Nowhere to Hide - How HW Telemetry and ML Can Make Life Tough for Exploits

Explore advanced techniques for detecting malware and exploits using hardware telemetry and machine learning in this 50-minute RSA Conference talk. Delve into the details of building scalable, deployable runtime threat and anomaly detection solutions leveraging CPU telemetry. Learn about telemetry sources, feature selection, overhead management, and platform-specific design considerations. Gain insights into profiling exploits with performance monitoring events, classification pipelines, and identifying relevant events through information gain. Examine sample telemetry, feature mapping, and training pipelines for various detection environments. Discover additional CPU-based techniques, including signature detection and hardware-based anomaly detection using control flow tracing. Understand the evolution of malware detection technologies and how CPU telemetry can reveal even the most concealed malicious code at an instruction level.