| dc.contributor.author | Banin, Sergii | |
| dc.contributor.author | Dyrkolbotn, Geir Olav | |
| dc.date.accessioned | 2021-03-30T08:55:56Z | |
| dc.date.available | 2021-03-30T08:55:56Z | |
| dc.date.created | 2021-03-23T17:35:15Z | |
| dc.date.issued | 2021 | |
| dc.identifier.isbn | 978-1-7281-6251-5 | |
| dc.identifier.uri | https://hdl.handle.net/11250/2736080 | |
| dc.description.abstract | Recently it has been shown, that it is possible to detect malware based on the memory access patterns produced before executions reaches its Entry Point. In this paper, we investigate the usefulness of memory access patterns over time, i.e to what extent can machine learning algorithm trained on “old” data, detect new malware samples, that was not part of the training set and how does this performance change over time. During our experiments, we found that machine learning models trained on memory access patterns of older samples can provide both high accuracy and a high true positive rate for the period from several months to almost a year from the update of the model. We also perform a substantial analysis of our findings that may aid researchers who work with malware and Big Data. | en_US |
| dc.language.iso | eng | en_US |
| dc.publisher | Institute of Electrical and Electronics Engineers (IEEE) | en_US |
| dc.relation.ispartof | 2020 IEEE International Conference on Big Data | |
| dc.title | Detection of Previously Unseen Malware using Memory Access Patterns Recorded Before the Entry Point | en_US |
| dc.type | Chapter | en_US |
| dc.description.version | acceptedVersion | en_US |
| dc.source.pagenumber | 2242-2253 | en_US |
| dc.identifier.doi | https://doi.org/10.1109/BigData50022.2020.9377933 | |
| dc.identifier.cristin | 1900368 | |
| dc.description.localcode | © 2020 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. | en_US |
| cristin.ispublished | true | |
| cristin.fulltext | postprint | |
| cristin.qualitycode | 1 | |
