Detection of Previously Unseen Malware using Memory Access Patterns Recorded Before the Entry Point

被引:1
|
作者
Banin, Sergii [1 ]
Dyrkolbotn, Geir Olav [1 ]
机构
[1] Norwegian Univ Sci & Technol, Dept Informat Secur & Commun Technol, Trondheim, Norway
来源
2020 IEEE INTERNATIONAL CONFERENCE ON BIG DATA (BIG DATA) | 2020年
关键词
information security; malware detection; low-level features; memory access patterns;
D O I
10.1109/BigData50022.2020.9377933
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
Recently it has been shown, that it is possible to detect malware based on the memory access patterns produced before executions reaches its Entry Point. In this paper, we investigate the usefulness of memory access patterns over time, i.e to what extent can machine learning algorithm trained on "old" data, detect new malware samples, that was not part of the training set and how does this performance change over time. During our experiments, we found that machine learning models trained on memory access patterns of older samples can provide both high accuracy and a high true positive rate for the period from several months to almost a year from the update of the model. We also perform a substantial analysis of our findings that may aid researchers who work with malware and Big Data.
引用
收藏
页码:2242 / 2253
页数:12
相关论文
共 50 条
  • [1] Malware Detection using Machine Learning Based Analysis of Virtual Memory Access Patterns
    Xu, Zhixing
    Ray, Sayak
    Subramanyan, Pramod
    Malik, Sharad
    [J]. PROCEEDINGS OF THE 2017 DESIGN, AUTOMATION & TEST IN EUROPE CONFERENCE & EXHIBITION (DATE), 2017, : 169 - 174
  • [2] TransNet: Unseen Malware Variants Detection Using Deep Transfer Learning
    Rong, Candong
    Gou, Gaopeng
    Cui, Mingxin
    Xiong, Gang
    Li, Zhen
    Guo, Li
    [J]. SECURITY AND PRIVACY IN COMMUNICATION NETWORKS (SECURECOMM 2020), PT II, 2020, 336 : 84 - 101
  • [3] An Unknown Malware Detection Using Execution Registry Access
    Kono, Kento
    Phomkeona, Sanouphab
    Okamura, Koji
    [J]. 2018 IEEE 42ND ANNUAL COMPUTER SOFTWARE AND APPLICATIONS CONFERENCE (COMPSAC 2018), VOL 2, 2018, : 487 - 491
  • [4] UMVD-FSL: Unseen Malware Variants Detection Using Few-Shot Learning
    Rong, Candong
    Gou, Gaopeng
    Hou, Chengshang
    Li, Zhen
    Xiong, Gang
    Guo, Li
    [J]. 2021 INTERNATIONAL JOINT CONFERENCE ON NEURAL NETWORKS (IJCNN), 2021,
  • [5] Automated malware detection using artifacts in forensic memory images
    Mosli, Rayan
    Li, Rui
    Yuan, Bo
    Pan, Yin
    [J]. 2016 IEEE SYMPOSIUM ON TECHNOLOGIES FOR HOMELAND SECURITY (HST), 2016,
  • [6] Android Malware Detection Using Machine Learning on Image Patterns
    Darus, Falai Mohd
    Salleh, Noor Azurati Alimad
    Ariffin, Aswami Fadillah Mohd
    [J]. PROCEEDINGS OF THE 2018 CYBER RESILIENCE CONFERENCE (CRC), 2018,
  • [7] Malware Detection Using Memory Analysis Data in Big Data Environment
    Dener, Murat
    Ok, Gokce
    Orman, Abdullah
    [J]. APPLIED SCIENCES-BASEL, 2022, 12 (17):
  • [8] Android Malware Detection using Multi-Flows and API Patterns
    Shen, Feng
    Del Vecchio, Justin
    Mohaisen, Aziz
    Ko, Steven Y.
    Ziarek, Lukasz
    [J]. MOBISYS'17: PROCEEDINGS OF THE 15TH ANNUAL INTERNATIONAL CONFERENCE ON MOBILE SYSTEMS, APPLICATIONS, AND SERVICES, 2017, : 171 - 171
  • [9] On the Detectability of Control Flow Using Memory Access Patterns
    Buhren, Robert
    Hetzelt, Felicitas
    Pirnay, Niklas
    [J]. PROCEEDINGS OF THE 3RD WORKSHOP ON SYSTEM SOFTWARE FOR TRUSTED EXECUTION (SYSTEX'18), 2018, : 48 - 53
  • [10] Using Deep-Learning-based Memory Analysis for Malware Detection in Cloud
    Li, Huhua
    Zhan, Dongyang
    Liu, Tianrui
    Ye, Lin
    [J]. 2019 IEEE 16TH INTERNATIONAL CONFERENCE ON MOBILE AD HOC AND SENSOR SYSTEMS WORKSHOPS (MASSW 2019), 2019, : 1 - 6
12345