View article

Malicious programs, also known as malware, often use code obfuscation techniques to make static analysis more difficult and to evade signature-based detection. To resolve this problem, various behavioral detection techniques have been proposed that focus on the run-time behaviors of programs in order to dynamically detect malicious ones. Most of these techniques describe the run-time behavior of a program on the basis of its data flow and/or its system call traces. Recent work in behavioral malware detection has shown promise in using hardware performance counters (HPCs), which are a set of special-purpose registers built into modern processors providing detailed information about hardware and software events. In this paper, we pursue this line of research by presenting HPCMalHunter, a novel approach for real-time behavioral malware detection. HPCMalHunter uses HPCs to collect a set of event …