{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,12]],"date-time":"2026-06-12T15:45:52Z","timestamp":1781279152628,"version":"3.54.1"},"reference-count":31,"publisher":"Association for Computing Machinery (ACM)","issue":"5","license":[{"start":{"date-parts":[[2020,9,26]],"date-time":"2020-09-26T00:00:00Z","timestamp":1601078400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Embed. Comput. Syst."],"published-print":{"date-parts":[[2020,9,30]]},"abstract":"<jats:p>Detection of malicious programs using hardware-based features has gained prominence recently. The tamper-resistant hardware metrics prove to be a better security feature than the high-level software metrics, which can be easily obfuscated. Hardware Performance Counters (HPC), which are inbuilt in most of the recent processors, are often the choice of researchers amongst hardware metrics. However, a lack of determinism in their counts, thereby affecting the malware detection rate, minimizes the advantages of HPCs. To overcome this problem, in our work, we propose a three-step methodology for fine-grained malware detection. In the first step, we extract the HPCs of each system call of an unknown program. Later, we make a dimensionality reduction of the fine-grained data to identify the components that have maximum variance. Finally, we use a machine learning based approach to classify the nature of the unknown program into benign or malicious. Our proposed methodology has obtained a 98.4% detection rate, with a 3.1% false positive. It has improved the detection rate significantly when compared to other recent works in hardware-based anomaly detection.<\/jats:p>","DOI":"10.1145\/3403943","type":"journal-article","created":{"date-parts":[[2020,9,26]],"date-time":"2020-09-26T10:15:05Z","timestamp":1601115305000},"page":"1-17","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":28,"title":["Hardware Performance Counter-Based Fine-Grained Malware Detection"],"prefix":"10.1145","volume":"19","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-5996-2421","authenticated-orcid":false,"given":"Sai Praveen","family":"Kadiyala","sequence":"first","affiliation":[{"name":"Nanyang Technological University, Singapore"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Pranav","family":"Jadhav","sequence":"additional","affiliation":[{"name":"BITS Pilani, India"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Siew-Kei","family":"Lam","sequence":"additional","affiliation":[{"name":"Nanyang Technological University, Singapore"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Thambipillai","family":"Srikanthan","sequence":"additional","affiliation":[{"name":"Nanyang Technological University, Singapore"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2020,9,26]]},"reference":[{"key":"e_1_2_1_2_1","volume-title":"Lui","author":"Zheng Min","year":"2012","unstructured":"Min Zheng , Patrick P. C. Lee , and John C. S . Lui . 2012 . ADAM : An automatic and extensible platform to stress test android anti-virus systems. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer , 82--101. Min Zheng, Patrick P. C. Lee, and John C. S. Lui. 2012. ADAM: An automatic and extensible platform to stress test android anti-virus systems. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 82--101."},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2018.2824250"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2015.2491300"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMPSAC.2015.103"},{"key":"e_1_2_1_6_1","volume-title":"Retrieved","author":"ARM.","year":"2019","unstructured":"CSAL_ ARM. Core Sight Access Library . Retrieved October 23, 2019 from https:\/\/github.com\/ARM-software\/CSAL. CSAL_ARM. Core Sight Access Library. Retrieved October 23, 2019 from https:\/\/github.com\/ARM-software\/CSAL."},{"key":"e_1_2_1_7_1","volume-title":"Virus share. Retrieved","author":"Roberts J.-M.","year":"2019","unstructured":"J.-M. Roberts . Virus share. Retrieved August 2, 2019 from https:\/\/virusshare.com\/. J.-M. Roberts. Virus share. Retrieved August 2, 2019 from https:\/\/virusshare.com\/."},{"key":"e_1_2_1_8_1","volume-title":"Retrieved","author":"Malware Open","year":"2020","unstructured":"Open Malware . Open Malware\u2014Community Malicious code research and analysis . Retrieved April 24, 2020 from http:\/\/malwarebenchmark.org\/. Open Malware. Open Malware\u2014Community Malicious code research and analysis. Retrieved April 24, 2020 from http:\/\/malwarebenchmark.org\/."},{"key":"e_1_2_1_9_1","unstructured":"EECS-UMich. MiBench. Retrieved April 24 2020 from https:\/\/vhosts.eecs.umich.edu\/mibench\/.  EECS-UMich. MiBench. Retrieved April 24 2020 from https:\/\/vhosts.eecs.umich.edu\/mibench\/."},{"key":"e_1_2_1_10_1","volume-title":"SPEC CPU2017","author":"SPEC.","year":"2020","unstructured":"SPEC. SPEC CPU2017 . Retrieved April 24, 2020 from https:\/\/www.spec.org\/cpu2017\/. SPEC. SPEC CPU2017. Retrieved April 24, 2020 from https:\/\/www.spec.org\/cpu2017\/."},{"key":"e_1_2_1_11_1","unstructured":"Intel. LMbench. Retrieved April 24 2020 from https:\/\/github.com\/intel\/lmbench\/.  Intel. LMbench. Retrieved April 24 2020 from https:\/\/github.com\/intel\/lmbench\/."},{"key":"e_1_2_1_12_1","unstructured":"kdlucas. UnixBench. Retrieved April 24 2020 from https:\/\/github.com\/kdlucas\/byte-unixbench\/.  kdlucas. UnixBench. Retrieved April 24 2020 from https:\/\/github.com\/kdlucas\/byte-unixbench\/."},{"key":"e_1_2_1_13_1","unstructured":"EEMBC Benchmarks. Retrieved April 24 2020 from https:\/\/github.com\/eembc.  EEMBC Benchmarks. Retrieved April 24 2020 from https:\/\/github.com\/eembc."