Machine Learning Analysis of Memory Images for Process Characterization and Malware Detection

被引：0

作者：

Lyles, Seth ^{[1
]}

Desantis, Mark ^{[1
]}

Donaldson, John ^{[1
]}

Gallegos, Micaela ^{[1
]}

Nyholm, Hannah ^{[1
]}

Taylor, Claire ^{[1
]}

Monteith, Kristine ^{[1
]}

机构：

[1] Lawrence Livermore Natl Lab, Livermore, CA USA

来源：

52ND ANNUAL IEEE/IFIP INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS AND NETWORKS WORKSHOP VOLUME (DSN-W 2022) | 2022年

关键词：

D O I：

10.1109/DSN-W54100.2022.00035

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

As signature-based malware detection techniques mature, malware authors have been forced to leave fewer footprints on target machines. Malicious activity can be conducted by chaining together benign, built-in functions in subversive ways. Because the functions are native to the host system, attackers can slip under the radar of signature filtering tools such as YARA. To address this challenge, we utilize the Volatility memory forensics framework to measure and characterize typical in-memory behavior, then observe the deviations from normal use that may indicate a compromise. We demonstrate that processes have characteristic memory footprints, and that machine learning models can flag malicious behavior as anomalous.

引用

页码：162 / 169

页数：8

共 50 条

[31] Android Malware Detection Using Machine Learning
Droos, Ayat
Al-Mahadeen, Awss
Al-Harasis, Tasnim
Al-Attar, Rama
Ababneh, Mohammad
[J]. 2022 13TH INTERNATIONAL CONFERENCE ON INFORMATION AND COMMUNICATION SYSTEMS (ICICS), 2022, : 36 - 41
[32] Automatic malware classification and new malware detection using machine learning
Liu, Liu
Wang, Bao-sheng
Yu, Bo
Zhong, Qiu-xi
[J]. FRONTIERS OF INFORMATION TECHNOLOGY & ELECTRONIC ENGINEERING, 2017, 18 (09) : 1336 - 1347
[33] Automatic malware classification and new malware detection using machine learning
Liu Liu
Bao-sheng Wang
Bo Yu
Qiu-xi Zhong
[J]. Frontiers of Information Technology & Electronic Engineering, 2017, 18 : 1336 - 1347
[34] Automated machine learning for deep learning based malware detection
Brown, Austin
Gupta, Maanak
Abdelsalam, Mahmoud
[J]. COMPUTERS & SECURITY, 2024, 137
[35] A cost analysis of machine learning using dynamic runtime opcodes for malware detection
Carlin, Domhnall
O'Kane, Philip
Sezer, Sakir
[J]. COMPUTERS & SECURITY, 2019, 85 : 138 - 155
[36] Insights Into Malware Detection via Behavioral Frequency Analysis Using Machine Learning
Walker, Aaron
Sengupta, Shamik
[J]. MILCOM 2019 - 2019 IEEE MILITARY COMMUNICATIONS CONFERENCE (MILCOM), 2019,
[37] Machine learning based malware detection. How to balance memory footprint with model accuracy
Gavrilut, Dragons Teodor
Anton, Dan Gabriel
Popoiu, George
[J]. 2017 19TH INTERNATIONAL SYMPOSIUM ON SYMBOLIC AND NUMERIC ALGORITHMS FOR SCIENTIFIC COMPUTING (SYNASC 2017), 2017, : 232 - 238
[38] An Exploratory Analysis of Feature Selection for Malware Detection with Simple Machine Learning Algorithms
Rahman, Md Ashikur
Islam, Syful
Nugroho, Yusuf Sulistyo
Al Irsyadi, Fatah Yasin
Hossain, Md Javed
[J]. JOURNAL OF COMMUNICATIONS SOFTWARE AND SYSTEMS, 2023, 19 (03) : 207 - 219
[39] Using Deep-Learning-based Memory Analysis for Malware Detection in Cloud
Li, Huhua
Zhan, Dongyang
Liu, Tianrui
Ye, Lin
[J]. 2019 IEEE 16TH INTERNATIONAL CONFERENCE ON MOBILE AD HOC AND SENSOR SYSTEMS WORKSHOPS (MASSW 2019), 2019, : 1 - 6
[40] Automated malware detection using artifacts in forensic memory images
Mosli, Rayan
Li, Rui
Yuan, Bo
Pan, Yin
[J]. 2016 IEEE SYMPOSIUM ON TECHNOLOGIES FOR HOMELAND SECURITY (HST), 2016,

← 1 2 3 4 5 →