Analyzing the Efficiency of Machine Learning Classifiers in Hardware-Based Malware Detectors

摘要

The emergence of promising Internet-of-things (IoT) empowered Consumer Electronic devices resulted in their exhaustive proliferation across several safety-critical architectures. As Malware continue to evolve and escalate in form factor and count in modern-day consumer electronics, identifying such malicious entities is highly imperative to avoid unanticipated system behaviour. Modern morphic Malware can hide itself under the garb of a benign program, thus, evading detection by a conventional anti-virus software. Hence, Malware detectors using Hardware Performance Counters (HPCs) are gaining traction in this domain. HPCs are a collective integration of special purpose registers utilised to track low-level micro-architectural events such as branches taken, cache hits, etc. Machine Learning classifiers are trained on the manifested HPC data and then deployed on Hardware-based Malware Detectors (HMDs), which efficiently detect the incognito Malware activity. This paper explores the performance of such traditional Machine Learning algorithms over the HPC values obtained at execution, to estimate the efficiency of classifying an application as Malware or benign. A thorough experimental analysis of the multivariate network parameters for each Machine Learning algorithm projects the Random Forest classifier to furnish a class-leading detection accuracy of 83.04%.