Title | Insights into Malware Detection via Behavioral Frequency Analysis Using Machine Learning |
Publication Type | Conference Paper |
Year of Publication | 2019 |
Authors | Walker, Aaron, Sengupta, Shamik |
Conference Name | MILCOM 2019 - 2019 IEEE Military Communications Conference (MILCOM) |
Keywords | Analytical models, application program interfaces, behavioral frequency analysis, benign software, common defenses, common malware defenses, dynamic analysis, dynamic behavioral analysis, Human Behavior, invasive software, known malware, learning (artificial intelligence), machine learning, machine learning algorithms, machine learning models, malicious activity, malicious software, Malware, malware analysis, Malware Behavioral Analysis, malware detection, malware signature classifier, malware threat landscape, Metrics, Microsoft Windows, Microsoft Windows (operating systems), pattern classification, Predictive Metrics, privacy, pubcrawl, Resiliency, signature catalog, Software algorithms, unknown malware, Windows API system function calls, Zero-Day, zero-day vulnerabilities |
Abstract | The most common defenses against malware threats involves the use of signatures derived from instances of known malware. However, the constant evolution of the malware threat landscape necessitates defense against unknown malware, making a signature catalog of known threats insufficient to prevent zero-day vulnerabilities from being exploited. Recent research has applied machine learning approaches to identify malware through artifacts of malicious activity as observed through dynamic behavioral analysis. We have seen that these approaches mimic common malware defenses by simply offering a method of detecting known malware. We contribute a new method of identifying software as malicious or benign through analysis of the frequency of Windows API system function calls. We show that this is a powerful technique for malware detection because it generates learning models which understand the difference between malicious and benign software, rather than producing a malware signature classifier. We contribute a method of systematically comparing machine learning models against different datasets to determine their efficacy in accurately distinguishing the difference between malicious and benign software. |
DOI | 10.1109/MILCOM47813.2019.9021034 |
Citation Key | walker_insights_2019 |