基于取证和无监督机器学习方法的恶意软件检测框架

Proceedings of the 2020 9th International Conference on Software and Computer Applications Pub Date : 2020-02-18 DOI:10.1145/3384544.3384556

A. Irfan, A. Ariffin, M. N. Mahrin, Syahid Anuar

{"title":"基于取证和无监督机器学习方法的恶意软件检测框架","authors":"A. Irfan, A. Ariffin, M. N. Mahrin, Syahid Anuar","doi":"10.1145/3384544.3384556","DOIUrl":null,"url":null,"abstract":"The detection of malware intrusion requires the identification of its signature. However, it is a complex task due to the malware sophisticated ability to evade security mechanisms deployed by cybersecurity practitioners. Evasion is possible due to malware authors changing the malware signature using metamorphism or polymorphism tactics. Currently, it is necessary to formulate a malware detection method focusing on dynamic and automated malware analysis. Malware Indicator of Compromise (IOC) data analysis with machine learning can be used as a technique to obtain the malware signatures. This technical approach is practical as cyber-attacks using malware with new or changed signature are pandemic and remain undetected, therefore, a framework is needed to overcome this situation. Thus, this research proposed a malware detection framework based on forensic and unsupervised machine learning methodologies. The framework is experimented and proven in detecting malware by referring to the signature derived from the analysis. Furthermore, the framework can provide guidelines for cybersecurity practitioners to conduct threat hunting within their IT systems.","PeriodicalId":200246,"journal":{"name":"Proceedings of the 2020 9th International Conference on Software and Computer Applications","volume":"35 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A Malware Detection Framework Based on Forensic and Unsupervised Machine Learning Methodologies\",\"authors\":\"A. Irfan, A. Ariffin, M. N. Mahrin, Syahid Anuar\",\"doi\":\"10.1145/3384544.3384556\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The detection of malware intrusion requires the identification of its signature. However, it is a complex task due to the malware sophisticated ability to evade security mechanisms deployed by cybersecurity practitioners. Evasion is possible due to malware authors changing the malware signature using metamorphism or polymorphism tactics. Currently, it is necessary to formulate a malware detection method focusing on dynamic and automated malware analysis. Malware Indicator of Compromise (IOC) data analysis with machine learning can be used as a technique to obtain the malware signatures. This technical approach is practical as cyber-attacks using malware with new or changed signature are pandemic and remain undetected, therefore, a framework is needed to overcome this situation. Thus, this research proposed a malware detection framework based on forensic and unsupervised machine learning methodologies. The framework is experimented and proven in detecting malware by referring to the signature derived from the analysis. Furthermore, the framework can provide guidelines for cybersecurity practitioners to conduct threat hunting within their IT systems.\",\"PeriodicalId\":200246,\"journal\":{\"name\":\"Proceedings of the 2020 9th International Conference on Software and Computer Applications\",\"volume\":\"35 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-02-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2020 9th International Conference on Software and Computer Applications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3384544.3384556\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2020 9th International Conference on Software and Computer Applications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3384544.3384556","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

检测恶意软件入侵需要识别其签名。然而，由于恶意软件具有逃避网络安全从业者部署的安全机制的复杂能力，因此这是一项复杂的任务。由于恶意软件作者使用变形或多态性策略更改恶意软件签名，因此规避是可能的。目前，有必要制定一种以动态、自动化的恶意软件分析为重点的恶意软件检测方法。基于机器学习的IOC (Malware Indicator of Compromise)数据分析可以作为一种获取恶意软件签名的技术。这种技术方法是实用的，因为使用具有新签名或更改签名的恶意软件的网络攻击是普遍的，并且仍然未被发现，因此需要一个框架来克服这种情况。因此，本研究提出了一种基于取证和无监督机器学习方法的恶意软件检测框架。实验证明，该框架可以通过引用分析得出的签名来检测恶意软件。此外，该框架可以为网络安全从业者提供指导方针，以便在其IT系统中进行威胁搜索。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A Malware Detection Framework Based on Forensic and Unsupervised Machine Learning Methodologies

The detection of malware intrusion requires the identification of its signature. However, it is a complex task due to the malware sophisticated ability to evade security mechanisms deployed by cybersecurity practitioners. Evasion is possible due to malware authors changing the malware signature using metamorphism or polymorphism tactics. Currently, it is necessary to formulate a malware detection method focusing on dynamic and automated malware analysis. Malware Indicator of Compromise (IOC) data analysis with machine learning can be used as a technique to obtain the malware signatures. This technical approach is practical as cyber-attacks using malware with new or changed signature are pandemic and remain undetected, therefore, a framework is needed to overcome this situation. Thus, this research proposed a malware detection framework based on forensic and unsupervised machine learning methodologies. The framework is experimented and proven in detecting malware by referring to the signature derived from the analysis. Furthermore, the framework can provide guidelines for cybersecurity practitioners to conduct threat hunting within their IT systems.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 2020 9th International Conference on Software and Computer Applications

自引率

0.00%

发文量