Techniques to detect malicious code running underlying a user interface are described. The software application is detected as potential malware if a mismatch is detected between the interface presented to the user and computations performed by the application that presents the user interface. A trained machine learning model is applied for such detection. With user permission, a sequence of rendered images that represent the user interface and a sequence of execution traces sampled from computational operations performed by the application that presents the interface are provided as inputs the model. The model outputs a score indicative of appropriateness of the amount of computation for the user interface.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Cărbune, Victor and Damian, Alexandru, "Detecting malware based on mismatch between user interface and computation load", Technical Disclosure Commons, (November 09, 2018)