International Journal of Computer Science & Network Security

International Journal of Computer Science & Network Security (국제컴퓨터통신보호논문지학회)
권호 표지
DOI QR코드

DOI QR Code

Proposing a New Approach for Detecting Malware Based on the Event Analysis Technique

  • Vu Ngoc Son (Information Assurance dept. FPT University)
  • Received : 2023.12.05
  • Published : 2023.12.30
Download PDF
⟨ Previous Next ⟩

Abstract

The attack technique by the malware distribution form is a dangerous, difficult to detect and prevent attack method. Current malware detection studies and proposals are often based on two main methods: using sign sets and analyzing abnormal behaviors using machine learning or deep learning techniques. This paper will propose a method to detect malware on Endpoints based on Event IDs using deep learning. Event IDs are behaviors of malware tracked and collected on Endpoints' operating system kernel. The malware detection proposal based on Event IDs is a new research approach that has not been studied and proposed much. To achieve this purpose, this paper proposes to combine different data mining methods and deep learning algorithms. The data mining process is presented in detail in section 2 of the paper.

Keywords

References

  1. Yanfang Ye, Tao Li, Donald Adjeroh, S. Sitharama Iyengar, A survey on malware detection using data mining techniques, ACM Comput. Surv, 50, 2017. https://doi.org/10.1145/3073559. 
  2. Daniel Gibert, Carles Mateu, Jordi Planes, The rise of machine learning for detection and classification of malware: Research developments, trends and challenges, Journal of Network and Computer Applications, 153, pp. 1-22, 2020. 
  3. Ucci, Daniele & Aniello, Leonardo, Survey on the Usage of Machine Learning Techniques for Malware Analysis, Computers & Security, 81, 2017. https://doi.org/10.1016/j.cose.2018.11.001. 
  4. Sanjay Sharma, C. Rama Krishna, Sanjay K. Sahay, Detection of Advanced Malware by Machine Learning Techniques, 2019. arXiv:1903.02966. 
  5. Alireza Souri, Rahil Hosseini, A state‑of‑the‑art survey of malware detection approaches using data mining techniques, 8, no. 3, pp 1-22, 2018. https://doi.org/10.1186/s13673-018-0125-x. 
  6. Important Information Regarding Sandboxie Versions. https://www.sandboxie.com/. (Accessed on 26 August 2020) 
  7. Zhong Wei, Gu Feng, A Multi-Level Deep Learning System for Malware Detection, Expert Systems with Applications, 133, 2019. https://doi.org/10.1016/j.eswa.2019.04.064. 
  8. Fei Xiao, Zhaowen Lin, Yi Sun, Yan Ma, Malware Detection Based on Deep Learning of Behavior Graphs, Mathematical Problems in Engineering. https://doi.org/10.1155/2019/8195395 
  9. M. Fan, J. Liu, X. Luo et al., Android malware familial classification and representative sample selection via frequent subgraph analysis, IEEE Transactions on Information Forensics and Security, 13, no. 8, pp. 1890-1905, 2018. 
  10. Z. Lin, X. Fei, S. Yi, Y. Ma, C.-C. Xing, J. Huang, A secure encryption-based malware detection system, KSII Transactions on Internet and Information Systems, 12, no. 4, pp. 1799-1818, 2018. 
  11. B. Kolosnjaji, A. Zarras, G. Webster, and C. Eckert, Deep learning for classification of malware system call sequences, in proceedings of the Australasian Joint Conference on Artificial Intelligence, Lecture Notes in Comput. Sci., pp. 137-149,
  12. B. S. Abhishek and B. A. Prakash, Graphs for malware detection: the next frontier, in proceedings of the 13th International Workshop on Mining and Learning with Graphs (MLG), 2017.
  13. Endpoint Detection and Response Solutions Market-https://www.gartner.com/reviews/market/endpoint-detection-and-response-solutions. (Accessed on 26 August 2020). 
  14. Sysmon v10.42. https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon (Accessed on 26 August 2021). 
  15. Dhananjay Kimothi, Akshay Soni, Pravesh Biyani, James M. Hogan, Distributed Representations for Biological Sequence Analysis. arXiv:1608.05949v2. 
  16. Quoc V. Le, Tomas Mikolov, Distributed Representations of Sentences and Documents. arXiv:1405.4053. 
  17. Daniel Svozil, Vladimir Kvasnicka, Jiri Pospichal, Introduction to multi-layer feed-forward neural networks, Chemometrics and Intelligent Laboratory Systems, 39, no. 1, pp. 43-62, 1997 
  18. Keiron O'Shea, Ryan Nash, An Introduction to Convolutional Neural Networks. arXiv, arXiv:1511.08458. 
  19. Sepp Hochreiter, Jurgen Schmidhuber, Long Short-Term Memory, Neural Computation, 9, no. 8, pp. 1735 - 1780, 1997. 
  20. Malware hunting with live access to the heart of an incident. https://app.any.run/ (Accessed on 26 August 2021). 
  21. S. Tobiyama, Y. Yamaguchi, H. Shimada, T. Ikuse, T. Yagi, Malware Detection with Deep Neural Network Using Process Behavior, in proceedings of 2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC), pp. 577-582, 2016. https://doi.org/10.1109/COMPSAC.2016.151 
  22. Mehadi Hassen, Mehadi Hassen, Scalable Function Call Graph-based Malware Classification, in proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, pp. 239-248, 2017. https://doi.org/10.1145/3029806.3029824.