Techniques to detect malicious code running underlying a user interface are described. The software application is detected as potential malware if a mismatch is detected between the interface presented to the user and computations performed by the application that presents the user interface. A trained machine learning model is applied for such detection. With user permission, a sequence of rendered images that represent the user interface and a sequence of execution traces sampled from computational operations performed by the application that presents the interface are provided as inputs the model. The model outputs a score indicative of appropriateness of the amount of computation for the user interface.

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.