Vis enkel innførsel

dc.contributor.authorBanin, Sergii
dc.contributor.authorShalaginov, Andrii
dc.contributor.authorFranke, Katrin
dc.date.accessioned2017-09-19T07:54:13Z
dc.date.available2017-09-19T07:54:13Z
dc.date.created2017-01-12T16:09:35Z
dc.date.issued2016
dc.identifier.citationNorsk Informasjonssikkerhetskonferanse (NISK). 2016, 96-107.nb_NO
dc.identifier.issn1893-6563
dc.identifier.urihttp://hdl.handle.net/11250/2455297
dc.description.abstractMalware brings significant threats to modern digitized society. Malware developers put in significant efforts to evade detection and remain unnoticed on victims' computers despite a number of malware detection techniques. To eliminate known and noticeable traces in memory, network or disk activities, they use encryption and obfuscation. Because of this, there remains a strong need for new malware detection methods, especially ones based on Machine Learning models, because processing of large amounts of data is not a suitable task for a human. This paper presents a novel method that could potentially detect zero-day attacks and contribute to proactive malware detection. Our method is based on analysis of sequences of memory access operations produced by binary le during execution. In order to perform experiments, we utilized an automated virtualized environment with binary instrumentation tools to trace the memory access sequences. Unlike the other relevant papers, we focus only on analysis of basic (Read and Write) memory access operations and their n-grams rather than on the fact of a presence or an overall number of operations. Additionally, we performed a study of n-grams of memory accesses and tested it against real-world malware samples collected from open sources. Collected data and proposed feature construction methods resulted in accuracy of up to 98.92% using such Machine Learning methods as k-NN and ANN. Thus, we believe that our proposed method will serve as a stepping stone for better proactive malware detection techniques in the future.nb_NO
dc.language.isoengnb_NO
dc.publisherNISKnb_NO
dc.relation.urihttp://ojs.bibsys.no/index.php/NISK/issue/view/36/showToc
dc.titleMemory access patterns for malware detectionnb_NO
dc.typeJournal articlenb_NO
dc.typePeer reviewednb_NO
dc.description.versionpublishedVersionnb_NO
dc.source.pagenumber96-107nb_NO
dc.source.journalNorsk Informasjonssikkerhetskonferanse (NISK)nb_NO
dc.identifier.cristin1426099
dc.description.localcodeOpen Access tidsskrift.nb_NO
cristin.unitcode194,18,21,80
cristin.unitnameNorwegian Information Security Lab
cristin.ispublishedtrue
cristin.fulltextoriginal
cristin.qualitycode1


Tilhørende fil(er)

Thumbnail

Denne innførselen finnes i følgende samling(er)

Vis enkel innførsel