Malware Detection Using Machine Learning Algorithms Based on Hardware Performance Counters: Analysis and Simulation

In the last decade, Hardware Performance Counters (HPCs) events are increasingly used by Machine Learning (ML) algorithms for malware detection. Modern processors provide a variety of HPCs to measure and monitor processes' events such as memory accesses, instructions, etc. during their execution. In this paper, an analysis study to categorize the machine learning algorithms based on HPCs that have been used for malware detection is introduced. Besides, the most efficient and effective features of HPCs that have been exploited to recognize the abnormal activities on various systems are identified. Furthermore, the Neural Network (NN) algorithms including Multi-Layer Perceptron (MLP), Convolutional Neural Network (CNN), and Full Order Radial Basis Function (RBF) algorithms are used to simulate several experiments from the literature. The simulation results show that the accuracy of MLP, CNN, and Full Order RBF are 96.95%, 98.22%, and 98.68%, respectively.