Using Dtrace for Machine Learning Solutions in Malware Detection
Malware cannot be ignored today as evidenced by the havoc created by Wannacry[29], [12], [23]. Every day malicious actors are writing more intelligent malware. The attacks evolve as actors learn to evade detection techniques, which makes malware detection a pressing need. Research is being done on t...
Saved in:
Published in | 2020 11th International Conference on Computing, Communication and Networking Technologies (ICCCNT) pp. 1 - 7 |
---|---|
Main Authors | , , , , |
Format | Conference Proceeding |
Language | English |
Published |
IEEE
01.07.2020
|
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | Malware cannot be ignored today as evidenced by the havoc created by Wannacry[29], [12], [23]. Every day malicious actors are writing more intelligent malware. The attacks evolve as actors learn to evade detection techniques, which makes malware detection a pressing need. Research is being done on the Windows platform to detect malware in many forms[55], [54], [31]. In our work, we focus on detecting Windows malware. We use Dtrace[18], a dynamic tracing framework recently introduced in Windows, to collect system call information from an affected system. We are trying to expand the utility of Dtrace to detect malware. We process the collected system-call data to extract features and to create a dataset suitable for machine learning. Using machine learning, we build a decision tree classifier and show that the model can detect malware using the sequences of system-calls made by malicious processes. We obtained an f1 score of 91 with maintaining an even class distribution between the benign and malicious labels. |
---|---|
DOI: | 10.1109/ICCCNT49239.2020.9225633 |