Skip to main content
Springer Nature Link
Log in

Malware Analysis with Machine Learning for Evaluating the Integrity of Mission Critical Devices

  • Conference paper
  • First Online:
Intelligent Computing (SAI 2020)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1230))

Included in the following conference series:

  • 739 Accesses

Abstract

The rapid evolution of technology in our society has brought great advantages, but at the same time it has increased cybersecurity threats. At the forefront of these threats is the proliferation of malware from traditional computing platforms to the rapidly expanding Internet-of-things. Our research focuses on the development of a malware detection system that strives for early detection as a means of mitigating the effects of the malware’s execution. The proposed scheme consists of a dual-stage detector providing malware detection for compromised devices in order to mitigate the devices malicious behavior. Furthermore, the framework analyzes task structure features as well as the system calls and memory access patterns made by a process to determine its validity and integrity. The proposed scheme uses all three approaches applying an ensemble technique to detect malware. In our work we evaluate these three malware detection strategies to determine their effectiveness and performance.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Aziz, A.S.A., Hassanien, A.E., Hanaf, S.E., Tolba, M.F.: Multi-layer hybrid machine learning techniques for anomalies detection and classification approach. In: 13th International Conference on Hybrid Intelligent Systems (HIS 2013), pp. 215–220, December 2013

    Google Scholar 

  2. Blokhin, K., Saxe, J., Mentis, D.: Malware similarity identification using call graph based system call subsequence features. In: 2013 IEEE 33rd International Conference on Distributed Computing Systems Workshops, pp. 6–10, July 2013

    Google Scholar 

  3. Cabrera, J.B.D., Lewis, L., Mehra, R.K.: Detection and classification of intrusions and faults using sequences of system calls. SIGMOD Rec. 30(4), 25–34 (2001)

    Article  Google Scholar 

  4. Canzanese, R., Mancoridis, S., Kam, M.: Run-time classification of malicious processes using system call analysis. In: 2015 10th International Conference on Malicious and Unwanted Software (MALWARE), pp. 21–28, October 2015

    Google Scholar 

  5. Canzanese, R., Mancoridis, S., Kam, M.: System call-based detection of malicious processes. In: 2015 IEEE International Conference on Software Quality, Reliability and Security, pp. 119–124, August 2015

    Google Scholar 

  6. Carbone, M., Cui, W., Lu, L., Lee, W., Peinado, M., Jiang, X.: Mapping kernel objects to enable systematic integrity checking. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS 2009, pp. 555–565. ACM, New York (2009)

    Google Scholar 

  7. Dolan-Gavitt, B., Srivastava, A., Traynor, P., Giffin, J.: Robust signatures for kernel data structures. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS 2009, pp. 566–577. ACM, New York (2009)

    Google Scholar 

  8. Dorj, E., Altangerel, E.: Anomaly detection approach using hidden Markov model. In: Ifost, vol. 2, pp. 141–144 (2013)

    Google Scholar 

  9. Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A.: A sense of self for Unix processes. In: Proceedings of the 1996 IEEE Symposium on Security and Privacy, SP 1996, p. 120. IEEE Computer Society, Washington, DC (1996)

    Google Scholar 

  10. Fuyong, Z., Tiezhu, Z.: Malware detection and classification based on n-grams attribute similarity. In: 2017 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC), vol. 1, pp. 793–796, July 2017

    Google Scholar 

  11. Houmansadr, A., Zonouz, S.A., Berthier, R.: A cloud-based intrusion detection and response system for mobile phones. In: Proceedings of the 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops, DSNW 2011, pp. 31–32. IEEE Computer Society, Washington, DC (2011)

    Google Scholar 

  12. Jain, A., Singh, A.K.: Integrated malware analysis using machine learning. In: 2017 2nd International Conference on Telecommunication and Networks (TEL-NET), pp. 1–8, August 2017

    Google Scholar 

  13. Jaiswal, M., Malik, Y., Jaafar, F.: Android gaming malware detection using system call analysis. In: 2018 6th International Symposium on Digital Forensic and Security (ISDFS), pp. 1–5, March 2018

    Google Scholar 

  14. Liu, S., Huang, H., Chen, Y.: A system call analysis method with MapReduce for malware detection. In: 2011 IEEE 17th International Conference on Parallel and Distributed Systems, pp. 631–637, December 2011

