{"id":"https://openalex.org/W3206885183","doi":"https://doi.org/10.3390/cryptography5040028","title":"Towards Accurate Run-Time Hardware-Assisted Stealthy Malware Detection: A Lightweight, yet Effective Time Series CNN-Based Approach","display_name":"Towards Accurate Run-Time Hardware-Assisted Stealthy Malware Detection: A Lightweight, yet Effective Time Series CNN-Based Approach","publication_year":2021,"publication_date":"2021-10-17","ids":{"openalex":"https://openalex.org/W3206885183","doi":"https://doi.org/10.3390/cryptography5040028","mag":"3206885183"},"language":"en","primary_location":{"id":"doi:10.3390/cryptography5040028","is_oa":true,"landing_page_url":"https://doi.org/10.3390/cryptography5040028","pdf_url":"https://www.mdpi.com/2410-387X/5/4/28/pdf?version=1634789758","source":{"id":"https://openalex.org/S4210223320","display_name":"Cryptography","issn_l":"2410-387X","issn":["2410-387X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Cryptography","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://www.mdpi.com/2410-387X/5/4/28/pdf?version=1634789758","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5080844858","display_name":"Hossein Sayadi","orcid":"https://orcid.org/0000-0001-6423-0145"},"institutions":[{"id":"https://openalex.org/I59897056","display_name":"California State University, Long Beach","ror":"https://ror.org/0080fxk18","country_code":"US","type":"education","lineage":["https://openalex.org/I59897056"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Hossein Sayadi","raw_affiliation_strings":["Department of Computer Engineering and Computer Science, California State University, Long Beach, CA 90840, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Engineering and Computer Science, California State University, Long Beach, CA 90840, USA","institution_ids":["https://openalex.org/I59897056"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5025224867","display_name":"Yifeng Gao","orcid":"https://orcid.org/0000-0002-0629-050X"},"institutions":[{"id":"https://openalex.org/I2802326326","display_name":"The University of Texas Rio Grande Valley","ror":"https://ror.org/02p5xjf12","country_code":"US","type":"education","lineage":["https://openalex.org/I2802326326"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yifeng Gao","raw_affiliation_strings":["Department of Computer Science, University of Texas Rio Grande Valley, McAllen, TX 78504, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of Texas Rio Grande Valley, McAllen, TX 78504, USA","institution_ids":["https://openalex.org/I2802326326"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5044003457","display_name":"Hosein Mohammadi Makrani","orcid":"https://orcid.org/0000-0002-5088-8728"},"institutions":[{"id":"https://openalex.org/I84218800","display_name":"University of California, Davis","ror":"https://ror.org/05rrcem69","country_code":"US","type":"education","lineage":["https://openalex.org/I84218800"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Hosein Mohammadi Makrani","raw_affiliation_strings":["Department of Electrical and Computer Engineering, University of California, Davis, CA 95616, USA"],"affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering, University of California, Davis, CA 95616, USA","institution_ids":["https://openalex.org/I84218800"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101558875","display_name":"Jessica Lin","orcid":"https://orcid.org/0000-0002-4887-0692"},"institutions":[{"id":"https://openalex.org/I162714631","display_name":"George Mason University","ror":"https://ror.org/02jqj7156","country_code":"US","type":"education","lineage":["https://openalex.org/I162714631"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jessica Lin","raw_affiliation_strings":["Department of Computer Science, George Mason University, Fairfax, VA 22030, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, George Mason University, Fairfax, VA 22030, USA","institution_ids":["https://openalex.org/I162714631"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5080860698","display_name":"Paulo Costa","orcid":"https://orcid.org/0000-0002-8280-1551"},"institutions":[{"id":"https://openalex.org/I162714631","display_name":"George Mason