Abstract
For the current detection of malware, automatic detection tools are widely used that apply machine learning techniques and algorithms. In these approaches, it is very important to define suitable features that are as significant as possible in order to distinguish samples from individual groups intended for training. However, when using these approaches in some domains, especially security, these features must also meet other requirements because behind the attacks and malicious applications is intelligence, i.e. human intelligence. For this reason, there is a high risk of modification of selected features, making them difficult or impossible to use these detection algorithms. In this paper, we have defined the requirements that we consider important when looking for suitable features. Based on these requirements we have also selected some features that meet these requirements. We aim to show the extent to which our selected proof-of-concept features also meet the additional requirements necessary for successful detection, such as significance and interpretability. We use ML methods to discriminate between malicious and benign codes based on these features. We achieved the accuracy between 98 and 99%, based on the ML methods used.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Balogh, Š., Mojžiš, J.: New direction for malware detection using system features. In: 2019 10th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS), vol. 1, pp. 176–183. IEEE (2019)
Volatility Foundation: The volatility framework. http://www.volatilityfoundation.org. Last Accessed 27 Feb 2021
Barabosch, T., Bergmann, N., Dombeck, A., Padilla, E.: Quincy: detecting host-based code injection attacks in memory dumps. In: Polychronakis, M., Meier, M. (eds.) 14th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pp. 209–229. Springer, Cham (2017)
Pék, G., Lázár, Z., Várnagy, Z., Félegyházi, M., Buttyán, L.: Membrane: a posteriori detection of malicious code loading by memory paging analysis. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) 21st European Symposium on Research in Computer Security, pp. 199–216. Springer, Cham (2016)
Monnappa, K.A.: Detecting deceptive process hollowing techniques Usind Hollowfind volatility plugin. https://cysinfo.com/detecting-deceptive-hollowing-techniques/. Last Accessed 27 Feb 2021
Richard, G.G., III., Case, A.: In lieu of swap: analyzing compressed RAM in Mac OS X and Linux. Digit. Investig. 11(2), S3–S12 (2014)
Arefi, M.N., et al.: Faros: illuminating in-memory injection attacks via provenance-based whole-system dynamic information flow tracking. In: 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 231–242. IEEE (2018)
Barabosch, T., Eschweiler, S., Gerhards-Padilla, E.: Bee master: detecting host-based code injection attacks. In: Dietrich, S. (ed.) 11th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pp. 235–254. Springer, Cham (2014)
Ahmad, A., Dey, L.: A feature selection technique for classificatory analysis. Pattern Recognit. Lett. 26(1), 43–56
Ucci, D., Aniello, L., Baldoni, R.: Survey of machine learning techniques for malware analysis. Comput. Secur. 81, 123–147 (2019)
Ye, Y., Li, T., Adjeroh, D., Iyengar, S.S.: A survey on malware detection using data mining techniques. ACM Comput. Surv. (CSUR) 50(3), 1–40 (2017)
Mehta, M., Rissanen, J., Agrawal, R.: MDL-based decision tree pruning. In: Fayyad, U., Uthurusamy, R. (eds.) KDD 1995: Proceedings of the First International Conference on Knowledge Discovery and Data Mining (KDD), vol. 21, no. 2, pp. 216–221. AAAI Press (1995)
Marsland, S.: Machine Learning: An Algorithmic Perspective, Part 6: Dimensionality Reduction. CRC Press (2009)
Acknowledgment
This work was supported by research grants VEGA 2/0155/19 and APVV-19-0220.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Balogh, Š., Mojžiš, J., Krammer, P. (2022). Evaluation of System Features Used for Malware Detection. In: Arai, K. (eds) Proceedings of the Future Technologies Conference (FTC) 2021, Volume 3. FTC 2021. Lecture Notes in Networks and Systems, vol 360. Springer, Cham. https://doi.org/10.1007/978-3-030-89912-7_4
Download citation
DOI: https://doi.org/10.1007/978-3-030-89912-7_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-89911-0
Online ISBN: 978-3-030-89912-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)