| With the continuous improvement of technology,malware attack methods and implementation complexity are increasing.Based on static signature verification way has been unable to meet the detection requirements.Based on software behavior of malware detection method also brings a lot of performance overhead.Recent work has demonstrated the feasibility of using hardware performance counters for malware detection.In this thesis,a malware detector is presented to detect the running software in real time on the hardware layer by collecting and analyzing the micro-architectural features.Compared to traditional malware detection ways,hardware-based detection not only reduces the performance overhead of the system,but also has better efficiency.In this thesis,the malware samples are used from the VirusSign and the VirusTotal tool is used to analyze them to find out the suitable samples for experiment.Instead of relying on experience,the Lasso algorithm is employed to reduce the dimensionality of feature vector to 6 elements.Then four machine learning algorithms are used to train the classification model.These algorithms are logistic regression,decision tree,support vector machine and artificial neural network.The results shows that the classification efficiency is very high.On average,four classifiers can correctly identify 93.8% of the malware and only 6.1% normal software are classified as malware.In addition,the experiment of deep learning and BP neural networks shows that the granularity of micro-architectural features has a good performance of classification.So,malware detection based on the microarchitecture features do not have to use the deep learning model.Finally,this thesis analyzes the tradeoff between performance of classification and complexity of hardware implementation and choses the logistic regression algorithm as the hardware design. |
PDF Full Text Request