University","ror":"https://ror.org/02jqj7156","country_code":"US","type":"education","lineage":["https://openalex.org/I162714631"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Paulo Cesar Costa","raw_affiliation_strings":["Department of Systems Engineering and Operations Research, George Mason University, Fairfax, VA 22030, USA"],"affiliations":[{"raw_affiliation_string":"Department of Systems Engineering and Operations Research, George Mason University, Fairfax, VA 22030, USA","institution_ids":["https://openalex.org/I162714631"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103033046","display_name":"Setareh Rafatirad","orcid":"https://orcid.org/0000-0003-2035-8512"},"institutions":[{"id":"https://openalex.org/I84218800","display_name":"University of California, Davis","ror":"https://ror.org/05rrcem69","country_code":"US","type":"education","lineage":["https://openalex.org/I84218800"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Setareh Rafatirad","raw_affiliation_strings":["Department of Computer Science, University of California, Davis, CA 95616, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of California, Davis, CA 95616, USA","institution_ids":["https://openalex.org/I84218800"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5047382437","display_name":"Houman Homayoun","orcid":"https://orcid.org/0000-0001-8904-4699"},"institutions":[{"id":"https://openalex.org/I84218800","display_name":"University of California, Davis","ror":"https://ror.org/05rrcem69","country_code":"US","type":"education","lineage":["https://openalex.org/I84218800"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Houman Homayoun","raw_affiliation_strings":["Department of Electrical and Computer Engineering, University of California, Davis, CA 95616, USA"],"affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering, University of California, Davis, CA 95616, USA","institution_ids":["https://openalex.org/I84218800"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5080844858"],"corresponding_institution_ids":["https://openalex.org/I59897056"],"apc_list":{"value":1600,"currency":"CHF","value_usd":1732},"apc_paid":{"value":1600,"currency":"CHF","value_usd":1732},"fwci":3.5392,"has_fulltext":false,"cited_by_count":28,"citation_normalized_percentile":{"value":0.93763426,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":97,"max":99},"biblio":{"volume":"5","issue":"4","first_page":"28","last_page":"28"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9965000152587891,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9914000034332275,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.9262608289718628},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8497517704963684},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4894067347049713},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.4649656414985657},{"id":"https://openalex.org/keywords/cryptovirology","display_name":"Cryptovirology","score":0.43900057673454285},{"id":"https://openalex.org/keywords/convolutional-neural-network","display_name":"Convolutional neural network","score":0.4294931888580322},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.342451274394989},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.3270608186721802},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.32233887910842896}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.9262608289718628},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8497517704963684},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4894067347049713},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.4649656414985657},{"id":"https://openalex.org/C84525096","wikidata":"https://www.wikidata.org/wiki/Q3506050","display_name":"Cryptovirology","level":3,"score":0.43900057673454285},{"id":"https://openalex.org/C81363708","wikidata":"https://www.wikidata.org/wiki/Q17084460","display_name":"Convolutional neural