Malware System Calls Detection Using Hybrid System

2021 IEEE International Systems Conference (SysCon) Pub Date : 2021-04-15 DOI:10.1109/SysCon48628.2021.9447094

Y. Guan, Naser Ezzati-Jivan

{"title":"Malware System Calls Detection Using Hybrid System","authors":"Y. Guan, Naser Ezzati-Jivan","doi":"10.1109/SysCon48628.2021.9447094","DOIUrl":null,"url":null,"abstract":"Due to the rapid and continuous increase of network intrusion, the need to protect computer systems and underlying infrastructure becomes inevitable. Beside this, the systems have additionally gotten extremely intricate as they fill in both scale and usefulness;hence,intrusion/anomaly detection becomes essential. The intrusion or anomaly detection poses several challenges including data collections due to the inherent datasets imbalance, caused by systems’ reliability requirements causing the event of an anomaly a irregularity phenomenon. Therefore, only a small percentage of available datasets captures the anomaly, which brings in the second challenge, i.e, model selection, and a specific approach for detecting an anomaly. While much research has been concentrated on the data collection part and statistical techniques, the focus of this work is devoted to a multi-module system call anomalies detection technique. We propose a novel approach based on Long Short Term Memory(LSTM) and attention using transformers that can learn a sequence of a system call efficiently. Experimental results showed that the proposed deep learning model is 92.6% precise with a recall of 93.8% to classify the malicious process in the system.","PeriodicalId":384949,"journal":{"name":"2021 IEEE International Systems Conference (SysCon)","volume":"44 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-04-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE International Systems Conference (SysCon)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SysCon48628.2021.9447094","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

Due to the rapid and continuous increase of network intrusion, the need to protect computer systems and underlying infrastructure becomes inevitable. Beside this, the systems have additionally gotten extremely intricate as they fill in both scale and usefulness;hence,intrusion/anomaly detection becomes essential. The intrusion or anomaly detection poses several challenges including data collections due to the inherent datasets imbalance, caused by systems’ reliability requirements causing the event of an anomaly a irregularity phenomenon. Therefore, only a small percentage of available datasets captures the anomaly, which brings in the second challenge, i.e, model selection, and a specific approach for detecting an anomaly. While much research has been concentrated on the data collection part and statistical techniques, the focus of this work is devoted to a multi-module system call anomalies detection technique. We propose a novel approach based on Long Short Term Memory(LSTM) and attention using transformers that can learn a sequence of a system call efficiently. Experimental results showed that the proposed deep learning model is 92.6% precise with a recall of 93.8% to classify the malicious process in the system.

查看原文本刊更多论文

使用混合系统检测恶意软件系统调用

由于网络入侵的快速和持续增加，保护计算机系统和底层基础设施的需求成为必然。除此之外，系统还变得非常复杂，因为它们的规模和用途都很庞大;因此，入侵/异常检测变得至关重要。入侵或异常检测面临着一些挑战，包括由于数据集固有的不平衡，系统对可靠性的要求导致的异常事件或不规则现象的数据收集。因此，只有一小部分可用数据集捕捉到异常，这就带来了第二个挑战，即模型选择，以及检测异常的特定方法。以往的研究主要集中在数据采集部分和统计技术上，而本研究的重点是多模块系统异常检测技术。我们提出了一种基于长短期记忆(LSTM)和注意力的新方法，该方法使用变压器可以有效地学习系统调用的序列。实验结果表明，提出的深度学习模型对系统中的恶意进程进行分类，准确率为92.6%，召回率为93.8%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2021 IEEE International Systems Conference (SysCon)

自引率

0.00%

发文量