Using Dtrace for Machine Learning Solutions in Malware Detection
| Autor: | Aiswarya Mohan K P, Vipin Pavithran, Gilad Gressel, Saranya Chandran, Arjun T U |
|---|---|
| Rok vydání: | 2020 |
| Předmět: |
Class (computer programming)
Focus (computing) Software_OPERATINGSYSTEMS business.industry Computer science Decision tree learning Process (computing) 020206 networking & telecommunications 02 engineering and technology Tracing computer.software_genre Machine learning ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS System call 0202 electrical engineering electronic engineering information engineering Malware 020201 artificial intelligence & image processing Artificial intelligence F1 score business computer |
| Zdroj: | ICCCNT |
| DOI: | 10.1109/icccnt49239.2020.9225633 |
| Popis: | Malware cannot be ignored today as evidenced by the havoc created by Wannacry[29], [12], [23]. Every day malicious actors are writing more intelligent malware. The attacks evolve as actors learn to evade detection techniques, which makes malware detection a pressing need. Research is being done on the Windows platform to detect malware in many forms[55], [54], [31]. In our work, we focus on detecting Windows malware. We use Dtrace[18], a dynamic tracing framework recently introduced in Windows, to collect system call information from an affected system. We are trying to expand the utility of Dtrace to detect malware. We process the collected system-call data to extract features and to create a dataset suitable for machine learning. Using machine learning, we build a decision tree classifier and show that the model can detect malware using the sequences of system-calls made by malicious processes. We obtained an f1 score of 91 with maintaining an even class distribution between the benign and malicious labels. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|