network","level":2,"score":0.4294931888580322},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.342451274394989},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.3270608186721802},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.32233887910842896}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.3390/cryptography5040028","is_oa":true,"landing_page_url":"https://doi.org/10.3390/cryptography5040028","pdf_url":"https://www.mdpi.com/2410-387X/5/4/28/pdf?version=1634789758","source":{"id":"https://openalex.org/S4210223320","display_name":"Cryptography","issn_l":"2410-387X","issn":["2410-387X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Cryptography","raw_type":"journal-article"},{"id":"pmh:oai:scholarworks.utrgv.edu:cs_fac-1077","is_oa":true,"landing_page_url":"https://scholarworks.utrgv.edu/cs_fac/78","pdf_url":null,"source":{"id":"https://openalex.org/S4306402611","display_name":"ScholarWorks @ UTRGV (The University of Texas Rio Grande Valley)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I2802326326","host_organization_name":"The University of Texas Rio Grande Valley","host_organization_lineage":["https://openalex.org/I2802326326"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Computer Science Faculty Publications and Presentations","raw_type":"text"},{"id":"pmh:oai:doaj.org/article:072756c571b64721bd057df314124135","is_oa":true,"landing_page_url":"https://doaj.org/article/072756c571b64721bd057df314124135","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Cryptography, Vol 5, Iss 4, p 28 (2021)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.3390/cryptography5040028","is_oa":true,"landing_page_url":"https://doi.org/10.3390/cryptography5040028","pdf_url":"https://www.mdpi.com/2410-387X/5/4/28/pdf?version=1634789758","source":{"id":"https://openalex.org/S4210223320","display_name":"Cryptography","issn_l":"2410-387X","issn":["2410-387X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Cryptography","raw_type":"journal-article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.44999998807907104}],"awards":[],"funders":[],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3206885183.pdf","grobid_xml":"https://content.openalex.org/works/W3206885183.grobid-xml"},"referenced_works_count":64,"referenced_works":["https://openalex.org/W119403003","https://openalex.org/W191098608","https://openalex.org/W1528765510","https://openalex.org/W1571989395","https://openalex.org/W1686420892","https://openalex.org/W1968354112","https://openalex.org/W1971139551","https://openalex.org/W1977177161","https://openalex.org/W1978371851","https://openalex.org/W1984674851","https://openalex.org/W1990649188","https://openalex.org/W2026909728","https://openalex.org/W2034053858","https://openalex.org/W2036853599","https://openalex.org/W2058315483","https://openalex.org/W2088503757","https://openalex.org/W2111216264","https://openalex.org/W2112731379","https://openalex.org/W2124523382","https://openalex.org/W2132874238","https://openalex.org/W2138471478","https://openalex.org/W2145969515","https://openalex.org/W2166844173","https://openalex.org/W2167671111","https://openalex.org/W2187089797","https://openalex.org/W2194775991","https://openalex.org/W2237307454","https://openalex.org/W2288074780","https://openalex.org/W2292977173","https://openalex.org/W2315350509","https://openalex.org/W2344380211","https://openalex.org/W2397610501","https://openalex.org/W2402972623","https://openalex.org/W2508317201","https://openalex.org/W2551393996","https://openalex.org/W2593874664","https://openalex.org/W2594364040","https://openalex.org/W2602229646","https://openalex.org/W2612343211","https://openalex.org/W2625408821","https://openalex.org/W2754051771","https://openalex.org/W2772616816","https://openalex.org/W2772687287","https://openalex.org/W2781484049","https://openalex.org/W2791899846","https://openalex.org/W2799590445","https://openalex.org/W2807415350","https://openalex.org/W2809457377","https://openalex.org/W2890774642","https://openalex.org/W2893549539","https://openalex.org/W2932551155","https://openalex.org/W2945027786","https://openalex.org/W2945097383","https://openalex.org/W2950774332","https://openalex.org/W2963265635","https://openalex.org/W2998010409","https://openalex.org/W3046195620","https://openalex.org/W3083161653","https://openalex.org/W3083702481","https://openalex.org/W4234423918","https://openalex.org/W4238295473","https://openalex.org/W4242127608","https://openalex.org/W4247881240","https://openalex.org/W6772859542"],"related_works":["https://openalex.org/W4256304280","https://openalex.org/W4249009605","https://openalex.org/W2900526031