This paper presents PHMon, a Programmable Hardware Monitoring system for enforcing flexible security policies using a match-action (match-event) pipeline.
Rossow et al provide a critique of the scientific method when performing dynamic analysis of malware and propose a number of guidelines to address pitfalls. This post summarises these guidelines.