Risk-Based System-Call Sequence Grouping Method for Malware Intrusion Detection

Author:

Vyšniūnas Tolvinas1,Čeponis Dainius1ORCID,Goranin Nikolaj1ORCID,Čenys Antanas1ORCID

Affiliation:

1. Department of Information Systems, Faculty of Fundamental Sciences, Vilnius Gediminas Technical University, LT-08412 Vilnius, Lithuania

Abstract

Malware intrusion is a serious threat to cybersecurity; that is why new and innovative methods are constantly being developed to detect and prevent it. This research focuses on malware intrusion detection through the usage of system calls and machine learning. An effective and clearly described system-call grouping method could increase the various metrics of machine learning methods, thereby improving the malware detection rate in host-based intrusion-detection systems. In this article, a risk-based system-call sequence grouping method is proposed that assigns riskiness values from low to high based on function risk value. The application of the newly proposed grouping method improved classification accuracy by 23.4% and 7.6% with the SVM and DT methods, respectively, compared to previous results obtained on the same methods and data. The results suggest the use of lightweight machine learning methods for malware attack can ensure detection accuracy comparable to deep learning methods.

Publisher

MDPI AG

Reference50 articles.

1. Training Guidance with KDD Cup 1999 and NSL-KDD Data Sets of ANIDINR: Anomaly-Based Network Intrusion Detection System;Serinelli;Procedia Comput. Sci.,2020

2. Hay, A., Cid, D., Bary, R., and Northcutt, S. (2008). OSSEC Host-Based Intrusion Detection Guide, Elsevier.

3. Comparison of the Host Based Intrusion Detection Systems and Network Based Intrusion Detection Systems;Efe;Celal Bayar Üniversitesi Fen Bilim. Derg.,2022

4. Post-Attack Intrusion Detection Using Log Files Analysis;Patil;Int. J. Comput. Appl.,2015

5. Anomaly-Based Network Intrusion Detection: Techniques, Systems and Challenges;Vazquez;Comput. Secur.,2009

同舟云学术

1.学者识别学者识别

2.学术分析学术分析

3.人才评估人才评估

"同舟云学术"是以全球学者为主线,采集、加工和组织学术论文而形成的新型学术文献查询和分析系统,可以对全球学者进行文献检索和人才价值评估。用户可以通过关注某些学科领域的顶尖人物而持续追踪该领域的学科进展和研究前沿。经过近期的数据扩容,当前同舟云学术共收录了国内外主流学术期刊6万余种,收集的期刊论文及会议论文总量共计约1.5亿篇,并以每天添加12000余篇中外论文的速度递增。我们也可以为用户提供个性化、定制化的学者数据。欢迎来电咨询!咨询电话:010-8811{复制后删除}0370

www.globalauthorid.com

TOP

Copyright © 2019-2024 北京同舟云网络信息技术有限公司
京公网安备11010802033243号  京ICP备18003416号-3