Abstract
Most Host Intrusion Detection Systems (HIDS) do not count with
memory evaluation capabilities, being that the reason why they
are not able to detect Advanced Volatile Threats, such as Fileless
Malware, which can only be detected via memory scans. In this
work, we propose HardCore, a signature based HIDS in hardware,
able to perform signature matching with no overhead to the endpoint
system. HardCore receives as input, at every memory write, a
cache line, outputting any matches against known fileless malware
present in the signature base. HardCore uses bloom filters and malware
clustering to operate, having its signature matrices divided to
obtain the gains originating from those implementation choices.
O Computer on the Beach é um evento técnico-científico que visa reunir profissionais, pesquisadores e acadêmicos da área de Computação, a fim de discutir as tendências de pesquisa e mercado da computação em suas mais diversas áreas.
