Abstract:
Choosing the right features for the malware detection is a non-trivial problem because malware creators are still changing the techniques and procedures used in malware. ...Show MoreMetadata
Abstract:
Choosing the right features for the malware detection is a non-trivial problem because malware creators are still changing the techniques and procedures used in malware. If we use the features that can be easily modified without the impact on functionality, the detection system cannot be implemented in practice. With a small modification of data, a malware can bypass even more trained classifiers. The methods of detection are functional only for the types of malware groups for which we have a suitable sample for training. The ability to detect zero-day attacks and new malware groups is lost. As a hypothetical solution, it is suitable to find a features that would not have been obtained from the malware samples, but would be system-dependent, and cannot be easily modified without compromising the functionality of the system. These features should also describe the malware behavior well. Such features could also include system data obtained from the computer's memory. The aim of this work is to try to identify the features of the operating system and memory, which indicates the presence of malware activity in the system, also to verify their usage on order to malware detection.
Date of Conference: 18-21 September 2019
Date Added to IEEE Xplore: 05 December 2019
ISBN Information: