A Malware Detection Approach Based on Feature Engineering and Behavior Analysis
Please use this identifier to cite or link to this item:
http://hdl.handle.net/10045/137642
Title: | A Malware Detection Approach Based on Feature Engineering and Behavior Analysis |
---|---|
Authors: | Torres, Manuel | Alvarez, Rafael | Cazorla, Miguel |
Research Group/s: | Robótica y Visión Tridimensional (RoViT) | Criptología y Seguridad Computacional |
Center, Department or Service: | Universidad de Alicante. Departamento de Ciencia de la Computación e Inteligencia Artificial |
Keywords: | Convolutional neural networks | Dataset | Machine learning | Malware |
Issue Date: | 25-Sep-2023 |
Publisher: | IEEE |
Citation: | IEEE Access. 2023, 11: 105355-105367. https://doi.org/10.1109/ACCESS.2023.3319093 |
Abstract: | Cybercriminals are constantly developing new techniques to circumvent the security measures implemented by experts and researchers, so malware is able to evolve very rapidly. In addition, detecting malware across multiple systems is a challenging problem because each computing environment has its own unique characteristics. Traditional techniques, such as signature-based malware detection, have been largely replaced by more modern approaches, such as machine learning and robust cross-platform behavior-based threat detection, as they have become less effective. Researchers employ these techniques across a variety of data sources, including network traffic, binaries, and behavioral data, to extract relevant features and feed them to models for accurate prediction. The aim of this research is to provide a novel dataset comprised of a substantial number of high-quality samples based on software behavior. Due to the lack of a standard representational format for malware behavior in current research, we also present an innovative method for representing malware behavior by converting API calls into 2D images, which builds on previous work. Additionally, we propose and describe the implementation of a new machine learning model based on binary classification (malware or benign software) using the previously mentioned novel dataset as its data source, thereby establishing an evaluation baseline. We have conducted extensive experimentation, validating the proposed model with both our novel dataset and real-world data. In terms of metrics, our proposed model outperforms a well-known model that is also based on behavior analysis and has a similar architecture. |
URI: | http://hdl.handle.net/10045/137642 |
ISSN: | 2169-3536 |
DOI: | 10.1109/ACCESS.2023.3319093 |
Language: | eng |
Type: | info:eu-repo/semantics/article |
Rights: | This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/ |
Peer Review: | si |
Publisher version: | https://doi.org/10.1109/ACCESS.2023.3319093 |
Appears in Collections: | INV - CSC - Artículos de Revistas INV - RoViT - Artículos de Revistas |
Files in This Item:
File | Description | Size | Format | |
---|---|---|---|---|
Torres_etal_2023_IEEEAccess.pdf | 1,64 MB | Adobe PDF | Open Preview | |
Items in RUA are protected by copyright, with all rights reserved, unless otherwise indicated.