[Paper of the day][#9] Have you heard about #fileless #malware? Malware samples that operate solely from the memory, without a disk counterpart to be scanned. How to detect it? Constant memory scans are required. How to do it without causing overhead? What if the #Antivirus were moved to inside the memory controller? What if only scanned data were delivered for CPU execution? This is exactly what we propose in this paper. We propose a new #security fault to be added to the page fault mechanism to trigger AV scans on-demand when suspicious pages are about to be executed. Check it out!

Academic paper: https://dl.acm.org/doi/10.1145/3422575.3422775
Archived version: https://secret.inf.ufpr.br/papers/marcus_fileless.pdf