Graduation Semester and Year
2018
Language
English
Document Type
Thesis
Degree Name
Master of Science in Computer Science
Department
Computer Science and Engineering
First Advisor
Unknown
Abstract
Systems affected by Malware in the past 10 years has risen from 29 million to 780 million, which tells us it’s a rapidly growing threat. Viruses, ransomware, worms, backdoors, botnets etc. all come under malware. Ransomware alone is predicted to cost $11.5 billion in 2019. As the downtime and financial damages are rising the researchers are finding new ways to tackle this threat. However, the usual approach is prone to high false positive rate or delayed detection rate. This research explores a dynamic approach for early-stage malware detection by modeling it’s behavior using hardware performance counters with low overhead. The analysis begins on a bare-metal machine running malware which is profiled for hardware calls using Intel VTune before it infects the system. By using this system design, I am able to generate models from data extracted using hardware performance counters and use it to train the system using machine learning techniques from known malware samples collected from VirusTotal and Hybrid Analysis.
Keywords
Hardware performance counters, Malware, Virustotal, Sandbox
Disciplines
Computer Sciences | Physical Sciences and Mathematics
License
This work is licensed under a Creative Commons Attribution-NonCommercial-Share Alike 4.0 International License.
Recommended Citation
Raheja, Anchal, "MALWARE EARLY-STAGE DETECTION USING MACHINE LEARNING ON HARDWARE PERFORMANCE COUNTERS" (2018). Computer Science and Engineering Theses. 373.
https://mavmatrix.uta.edu/cse_theses/373
Comments
Degree granted by The University of Texas at Arlington