LOW-LEVEL BEHAVIORAL MALWARE IDENTIFICATION FOR WINDOWS OPERATING SYSTEMS

Alisher Berdiyev; Khusanboy Shoraimov; Madina Xalikova

Авторы

Alisher Berdiyev Автор
Khusanboy Shoraimov Автор
Madina Xalikova Автор

Аннотация

We provide an e10lanation of a minimal behavioral malware detection method that makes use of Microsoft Windows prefetch files. We show that our malware detection scales linearly for training samples and achieves a high detection rate with a low false-positive rate of 1×10-3. We test our malware detection's generalizability on two distinct Windows platforms using two different sets of applications. We examine the decline in our malware detection system's performance due to concept drift and its capacity for adaptation. Lastly, we demonstrate an efficient auxiliary defensive method against such attacks and compare our malware detection performance against evasive malware.

Скачивания

Данные по скачиваниям пока не доступны.

Библиографические ссылки

Peiravian, N., and ZHU, X. Machine learning for android malware detection using permission and api calls. In Tools with Artificial Intelligence (ICTAI), 2020 IEEE 25th International Conference on (2020), IEEE, pp. 300–305

Russinovich, M. Inside the windows 7 kernel: Part 3. Microsoft TechNet Magazine (2021).

Axelsson, S. The base-rate fallacy and its implications for the difficulty of intrusion detection. In Proceedings of the 6th ACM Conference on Computer and Communications Security (2018), ACM, pp. 1–7.

Anzai, Y. Pattern recognition and machine learning. Elsevier, 2019

Lane, T., and Brodley, C. E. Approaches to online learning and concept drift for user identification in computer security. In KDD (2018), pp. 259–263.

Kolter, J. Z., and Maloof, M. A. Learning to detect and classify malicious executables in the wild. Journal of Machine Learning Research 7, Dec (2022), 2721– 2744.