Malware Detection Based on Multidimensional Time Distribution Features

: Language detection models based on system calls suffer from certain false negatives and detection blind spots. Hence, the normal behavior sequences of some malware applications for a short period can become malicious behavior within a certain time window. To detect such behaviors, we extract a multidimensional time distribution feature matrix on the basis of statistical analysis. This matrix mainly includes multidimensional time distribution features, multidimensional word pair correlation features, and multidimensional word frequency distribution features. A multidimensional time distribution model based on neural networks is built to detect the overall abnormal behavior within a given time window. Experimental evaluation is conducted using the ADFA-LD dataset. Accuracy, precision, and recall are used as the measurement indicators of the model. An accuracy rate of 95.26% and a recall rate of 96.11% are achieved.

[1]  Xiaojun Wang,et al.  A secure controlled quantum image steganography algorithm , 2020, Quantum Information Processing.

[2]  L. Javier García-Villalba,et al.  A novel pattern recognition system for detecting Android malware by analyzing suspicious boot sequences , 2018, Knowl. Based Syst..

[3]  Chan Woo Kim,et al.  NtMalDetect: A Machine Learning Approach to Malware Detection Using Native API System Calls , 2018, ArXiv.

[4]  Pierre-Francois Marteau,et al.  Sequence Covering for Efficient Host-Based Intrusion Detection , 2017, IEEE Transactions on Information Forensics and Security.

[5]  Simone Atzeni,et al.  Evaluation of Android Malware Detection Based on System Calls , 2016, IWSPA@CODASPY.

[6]  Jiankun Hu,et al.  A Semantic Approach to Host-Based Intrusion Detection Systems Using Contiguousand Discontiguous System Call Patterns , 2014, IEEE Transactions on Computers.

[7]  Heng Yin,et al.  DroidAPIMiner: Mining API-Level Features for Robust Malware Detection in Android , 2013, SecureComm.

[8]  Jiankun Hu,et al.  Generation of a new IDS test dataset: Time to retire the KDD collection , 2013, 2013 IEEE Wireless Communications and Networking Conference (WCNC).

[9]  Guosheng Xu,et al.  Ensemble Strategy for Insider Threat Detection from User Activity Logs , 2020, Computers, Materials & Continua.

[10]  Zhiguo Qu,et al.  Analysis and Improvement of Steganography Protocol Based on Bell States in Noise Environment , 2019, Computers, Materials & Continua.

[11]  Zhihong Tian,et al.  System Architecture and Key Technologies of Network Security Situation Awareness System YHSAS , 2019, Computers, Materials & Continua.

[12]  Gianluca Dini,et al.  MADAM: Effective and Efficient Behavior-based Android Malware Detection and Prevention , 2018, IEEE Transactions on Dependable and Secure Computing.

[13]  Usman Tariq,et al.  Intrusion Detection and Anticipation System (IDAS) for IEEE 802.15.4 Devices , 2018 .

[14]  Gideon Creech,et al.  Developing a high-accuracy cross platform Host-Based Intrusion Detection System capable of reliably detecting zero-day attacks , 2014 .