Abstract
This paper presents an experimental design and algorithm for power-based malware detection on general-purpose computers. Our design allows programmatic collection of CPU power profiles for a fixed set of non-malicious benchmarks, first running in an uninfected state and then in an infected state with malware running along with non-malicious software. To characterize power consumption profiles, we use both simple statistical and novel, sophisticated features. We propose an unsupervised, one-class anomaly detection ensemble and compare its perfor-mance with several supervised, kernel-based SVM classifiers (trained on clean and infected profiles) in detecting previously unseen malware. The anomaly detection system exhibits perfect detection when using all features across all benchmarks, with smaller false detection rate than the supervised classifiers. This paper provides a proof of concept that power-based malware detection is feasible for general-purpose computers and presents several future research steps toward that goal.
Original language | English |
---|---|
Title of host publication | Proceedings - 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications and 12th IEEE International Conference on Big Data Science and Engineering, Trustcom/BigDataSE 2018 |
Publisher | Institute of Electrical and Electronics Engineers Inc. |
Pages | 1680-1684 |
Number of pages | 5 |
ISBN (Print) | 9781538643877 |
DOIs | |
State | Published - Sep 5 2018 |
Event | 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications and 12th IEEE International Conference on Big Data Science and Engineering, Trustcom/BigDataSE 2018 - New York, United States Duration: Jul 31 2018 → Aug 3 2018 |
Publication series
Name | Proceedings - 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications and 12th IEEE International Conference on Big Data Science and Engineering, Trustcom/BigDataSE 2018 |
---|
Conference
Conference | 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications and 12th IEEE International Conference on Big Data Science and Engineering, Trustcom/BigDataSE 2018 |
---|---|
Country/Territory | United States |
City | New York |
Period | 07/31/18 → 08/3/18 |
Funding
This manuscript has been authored by UT-Battelle, LLC under Contract No. DE-AC05-00OR22725with the US DOE. The United States Government retains and the publisher, by accepting the article for publication, acknowledges that the United States Government retains a non-exclusive, paid-up, irrevocable, world-wide license to publish or reproduce the published form of this manuscript, or allow others to do so, for United States Government purposes. The DOE will provide public access to these results of federally sponsored research in accordance with the DOE Public Access Plan (http://energy.gov/downloads/doe-public-access-plan). Research sponsored by the Laboratory Directed Research and Development Program of Oak Ridge National Laboratory (ORNL), managed by UT-Battelle, LLC, for the US Department of Energy (DOE) and US DOE, Office of Energy Efficiency and Renewable Energy, Building TechnologiesOffice. K. Goseva-Popstojanova’s work was funded in part by the NSF grant CNS-1618629.
Keywords
- anomaly detection
- intrusion detection
- malware
- power monitoring
- rootkit
- side channel analysis