Malware is the most significant threat to computer security. This paper aims to overview the malware detection field, focusing on the recent and promising hardware-based approach. This approach leverages the Hardware Performance Counters already available in modern processors and the power of Machine Learning, offering attractive advantages like resilience to disabling the protection, resilience to unknown malware, low complexity/overhead/cost, and run-time detection. The approach is deeply analyzed in light of a generic hardware-based detection framework. Some challenges related to the approach are presented: the necessary accuracy improvements, how to deal with the classification error, better correlating the hardware events behavior with the malware, and essential improvements on the hardware performance monitor.

翻译：恶意软件是对计算机安全最重大的威胁。本文旨在综述恶意软件检测领域的研究现状，重点关注近期具有发展前景的基于硬件的方法。该方法利用现代处理器中已有的硬件性能计数器和机器学习的能力，具有显著优势，如抵抗防护禁用、抵御未知恶意软件、低复杂度/开销/成本以及运行时检测。本文基于通用的硬件检测框架对该方法进行了深入分析，并提出了与该方法相关的一些挑战：必要的准确性提升、如何处理分类错误、更好地将硬件事件行为与恶意软件关联，以及硬件性能监控的关键改进。