Salus: Stackelberg Games for Malware Detection with Microarchitectural Events
Loading...
Date
2024-04-24
Authors
Khodaei, Elaheh
Journal Title
Journal ISSN
Volume Title
Publisher
University of Waterloo
Abstract
Microarchitectural events have been the subject of previous investigations for malware
detection. While some studies assert the effectiveness of utilizing hardware events in detecting
malware, others contend that they may not be beneficial for this purpose. We argue
and empirically show that the efficacy of using hardware events for malware detection relies
on accurately selecting hardware events during detector training. Through rigorous
analysis, we demonstrate that the conventional approach of selecting a single subset of
hardware events for training a malware detection model is insufficient for creating a robust
system capable of effectively handling all types of malware, even when using a ensemble
of powerful classifiers. Accordingly, we propose the use of multiple subsets of hardware
events, each dedicated to training a distinct malware detection model. Since only a single
subset of events can be monitored at any given time, we adopt a game-theoretic approach
to determine the optimal strategy for selecting the subset of hardware events to be monitored.
In addition to the theoretical analysis of our approach, we empirically demonstrate
its effectiveness by comparing it to other baselines.
Description
Keywords
Malware Detection, Game Theory, Microarchitectural Events, Hardware Performance Counters