Abstract—At present, antivirus software backed by database of virus signatures is the most popular solution to malware detection problem. Even though its shortfalls are well-known - it requires large database that needs to be updated constantly and it is vulnerable to zero-day exploit - the security community has not successfully come up with better alternatives to it. However, the advent of multicores allows us to revisit this problem and look for alternatives that were deemed inefficient with previous generations of hardware.

This paper proposes lightweight analysis and dynamic execution schemes that scan objects allocated in the main memory to look for signals that are indicative of malware. Separate threads are spawn or woken up to perform the scanning tasks whenever the applications allocate objects in memory. Extra CPU cores can execute these threads in parallel, providing close to ideal speedup. Our solution obviates the need for database and can protect against zero-day exploit. We show that our dynamic analysis approach incurs low overhead, offers attractive false positive rate, and maintains zero false negative rate by design.