{"id":"https://openalex.org/W2807415350","doi":"https://doi.org/10.1145/3196494.3196515","title":"Hardware Performance Counters Can Detect Malware","display_name":"Hardware Performance Counters Can Detect Malware","publication_year":2018,"publication_date":"2018-05-29","ids":{"openalex":"https://openalex.org/W2807415350","doi":"https://doi.org/10.1145/3196494.3196515","mag":"2807415350"},"language":"en","primary_location":{"id":"doi:10.1145/3196494.3196515","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3196494.3196515","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2018 on Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5036310350","display_name":"Boyou Zhou","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Boyou Zhou","raw_affiliation_strings":["Boston University, Boston, MA, USA"],"affiliations":[{"raw_affiliation_string":"Boston University, Boston, MA, USA","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5014436016","display_name":"Anmol Gupta","orcid":"https://orcid.org/0000-0003-0159-8780"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Anmol Gupta","raw_affiliation_strings":["Boston University, Boston, MA, USA"],"affiliations":[{"raw_affiliation_string":"Boston University, Boston, MA, USA","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5083725173","display_name":"Rasoul Jahanshahi","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Rasoul Jahanshahi","raw_affiliation_strings":["Boston University, Boston, MA, USA"],"affiliations":[{"raw_affiliation_string":"Boston University, Boston, MA, USA","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5044975798","display_name":"Manuel Egele","orcid":"https://orcid.org/0000-0001-5038-2682"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Manuel Egele","raw_affiliation_strings":["Boston University, Boston, MA, USA"],"affiliations":[{"raw_affiliation_string":"Boston University, Boston, MA, USA","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5089428659","display_name":"Ajay Joshi","orcid":"https://orcid.org/0000-0002-3256-9942"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ajay Joshi","raw_affiliation_strings":["Boston University, Boston, MA, USA"],"affiliations":[{"raw_affiliation_string":"Boston University, Boston, MA, USA","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5036310350"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":6.6326,"has_fulltext":false,"cited_by_count":115,"citation_normalized_percentile":{"value":0.97561451,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"457","last_page":"468"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9984999895095825,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10054","display_name":"Parallel Computing and Optimization Techniques","score":0.9959999918937683,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8129051327705383},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7757099866867065},{"id":"https://openalex.org/keywords/naive-bayes-classifier","display_name":"Naive Bayes classifier","score":0.7098469734191895},{"id":"https://openalex.org/keywords/adaboost","display_name":"AdaBoost","score":0.6609116196632385},{"id":"https://openalex.org/keywords/random-forest","display_name":"Random forest","score":0.600560188293457},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5696915984153748},{"id":"https://openalex.org/keywords/decision-tree","display_name":"Decision tree","score":0.5645880699157715},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.5614764094352722},{"id":"https://openalex.org/keywords/support-vector-machine","display_name":"Support vector machine","score":0.466399610042572},{"id":"https://openalex.org/keywords/metric","display_name":"Metric (unit)","score":0.42841532826423645},{"id":"https://openalex.org/keywords/pattern-recognition","display_name":"Pattern recognition (psychology)","score":0.3954886794090271},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3852027952671051},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.22547507286071777}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8129051327705383},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7757099866867065},{"id":"https://openalex.org/C52001869","wikidata":"https://www.wikidata.org/wiki/Q812530","display_name":"Naive Bayes classifier","level":3,"score":0.7098469734191895},{"id":"https://openalex.org/C141404830","wikidata":"https://www.wikidata.org/wiki/Q2823869","display_name":"AdaBoost","level":3,"score":0.6609116196632385},{"id":"https://openalex.org/C169258074","wikidata":"https://www.wikidata.org/wiki/Q245748","display_name":"Random forest","level":2,"score":0.600560188293457},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5696915984153748},{"id":"https://openalex.org/C84525736","wikidata":"https://www.wikidata.org/wiki/Q831366","display_name":"Decision tree","level":2,"score":0.5645880699157715},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5614764094352722},{"id":"https://openalex.org/C12267149","wikidata":"https://www.wikidata.org/wiki/Q282453","display_name":"Support vector machine","level":2,"score":0.466399610042572},{"id":"https://openalex.org/C176217482","wikidata":"https://www.wikidata.org/wiki/Q860554","display_name":"Metric (unit)","level":2,"score":0.42841532826423645},{"id":"https://openalex.org/C153180895","wikidata":"https://www.wikidata.org/wiki/Q7148389","display_name":"Pattern recognition (psychology)","level":2,"score":0.3954886794090271},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3852027952671051},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.22547507286071777},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.0},{"id":"https://openalex.org/C21547014","wikidata":"https://www.wikidata.org/wiki/Q1423657","display_name":"Operations management","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3196494.3196515","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3196494.3196515","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2018 on Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Life in Land","id":"https://metadata.un.org/sdg/15","score":0.4000000059604645}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":28,"referenced_works":["https://openalex.org/W1522250664","https://openalex.org/W1680392829","https://openalex.org/W1988790447","https://openalex.org/W2034053858","https://openalex.org/W2036853599","https://openalex.org/W2060145807","https://openalex.org/W2108557980","https://openalex.org/W2113261561","https://openalex.org/W2119438786","https://openalex.org/W2134633067","https://openalex.org/W2138333440","https://openalex.org/W2140336868","https://openalex.org/W2150196852","https://openalex.org/W2156858199","https://openalex.org/W2166844173","https://openalex.org/W2170467352","https://openalex.org/W2172162418","https://openalex.org/W2176830056","https://openalex.org/W2292977173","https://openalex.org/W2319159802","https://openalex.org/W2514847810","https://openalex.org/W2566616266","https://openalex.org/W2602229646","https://openalex.org/W2766613627","https://openalex.org/W2950774332","https://openalex.org/W2997591727","https://openalex.org/W3021828053","https://openalex.org/W4239035626"],"related_works":["https://openalex.org/W4367336074","https://openalex.org/W2789583223","https://openalex.org/W4379620016","https://openalex.org/W3154045278","https://openalex.org/W3210764983","https://openalex.org/W4367335949","https://openalex.org/W4285162676","https://openalex.org/W4382052559","https://openalex.org/W3011239835","https://openalex.org/W3036529732"],"abstract_inverted_index":{"The":[0,198],"ever-increasing":[1],"prevalence":[2],"of":[3,10,60,97,148,151,180,192,200,225],"malware":[4,31,98,226,238,245],"has":[5],"led":[6],"to":[7,18,111,176],"the":[8,58,61,80,95,118,178,193,223],"explorations":[9],"various":[11,184],"detection":[12,99,149,181,227],"mechanisms.":[13],"Several":[14],"recent":[15],"works":[16],"propose":[17],"use":[19],"Hardware":[20],"Performance":[21],"Counters":[22],"(HPCs)":[23],"values":[24],"with":[25,237],"machine":[26],"learning":[27],"classification":[28],"models":[29,173,201],"for":[30],"detection.":[32,246],"HPCs":[33,86],"are":[34],"hardware":[35],"units":[36],"that":[37,78,116,190,232],"record":[38],"low-level":[39],"micro-architectural":[40,81,114],"behavior,":[41],"such":[42],"as":[43],"cache":[44],"hits/misses,":[45],"branch":[46],"(mis)prediction,":[47],"and":[48,75,91,129,143,166,208,217],"load/store":[49],"operations.":[50],"However,":[51],"this":[52,71],"information":[53,83],"does":[54],"not":[55],"reliably":[56],"capture":[57],"nature":[59],"application,":[62],"i.e.":[63],"whether":[64],"it":[65],"is":[66,211],"benign":[67],"or":[68],"malicious.":[69],"In":[70],"paper,":[72],"we":[73,230],"claim":[74],"experimentally":[76],"support":[77],"using":[79,100,106,228],"level":[82],"obtained":[84],"from":[85],"cannot":[87,240],"distinguish":[88],"between":[89],"benignware":[90,128,234],"malware.":[92],"We":[93,102,122,136,170],"evaluate":[94],"fidelity":[96],"HPCs.":[101],"perform":[103],"quantitative":[104],"analysis":[105,188],"Principal":[107],"Component":[108],"Analysis":[109],"(PCA)":[110],"systematically":[112],"select":[113],"events":[115],"have":[117],"most":[119],"predictive":[120],"powers.":[121],"then":[123],"run":[124],"1,924":[125],"programs,":[126],"962":[127,130],"malware,":[131],"on":[132],"our":[133,172],"experimental":[134],"setups.":[135],"achieve":[137],"83.39%,":[138],"84.84%,":[139],"83.59%,":[140],"75.01%,":[141],"78.75%,":[142],"14.32%":[144],"F1-score":[145,199],"(a":[146],"metric":[147],"rates)":[150],"Decision":[152],"Tree":[153],"(DT),":[154],"Random":[155],"Forest":[156],"(RF),":[157],"K":[158],"Nearest":[159],"Neighbors":[160],"(KNN),":[161],"Adaboost,":[162,206],"Neural":[163],"Net":[164],"(NN),":[165],"Naive":[167,209],"Bayes,":[168],"respectively.":[169,219],"cross-validate":[171],"1,000":[174],"times":[175],"show":[177,231],"distributions":[179],"rates":[182],"in":[183,202],"models.":[185],"Our":[186],"cross-validation":[187],"shows":[189],"many":[191],"experiments":[194],"produce":[195],"low":[196],"F1-scores.":[197],"DT,":[203],"RF,":[204],"KNN,":[205],"NN,":[207],"Bayes":[210],"80.22%,":[212,214],"81.29%,":[213],"70.32%,":[215],"35.66%,":[216],"9.903%,":[218],"To":[220],"further":[221],"highlight":[222],"incapability":[224],"HPCs,":[229],"one":[233],"(Notepad++)":[235],"infused":[236],"(ransomware)":[239],"be":[241],"detected":[242],"by":[243],"HPC-based":[244]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":11},{"year":2024,"cited_by_count":21},{"year":2023,"cited_by_count":16},{"year":2022,"cited_by_count":25},{"year":2021,"cited_by_count":17},{"year":2020,"cited_by_count":11},{"year":2019,"cited_by_count":9},{"year":2018,"cited_by_count":3}],"updated_date":"2026-04-20T07:46:08.049788","created_date":"2025-10-10T00:00:00"}