","https://openalex.org/W2395100307","https://openalex.org/W2909615516","https://openalex.org/W3183826413","https://openalex.org/W4243179955","https://openalex.org/W3205001643","https://openalex.org/W2557742076","https://openalex.org/W2968504645"],"abstract_inverted_index":{"According":[0],"to":[1,22,51,75,127,171,177,201,245,333],"recent":[2,158],"security":[3,25],"analysis":[4,254],"reports,":[5],"malicious":[6,79,101,133],"software":[7],"(a.k.a.":[8],"malware)":[9],"is":[10,135,218,263],"rising":[11],"at":[12,88,118,185,207,305],"an":[13,47],"alarming":[14],"rate":[15],"in":[16,131,160,237,266],"numbers,":[17],"complexity,":[18],"and":[19,55,140,242,325,335],"harmful":[20,128],"purposes":[21],"compromise":[23],"the":[24,53,173,179,186,212,248,272,293,319],"of":[26,58,78,157,181,250,295,322],"modern":[27],"computer":[28],"systems.":[29],"Recently,":[30],"malware":[31,116,125,145,162,174,183,205,260,269,279,301],"detection":[32,61,146,163,184,261,309,320],"based":[33,219],"on":[34,69,99,220,311],"low-level":[35],"hardware":[36,188],"features":[37],"(e.g.,":[38],"Hardware":[39],"Performance":[40],"Counters":[41],"(HPCs)":[42],"information)":[43],"has":[44],"emerged":[45],"as":[46,106],"effective":[48,94,265],"alternative":[49],"solution":[50],"address":[52,178],"complexity":[54],"performance":[56,310,321],"overheads":[57],"traditional":[59,144],"software-based":[60],"methods.":[62],"Hardware-assisted":[63],"Malware":[64],"Detection":[65],"(HMD)":[66],"techniques":[67,170],"depend":[68],"standard":[70,168],"Machine":[71],"Learning":[72],"(ML)":[73],"classifiers":[74],"detect":[76,172,203],"signatures":[77],"applications":[80,102,139],"by":[81,143,331],"monitoring":[82],"built-in":[83],"HPC":[84,215,274,316],"registers":[85],"during":[86,110],"execution":[87],"run-time.":[89],"Prior":[90],"HMD":[91,324],"methods":[92,262,330],"though":[93],"have":[95,166],"limited":[96],"their":[97],"study":[98],"detecting":[100,114,267],"that":[103,165,231,256,291],"are":[104],"spawned":[105],"a":[107,121,154,193,221],"separate":[108],"thread":[109],"application":[111],"execution,":[112],"hence":[113],"stealthy":[115,182,204,251,268,300],"patterns":[117],"run-time":[119,208,306],"remains":[120,141],"critical":[122],"challenge.":[123],"Stealthy":[124],"refers":[126],"cyber":[129],"attacks":[130],"which":[132],"code":[134],"hidden":[136],"within":[137],"benign":[138,283],"undetected":[142],"approaches.":[147],"In":[148],"this":[149],"paper,":[150],"we":[151,190],"first":[152],"present":[153],"comprehensive":[155],"review":[156],"advances":[159],"hardware-assisted":[161],"studies":[164],"used":[167],"ML":[169],"signatures.":[175],"Next,":[176],"challenge":[180],"processor\u2019s":[187],"level,":[189],"propose":[191],"StealthMiner,":[192],"novel":[194,297],"specialized":[195],"time":[196,223,239,327],"series":[197,224,240,328],"machine":[198],"learning-based":[199],"approach":[200],"accurately":[202,246],"trace":[206,249],"using":[209,257],"branch":[210],"instructions,":[211],"most":[213],"prominent":[214],"feature.":[216],"StealthMiner":[217],"lightweight":[222],"Fully":[225],"Convolutional":[226],"Neural":[227],"Network":[228],"(FCN)":[229],"model":[230],"automatically":[232],"identifies":[233],"potentially":[234],"contaminated":[235],"samples":[236,270],"HPC-based":[238],"data":[241,275],"utilizes":[243],"them":[244],"recognize":[247],"malware.":[252],"Our":[253],"demonstrates":[255],"state-of-the-art":[258,323],"ML-based":[259],"not":[264,276],"since":[271],"captured":[273],"only":[277,314],"represents":[278],"but":[280],"also":[281],"carries":[282],"applications\u2019":[284],"microarchitectural":[285],"data.":[286],"The":[287],"experimental":[288],"results":[289],"demonstrate":[290],"with":[292,307,313],"aid":[294],"our":[296],"intelligent":[298],"approach,":[299],"can":[302],"be":[303],"detected":[304],"94%":[308],"average":[312],"one":[315],"feature,":[317],"outperforming":[318],"general":[326],"classification":[329],"up":[332],"42%":[334],"36%,":[336],"respectively.":[337]},"counts_by_year":[{"year":2025,"cited_by_count":5},{"year":2024,"cited_by_count":11},{"year":2023,"cited_by_count":7},{"year":2022,"cited_by_count":5}],"updated_date":"2026-03-10T16:38:18.471706","created_date":"2025-10-10T00:00:00"}