HEAVEN: A Hardware-Enhanced AntiVirus ENgine to accelerate real-time, signature-based malware detection

作者：

Highlights：

• Real-time AntiViruses (AVs) become performance-prohibitive if purely implemented in software.

• A Hardware–Software collaborative AV might fully mitigate the overhead of real-time AV monitoring.

• Branch patterns might be used as fingerprint of known malicious code execution.

• The Branch Prediction Unit (BPU) might be instrumented to fingerprint applications without much redesign.

• Hardware-assisted Avs can support software updates to not break current AV’s operation modes.

摘要

•Real-time AntiViruses (AVs) become performance-prohibitive if purely implemented in software.•A Hardware–Software collaborative AV might fully mitigate the overhead of real-time AV monitoring.•Branch patterns might be used as fingerprint of known malicious code execution.•The Branch Prediction Unit (BPU) might be instrumented to fingerprint applications without much redesign.•Hardware-assisted Avs can support software updates to not break current AV’s operation modes.

论文关键词：Malware,Antivirus,Signatures,Branch prediction,Performance

论文评审过程：Received 24 October 2021, Revised 10 January 2022, Accepted 28 March 2022, Available online 6 April 2022, Version of Record 14 April 2022.

论文官网地址：https://doi.org/10.1016/j.eswa.2022.117083