This study introduces RT-HMD, a Hardware-based Malware Detector (HMD) for mobile devices, that refines malware representation in segmented time-series through a Multiple Instance Learning (MIL) approach. We address the mislabeling issue in real-time HMDs, where benign segments in malware time-series incorrectly inherit malware labels, leading to increased false positives. Utilizing the proposed Malicious Discriminative Score within the MIL framework, RT-HMD effectively identifies localized malware behaviors, thereby improving the predictive accuracy. Empirical analysis, using a hardware telemetry dataset collected from a mobile platform across 723 benign and 1033 malware samples, shows a 5% precision boost while maintaining recall, outperforming baselines affected by mislabeled benign segments.
翻译:本研究提出RT-HMD,一种面向移动设备的基于硬件的恶意软件检测器(HMD),通过多实例学习(MIL)方法优化分割时间序列中的恶意软件表征。我们解决了实时HMD中的误标问题——恶意软件时间序列中的良性片段错误继承恶意标签导致误报率上升。利用所提出的恶意判别分数,RT-HMD在MIL框架内有效识别局部恶意行为,从而提升预测精度。基于从移动平台收集的硬件遥测数据集(包含723个良性样本和1033个恶意样本)进行的实证分析表明,在保持召回率的前提下,精确率提升5%,性能优于受良性片段误标影响的基线模型。