HEAVEN: A Hardware-Enhanced AntiVirus ENgine to accelerate real-time, signature-based malware detection
نویسندگان
چکیده
Antiviruses (AVs) are computing-intensive applications that rely on constant monitoring of OS events and applying pattern matching procedures binaries to detect malware. In this paper, we introduce HEAVEN, a framework for Intel x86/x86-64 MS Windows combines hardware software improve AVs performance. HEAVEN workflow consists hardware-assisted signature process as its first step (triage), which is fast, only invokes the software-based AV when suspicious, i.e., with an unknown malignity. We implement PoC by instrumenting Intel’s branch predictor, allows generation malware signatures based history. To validate our PoC, evaluate dataset composed 10,000 1,000 benign samples from different categories accomplished detection rates 100% (no false-positives). The occurred before execution 10% samples’ code. designed be memory efficient: it identified unique 32-bit each sample at storage cost 35KB SRAM. also processing efficiency in mind: extensions present negligible performance overhead reduces average workload chosen counterpart (ClamWin)—10% CPU usage, 5.61% throughput, 16.22% disk writes, 20.22% reads. With may decrease number cycles used scanning 87.5%, promising result regarding feasibility proposal: combination hardware-/software-based practical effective flags suspicious while posing overhead.
منابع مشابه
A rapid, early detection of oral squamous cell carcinoma: Real time PCR based detection of tetranectin
The current study is focused on determining the mRNA expression levels of tetranectin, to detect oral squamous cell carcinoma (OSCC) and thus aiding in its classification at an early stage. RNA was isolated and cDNA synthesis was performed from the saliva samples of the patients and healthy individuals. A semiquantitative PCR based analysis was performed prior to quantitative and expression bas...
متن کاملA rapid, early detection of oral squamous cell carcinoma: Real time PCR based detection of tetranectin
The current study is focused on determining the mRNA expression levels of tetranectin, to detect oral squamous cell carcinoma (OSCC) and thus aiding in its classification at an early stage. RNA was isolated and cDNA synthesis was performed from the saliva samples of the patients and healthy individuals. A semiquantitative PCR based analysis was performed prior to quantitative and expression bas...
متن کاملEnhanced Detection of Malware
A signifi cant development in the malware landscape in recent years is the ability of hackers to monetize compromised platforms by (1) gathering valuable information that can be sold, (2) using the platform’s resources to aid in an illicit or unwanted activity, or (3) holding information contained on the platform for ransom. Since the attacker’s potential monetary reward is increased the more t...
متن کاملA framework for metamorphic malware analysis and real-time detection
Metamorphism is a technique that mutates the binary code using different obfuscations. It is difficult to write a new metamorphic malware and in general malware writers reuse old malware. To hide detection the malware writers change the obfuscations (syntax) more than the behavior (semantic) of such a new malware. On this assumption and motivation, this paper presents a new framework named MARD...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Expert Systems With Applications
سال: 2022
ISSN: ['1873-6793', '0957-4174']
DOI: https://doi.org/10.1016/j.eswa.2022.117083