Deep learning based malware detection using hardware performance counters
Studies in the past have investigated the feasibility of using HPCs (Hardware Performance Counters) as a metric to differentiate between benignware and malware. A major study titled “Hardware Performance Counters Can Detect Malware: Myth or Fact?” in 2018 concluded by using statistical models like R...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
Nanyang Technological University
2021
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/148121 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-148121 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1481212021-04-23T15:09:41Z Deep learning based malware detection using hardware performance counters Quah, Yu Kiat Zhang Tianwei School of Computer Science and Engineering tianwei.zhang@ntu.edu.sg Engineering::Computer science and engineering::Computing methodologies::Artificial intelligence Engineering::Computer science and engineering::Computer systems organization::Performance of systems Studies in the past have investigated the feasibility of using HPCs (Hardware Performance Counters) as a metric to differentiate between benignware and malware. A major study titled “Hardware Performance Counters Can Detect Malware: Myth or Fact?” in 2018 concluded by using statistical models like Random Forest and Decision Tree that HPCs are not able to serve as a suitable metric. In the time since that study was published, newer deep learning models and techniques have been created. This paper first attempts to replicate the major study mentioned previously, then further investigate the feasibility of using HPCs as a metric with other models and techniques not used previously. LSTM (Long-Term Short Memory), Dense, and Ensemble models were investigated for their ability to use HPC values as a metric to differentiate between benignware and malware. This paper achieved results of ~80%, ~60%, and ~80% respectively for those models. Thus, this paper, based on the additional experiments done, supports the conclusion that HPCs are unable to reliably differentiate between benignware and malware. However, this paper provides the caveat that more data is needed for more experiments to be done to further support or contradict the conclusion that HPCs are an unsuitable metric. The source code used for this paper will also be made available to serve as an accessible base from which others can continue to build upon. Bachelor of Engineering (Computer Science) 2021-04-23T15:09:41Z 2021-04-23T15:09:41Z 2021 Final Year Project (FYP) Quah, Y. K. (2021). Deep learning based malware detection using hardware performance counters. Final Year Project (FYP), Nanyang Technological University, Singapore. https://hdl.handle.net/10356/148121 https://hdl.handle.net/10356/148121 en SCSE20-0460 application/pdf Nanyang Technological University |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Engineering::Computer science and engineering::Computing methodologies::Artificial intelligence Engineering::Computer science and engineering::Computer systems organization::Performance of systems |
| spellingShingle |
Engineering::Computer science and engineering::Computing methodologies::Artificial intelligence Engineering::Computer science and engineering::Computer systems organization::Performance of systems Quah, Yu Kiat Deep learning based malware detection using hardware performance counters |
| description |
Studies in the past have investigated the feasibility of using HPCs (Hardware Performance Counters) as a metric to differentiate between benignware and malware. A major study titled “Hardware Performance Counters Can Detect Malware: Myth or Fact?” in 2018 concluded by using statistical models like Random Forest and Decision Tree that HPCs are not able to serve as a suitable metric. In the time since that study was published, newer deep learning models and techniques have been created. This paper first attempts to replicate the major study mentioned previously, then further investigate the feasibility of using HPCs as a metric with other models and techniques not used previously. LSTM (Long-Term Short Memory), Dense, and Ensemble models were investigated for their ability to use HPC values as a metric to differentiate between benignware and malware. This paper achieved results of ~80%, ~60%, and ~80% respectively for those models. Thus, this paper, based on the additional experiments done, supports the conclusion that HPCs are unable to reliably differentiate between benignware and malware. However, this paper provides the caveat that more data is needed for more experiments to be done to further support or contradict the conclusion that HPCs are an unsuitable metric. The source code used for this paper will also be made available to serve as an accessible base from which others can continue to build upon. |
| author2 |
Zhang Tianwei |
| author_facet |
Zhang Tianwei Quah, Yu Kiat |
| format |
Final Year Project |
| author |
Quah, Yu Kiat |
| author_sort |
Quah, Yu Kiat |
| title |
Deep learning based malware detection using hardware performance counters |
| title_short |
Deep learning based malware detection using hardware performance counters |
| title_full |
Deep learning based malware detection using hardware performance counters |
| title_fullStr |
Deep learning based malware detection using hardware performance counters |
| title_full_unstemmed |
Deep learning based malware detection using hardware performance counters |
| title_sort |
deep learning based malware detection using hardware performance counters |
| publisher |
Nanyang Technological University |
| publishDate |
2021 |
| url |
https://hdl.handle.net/10356/148121 |
| _version_ |
1698713690258276352 |