    Google Scholar 

  15. Rhee, J., Riley, R., Lin, Z., Jiang, X., Xu, D.: Data-centric OS kernel malware characterization. IEEE Trans. Inf. Forensics Secur. 9(1), 72–87 (2014)

    Article  Google Scholar 

  16. Rieck, K., Trinius, P., Willems, C., Holz, T.: Automatic analysis of malware behavior using machine learning. J. Comput. Secur. 19(4), 639–668 (2011)

    Article  Google Scholar 

  17. Shahzad, F., Bhatti, S., Shahzad, M., Farooq, M.: In-execution malware detection using task structures of Linux processes. In: 2011 IEEE International Conference on Communications (ICC), pp. 1–6, June 2011

    Google Scholar 

  18. Sun, L., Nakajima, T.: A lightweight kernel objects monitoring infrastructure for embedded systems. In: 2008 14th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications, pp. 55–60, August 2008

    Google Scholar 

  19. Upadhyay, H., Gohel, H., Pons, A., Lagos, L.: Virtual memory introspection framework for cyber threat detection in virtual environment. Adv. Sci. Technol. Eng. Syst. J. 3, 25–29 (2018)

    Article  Google Scholar 

  20. Upadhyay, H., Gohel, H.A., Pons, A., Lagos, L.: Windows virtualization architecture for cyber threats detection. In: 2018 1st International Conference on Data Intelligence and Security (ICDIS), pp. 119–122, April 2018

    Google Scholar 

  21. Xie, L., Zhang, X., Seifert, J.-P., Zhu, S.: pBMDS: a behavior-based malware detection system for cellphone devices, pp. 37–48, March 2010

    Google Scholar 

  22. Xin, K., Li, G., Qin, Z., Zhang, Q.: Malware detection in smartphone using hidden Markov model. In: 2012 Fourth International Conference on Multimedia Information Networking and Security, pp. 857–860, November 2012

    Google Scholar 

  23. Xu, Z., Ray, S., Subramanyan, P., Malik, S.: Malware detection using machine learning based analysis of virtual memory access patterns. In: Design, Automation Test in Europe Conference Exhibition (DATE) 2017, pp. 169–174, March 2017

    Google Scholar 

  24. Yuan, X.: PhD forum: deep learning-based real-time malware detection with multi-stage analysis. In: 2017 IEEE International Conference on Smart Computing (SMARTCOMP), pp. 1–2, May 2017

    Google Scholar 

  25. Zhao, K., Li, Q., Kang, J., Jiang, D., Hu, L.: Design and implementation of secure auditing system in Linux kernel. In: 2007 International Workshop on Anti-counterfeiting, Security and Identification (ASID), pp. 232–236, April 2007

    Google Scholar 

  26. Zhao, K., Zhang, D., Su, X., Li, W.: Fest: a feature extraction and selection tool for Android malware detection. In: 2015 IEEE Symposium on Computers and Communication (ISCC), pp. 714–720, July 2015

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Florida International University, Miami, FL, 33165, USA

    Robert Heras & Alexander Perez-Pons

Authors
  1. Robert Heras
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alexander Perez-Pons
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Robert Heras .

Editor information

Editors and Affiliations

  1. Faculty of Science and Engineering, Saga University, Saga, Japan

    Kohei Arai

  2. The Science and Information (SAI) Organization, Bradford, West Yorkshire, UK

    Supriya Kapoor

  3. The Science and Information (SAI) Organization, Bradford, West Yorkshire, UK

    Rahul Bhatia

Rights and permissions

Reprints and permissions

Copyright information

© 2020 This is a U.S. government work and not under copyright protection in the U.S.; foreign copyright protection may apply

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Heras, R., Perez-Pons, A. (2020). Malware Analysis with Machine Learning for Evaluating the Integrity of Mission Critical Devices. In: Arai, K., Kapoor, S., Bhatia, R. (eds) Intelligent Computing. SAI 2020. Advances in Intelligent Systems and Computing, vol 1230. Springer, Cham. https://doi.org/10.1007/978-3-030-52243-8_18

Download citation

Publish with us

Policies and ethics