Using Dtrace for Machine Learning Solutions in Malware Detection

Malware cannot be ignored today as evidenced by the havoc created by Wannacry[29], [12], [23]. Every day malicious actors are writing more intelligent malware. The attacks evolve as actors learn to evade detection techniques, which makes malware detection a pressing need. Research is being done on t...

Full description

Saved in:
Bibliographic Details
Published in2020 11th International Conference on Computing, Communication and Networking Technologies (ICCCNT) pp. 1 - 7
Main Authors K P, Aiswarya Mohan, Chandran, Saranya, Gressel, Gilad, T U, Arjun, Pavithran, Vipin
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.07.2020
Subjects
Dtrace
Machine Learning
Malware Detection
Windows
Online AccessGet full text

Cover

More Information
Summary:Malware cannot be ignored today as evidenced by the havoc created by Wannacry[29], [12], [23]. Every day malicious actors are writing more intelligent malware. The attacks evolve as actors learn to evade detection techniques, which makes malware detection a pressing need. Research is being done on the Windows platform to detect malware in many forms[55], [54], [31]. In our work, we focus on detecting Windows malware. We use Dtrace[18], a dynamic tracing framework recently introduced in Windows, to collect system call information from an affected system. We are trying to expand the utility of Dtrace to detect malware. We process the collected system-call data to extract features and to create a dataset suitable for machine learning. Using machine learning, we build a decision tree classifier and show that the model can detect malware using the sequences of system-calls made by malicious processes. We obtained an f1 score of 91 with maintaining an even class distribution between the benign and malicious labels.
DOI:10.1109/ICCCNT49239.2020.9225633