S. Anandaram, Ashik Mathew, A. Jyothish, P. Vinod, F. Mercaldo
{"title":"捉迷藏游戏:分析环境中检测恶意样本的机器学习方法","authors":"S. Anandaram, Ashik Mathew, A. Jyothish, P. Vinod, F. Mercaldo","doi":"10.1145/3474124.3474211","DOIUrl":null,"url":null,"abstract":"In this work, we investigate whether malware understands the analysis environment. This analysis is carried out by executing a set of real malicious programs and benign samples on virtual and native machines. The result of execution is API sequence collected independently from virtual machines and host systems. In order to enhance the detection rate and accuracy, we have introduced four feature selection techniques. Thus, identified that feature reduction methods enhance the detection rate to a considerable extent. The experimental study depicted that while classifying malware and benign samples in virtual machines, most of the samples have misclassified, giving a clear indication that many malware samples remain dormant on identifying sandbox environment.","PeriodicalId":144611,"journal":{"name":"2021 Thirteenth International Conference on Contemporary Computing (IC3-2021)","volume":"115 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-08-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Hide and Seek Game: A Machine Learning Approach for Detecting Malicious Samples in Analysis Environment\",\"authors\":\"S. Anandaram, Ashik Mathew, A. Jyothish, P. Vinod, F. Mercaldo\",\"doi\":\"10.1145/3474124.3474211\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this work, we investigate whether malware understands the analysis environment. This analysis is carried out by executing a set of real malicious programs and benign samples on virtual and native machines. The result of execution is API sequence collected independently from virtual machines and host systems. In order to enhance the detection rate and accuracy, we have introduced four feature selection techniques. Thus, identified that feature reduction methods enhance the detection rate to a considerable extent. The experimental study depicted that while classifying malware and benign samples in virtual machines, most of the samples have misclassified, giving a clear indication that many malware samples remain dormant on identifying sandbox environment.\",\"PeriodicalId\":144611,\"journal\":{\"name\":\"2021 Thirteenth International Conference on Contemporary Computing (IC3-2021)\",\"volume\":\"115 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-08-05\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 Thirteenth International Conference on Contemporary Computing (IC3-2021)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3474124.3474211\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 Thirteenth International Conference on Contemporary Computing (IC3-2021)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3474124.3474211","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Hide and Seek Game: A Machine Learning Approach for Detecting Malicious Samples in Analysis Environment
In this work, we investigate whether malware understands the analysis environment. This analysis is carried out by executing a set of real malicious programs and benign samples on virtual and native machines. The result of execution is API sequence collected independently from virtual machines and host systems. In order to enhance the detection rate and accuracy, we have introduced four feature selection techniques. Thus, identified that feature reduction methods enhance the detection rate to a considerable extent. The experimental study depicted that while classifying malware and benign samples in virtual machines, most of the samples have misclassified, giving a clear indication that many malware samples remain dormant on identifying sandbox environment.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