},{"key":"e_1_2_1_14_1","volume-title":"Scikit-learn: Machine learning in Python. CoRR abs\/1201.0490","author":"Pedregosa Fabian","year":"2012","unstructured":"Fabian Pedregosa , Ga\u00ebl Varoquaux , Alexandre Gramfort , Vincent Michel , Bertrand Thirion , Olivier Grisel , Mathieu Blondel , Peter Prettenhofer , Ron Weiss , Vincent Dubourg , Jake VanderPlas , Alexandre Passos , David Cournapeau , Matthieu Brucher , Matthieu Perrot , and Edouard Duchesnay . 2012 . Scikit-learn: Machine learning in Python. CoRR abs\/1201.0490 (2012). arxiv:1201.0490 http:\/\/arxiv.org\/abs\/1201.0490 Fabian Pedregosa, Ga\u00ebl Varoquaux, Alexandre Gramfort, Vincent Michel, Bertrand Thirion, Olivier Grisel, Mathieu Blondel, Peter Prettenhofer, Ron Weiss, Vincent Dubourg, Jake VanderPlas, Alexandre Passos, David Cournapeau, Matthieu Brucher, Matthieu Perrot, and Edouard Duchesnay. 2012. Scikit-learn: Machine learning in Python. CoRR abs\/1201.0490 (2012). arxiv:1201.0490 http:\/\/arxiv.org\/abs\/1201.0490"},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/TCAD.2015.2474374"},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508148.2485970"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/HPCA.2015.7056070"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/3061639.3062202"},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-981-10-2209-8_5"},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.engappai.2016.12.016"},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.knosys.2018.04.033"},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.5555\/2011216.2011217"},{"key":"e_1_2_1_23_1","volume-title":"Lupu","author":"Paudice Andrea","year":"2018","unstructured":"Andrea Paudice , Luis Mu\u00f1oz-Gonz\u00e1lez , and Emil C . Lupu . 2018 . Label sanitization against label flipping poisoning attacks. In Joint European Conference on Machine Learning and Knowledge Discovery in Databases. Springer , 5--15. Andrea Paudice, Luis Mu\u00f1oz-Gonz\u00e1lez, and Emil C. Lupu. 2018. Label sanitization against label flipping poisoning attacks. In Joint European Conference on Machine Learning and Knowledge Discovery in Databases. Springer, 5--15."},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00021"},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-48324-4_13"},{"key":"e_1_2_1_26_1","volume-title":"Stolfo","author":"Tang Adrian","year":"2014","unstructured":"Adrian Tang , Simha Sethumadhavan , and Salvatore J . Stolfo . 2014 . Unsupervised anomaly-based malware detection using hardware features. In International Workshop on Recent Advances in Intrusion Detection. Springer , 109--129. Adrian Tang, Simha Sethumadhavan, and Salvatore J. Stolfo. 2014. Unsupervised anomaly-based malware detection using hardware features. In International Workshop on Recent Advances in Intrusion Detection. Springer, 109--129."},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCKE.2014.6993402"},{"key":"e_1_2_1_28_1","volume-title":"2017 ACM on Asia Conference on Computer and Communications Security. ACM, 253--265","author":"Zhang Tianwei","unstructured":"Tianwei Zhang , Yinqian Zhang , and Ruby B. Lee . 2017. Dos attacks on your memory in cloud . In 2017 ACM on Asia Conference on Computer and Communications Security. ACM, 253--265 . Tianwei Zhang, Yinqian Zhang, and Ruby B. Lee. 2017. Dos attacks on your memory in cloud. In 2017 ACM on Asia Conference on Computer and Communications Security. ACM, 253--265."},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.asoc.2016.09.014"},{"key":"e_1_2_1_30_1","volume-title":"Lee","author":"Zhang Tianwei","year":"2016","unstructured":"Tianwei Zhang , Yinqian Zhang , and Ruby B . Lee . 2016 . Cloudradar : A real-time side-channel attack detection system in clouds. In International Symposium on Research in Attacks, Intrusions, and Defenses. Springer , 118--140. Tianwei Zhang, Yinqian Zhang, and Ruby B. Lee. 2016. Cloudradar: A real-time side-channel attack detection system in clouds. In International Symposium on Research in Attacks, Intrusions, and Defenses. Springer, 118--140."},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-66399-9_5"},{"key":"e_1_2_1_32_1","volume-title":"UK Workshop on Computational Intelligence. Springer, 203--213","author":"Allaf Zirak","year":"2017","unstructured":"Zirak Allaf , Mo Adda , and Alexander Gegov . 2017 . A comparison study on flush+ reload and prime+ probe attacks on AES using machine learning approaches . In UK Workshop on Computational Intelligence. Springer, 203--213 . Zirak Allaf, Mo Adda, and Alexander Gegov. 2017. A comparison study on flush+ reload and prime+ probe attacks on AES using machine learning approaches. In UK Workshop on Computational Intelligence. Springer, 203--213."}],"container-title":["ACM Transactions on Embedded Computing Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3403943","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3403943","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:38:22Z","timestamp":1750199902000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3403943"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,9,26]]},"references-count":31,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2020,9,30]]}},"alternative-id":["10.1145\/3403943"],"URL":"https:\/\/doi.org\/10.1145\/3403943","relation":{},"ISSN":["1539-9087","1558-3465"],"issn-type":[{"value":"1539-9087","type":"print"},{"value":"1558-3465","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,9,26]]},"assertion":[{"value":"2019-11-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2020-05-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2020-09-26","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}