Affiliation:
1. Department of Computer Science, University of Pretoria, Pretoria 0002, South Africa
2. College of Interdisciplinary Studies, Zayed University, Abu Dhabi P.O. Box 144534, United Arab Emirates
Abstract
The growing sophistication of malware has resulted in diverse challenges, especially among security researchers who are expected to develop mechanisms to thwart these malicious attacks. While security researchers have turned to machine learning to combat this surge in malware attacks and enhance detection and prevention methods, they often encounter limitations when it comes to sourcing malware binaries. This limitation places the burden on malware researchers to create context-specific datasets and detection mechanisms, a time-consuming and intricate process that involves a series of experiments. The lack of accessible analysis reports and a centralized platform for sharing and verifying findings has resulted in many research outputs that can neither be replicated nor validated. To address this critical gap, a malware analysis data curation platform was developed. This platform offers malware researchers a highly customizable feature generation process drawing from analysis data reports, particularly those generated in sandbox-based environments such as Cuckoo Sandbox. To evaluate the effectiveness of the platform, a replication of existing studies was conducted in the form of case studies. These studies revealed that the developed platform offers an effective approach that can aid malware detection research. Moreover, a real-world scenario involving over 3000 ransomware and benign samples for ransomware detection based on PE entropy was explored. This yielded an impressive accuracy score of 98.8% and an AUC of 0.97 when employing the decision tree algorithm, with a low latency of 1.51 ms. These results emphasize the necessity of the proposed platform while demonstrating its capacity to construct a comprehensive detection mechanism. By fostering community-driven interactive databanks, this platform enables the creation of datasets as well as the sharing of reports, both of which can substantially reduce experimentation time and enhance research repeatability.
Funder
National Research Foundation of South Africa
Subject
Computer Networks and Communications,Human-Computer Interaction
Reference41 articles.
1. AV-Test (2023, September 21). Malware Statistics. Available online: https://www.av-test.org/en/statistics/malware/.
2. Singh, A., and Venter, H.S. (2019). Digital Forensic Readiness Framework for Ransomware Investigation, Springer International Publishing.
3. Internet Security Threat Report—Ransomware 2017;Symantec,2017
4. Ransomware threat success factors, taxonomy, and countermeasures: A survey and research directions;Maarof;Comput. Secur.,2018
5. Ransomware Detection using Process Memory;Singh;Int. Conf. Cyber Warf. Secur.,2022
Cited by
1 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献