Skip to main content

Evaluation of System Features Used for Malware Detection

  • 477 Accesses

Part of the Lecture Notes in Networks and Systems book series (LNNS,volume 360)

Abstract

For the current detection of malware, automatic detection tools are widely used that apply machine learning techniques and algorithms. In these approaches, it is very important to define suitable features that are as significant as possible in order to distinguish samples from individual groups intended for training. However, when using these approaches in some domains, especially security, these features must also meet other requirements because behind the attacks and malicious applications is intelligence, i.e. human intelligence. For this reason, there is a high risk of modification of selected features, making them difficult or impossible to use these detection algorithms. In this paper, we have defined the requirements that we consider important when looking for suitable features. Based on these requirements we have also selected some features that meet these requirements. We aim to show the extent to which our selected proof-of-concept features also meet the additional requirements necessary for successful detection, such as significance and interpretability. We use ML methods to discriminate between malicious and benign codes based on these features. We achieved the accuracy between 98 and 99%, based on the ML methods used.

Keywords

  • Malware detection
  • System features
  • Machine learning

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-030-89912-7_4
  • Chapter length: 14 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   219.00
Price excludes VAT (USA)
  • ISBN: 978-3-030-89912-7
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   279.99
Price excludes VAT (USA)

References

  1. Balogh, Š., Mojžiš, J.: New direction for malware detection using system features. In: 2019 10th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS), vol. 1, pp. 176–183. IEEE (2019)

    Google Scholar 

  2. Volatility Foundation: The volatility framework. http://www.volatilityfoundation.org. Last Accessed 27 Feb 2021

  3. Barabosch, T., Bergmann, N., Dombeck, A., Padilla, E.: Quincy: detecting host-based code injection attacks in memory dumps. In: Polychronakis, M., Meier, M. (eds.) 14th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pp. 209–229. Springer, Cham (2017)

    CrossRef  Google Scholar 

  4. Pék, G., Lázár, Z., Várnagy, Z., Félegyházi, M., Buttyán, L.: Membrane: a posteriori detection of malicious code loading by memory paging analysis. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) 21st European Symposium on Research in Computer Security, pp. 199–216. Springer, Cham (2016)

    Google Scholar 

  5. Monnappa, K.A.: Detecting deceptive process hollowing techniques Usind Hollowfind volatility plugin. https://cysinfo.com/detecting-deceptive-hollowing-techniques/. Last Accessed 27 Feb 2021

  6. Richard, G.G., III., Case, A.: In lieu of swap: analyzing compressed RAM in Mac OS X and Linux. Digit. Investig. 11(2), S3–S12 (2014)

    CrossRef  Google Scholar 

  7. Arefi, M.N., et al.: Faros: illuminating in-memory injection attacks via provenance-based whole-system dynamic information flow tracking. In: 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 231–242. IEEE (2018)

    Google Scholar 

  8. Barabosch, T., Eschweiler, S., Gerhards-Padilla, E.: Bee master: detecting host-based code injection attacks. In: Dietrich, S. (ed.) 11th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pp. 235–254. Springer, Cham (2014)

    Google Scholar 

  9. Ahmad, A., Dey, L.: A feature selection technique for classificatory analysis. Pattern Recognit. Lett. 26(1), 43–56

    Google Scholar 

  10. Ucci, D., Aniello, L., Baldoni, R.: Survey of machine learning techniques for malware analysis. Comput. Secur. 81, 123–147 (2019)

    CrossRef  Google Scholar 

  11. Ye, Y., Li, T., Adjeroh, D., Iyengar, S.S.: A survey on malware detection using data mining techniques. ACM Comput. Surv. (CSUR) 50(3), 1–40 (2017)

    CrossRef  Google Scholar 

  12. Mehta, M., Rissanen, J., Agrawal, R.: MDL-based decision tree pruning. In: Fayyad, U., Uthurusamy, R. (eds.) KDD 1995: Proceedings of the First International Conference on Knowledge Discovery and Data Mining (KDD), vol. 21, no. 2, pp. 216–221. AAAI Press (1995)

    Google Scholar 

  13. Marsland, S.: Machine Learning: An Algorithmic Perspective, Part 6: Dimensionality Reduction. CRC Press (2009)

    Google Scholar 

Download references

Acknowledgment

This work was supported by research grants VEGA 2/0155/19 and APVV-19-0220.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Štefan Balogh .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Balogh, Š., Mojžiš, J., Krammer, P. (2022). Evaluation of System Features Used for Malware Detection. In: Arai, K. (eds) Proceedings of the Future Technologies Conference (FTC) 2021, Volume 3. FTC 2021. Lecture Notes in Networks and Systems, vol 360. Springer, Cham. https://doi.org/10.1007/978-3-030-89912-7_4

Download citation