Home // SECURWARE 2017, The Eleventh International Conference on Emerging Security Information, Systems and Technologies // View article

A Context-Aware Malware Detection Based on Low-Level Hardware Indicators as a Last Line of Defense

Authors:
Alireza Sadighian
Jean-Marc Robert
Saeed Sarencheh
Souradeep Basu

Keywords: Malware Detection; Low-level Indicators; Context- Aware; Machine Learning; Time-Series Analysis; Ontologies

Abstract:
Malware detection is a very challenging task. Over the years, numerous approaches have been proposed: signature-based, anomaly-based, application-based, host-based and network-based solutions. One avenue that has been less considered is detecting malware by monitoring of low-level resources consumption (e.g., CPU, memory, network bandwidth, etc.). This can be considered as a last-line of defense. When everything else has failed, the monitoring of resources consumption may detect abnormal behaviors in realtime. This paper presents a context-aware malware detection approach that use semi-supervised machine learning and time-series analysis techniques in order to inspect the impact of ongoing events on the low-level indicators. In order to improve the systems automation and adaptability with various contexts, we have designed a context ontology that facilitates information representation, storage and retrieval. The proposed malware detection approach is complementary to the current malware detectors.

Pages: 10 to 19

Copyright: Copyright (c) IARIA, 2017

Publication date: September 10, 2017

Published in: conference

ISSN: 2162-2116

ISBN: 978-1-61208-582-1

Location: Rome, Italy

Dates: from September 10, 2017 to September 14, 2017