatusVeröffentlicht - 1 Juli 2022

Fingerprint

Untersuchen Sie die Forschungsthemen von „Accurate and Robust Malware Detection: Running XGBoost on Runtime Data from Performance Counters“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren