Skip to main content
Springer Nature Link
Log in

User Behavior Analysis for Malware Detection

  • Conference paper
  • First Online:
Computer Security. ESORICS 2023 International Workshops (ESORICS 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14399))

Included in the following conference series:

  • 583 Accesses

Abstract

The rise in cyber-attacks and cyber-crime is causing more and more organizations and individuals to consider the correct implementation of their security systems. The consequences of a security breach can be devastating, ranging from loss of public confidence to bankruptcy. Traditional techniques for detecting and stopping malware rely on building a database of known signatures using known samples of malware. However, these techniques are not very effective at detecting zero-day exploits because there are no samples in their malware signature databases.

To address this challenge, our work proposes a novel approach to malware detection using machine learning techniques. Our solution provides a two-fold contribution, on the one hand, our training the model does not require any kind of malware, as it creates a user profile using only normal user behavior data, detecting malware by identifying deviations from this profile. On the other hand, as we shall see, our solution is able to dynamically train the model using only six sessions to minimize false positives. As a consequence, our model can quickly and effectively detect zero-day malware and other unknown threats without previous knowledge.

The proposed approach is evaluated using real-world datasets, and different machine learning algorithms are compared to evaluate their performance in detecting unknown threats. The results show that the proposed approach is effective in detecting malware, achieving high accuracy and low false positive rates.

This work was partially funded by IRIS Artificial Intelligence Threat Reporting and Incident Response System (H2020-101021727).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
eBook
USD 84.99
Price excludes VAT (USA)
Softcover Book
USD 109.99
Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. abuse.ch: Sha256 edfe81babf50c2506853fd8375f1be0b7bebbefb2e5e9a33eff95ec23e867de1, https://bazaar.abuse.ch/sample/edfe81babf50c2506853fd8375f1be0b7bebbefb2e5e9a33eff95ec23e867de1/

  2. Brownlee, J.: Gentle introduction to the adam optimization algorithm for deep learning (2021). https://machinelearningmastery.com/adam-optimization-algorithm-for-deep-learning/

  3. Brownlee, J.: A gentle introduction to the rectified linear unit (relu), https://machinelearningmastery.com/rectified-linear-activation-function-for-deep-learning-neural-networks/

  4. Cyberwire, T.: signature-based detection. https://thecyberwire.com/glossary/signature-based-detection

  5. Denning, D.: An intrusion-detection model (1987). https://ieeexplore.ieee.org/abstract/document/1702202

  6. Gavriluţ, D., Cimpoeşu, M., Anton, D., Ciortuz, L.: Malware detection using machine learning. In: 2009 International Multiconference on Computer Science and Information Technology, pp. 735–741 (2009). https://doi.org/10.1109/IMCSIT.2009.5352759

  7. Griffiths, C.: The latest 2023 cyber crime statistics (2023). https://aag-it.com/the-latest-cyber-crime-statistics/#

  8. Hindy, H., Atkinson, R., Tachtatzis, C., Colin, J.N., Bayne, E., Bellekens, X.: Utilising deep learning techniques for effective zero-day attack detection. In: Electronics, vol. 9, p. 1684 (2020). https://doi.org/10.3390/electronics9101684

  9. Lane, T., Brodley, C.E.: An application of machine learning to anomaly detection (1997). http://ftp.cerias.purdue.edu/pub/papers/terran-lane/brodley-lane-nissc97_paper.pdf

  10. Miao, Y.: Understanding heuristic-based scanning vs. sandboxing (2015). https://www.opswat.com/blog/understanding-heuristic-based-scanning-vs-sandboxing

  11. Ahmed, M.E., Nepal, S.,Kim, H.: Medusa: malware detection using statistical analysis of system’s behavior (2018). https://ieeexplore.ieee.org/abstract/document/8537842

  12. packetlabs: What is wiper malware and how does it work? (2022). https://www.packetlabs.net/posts/how-does-wiper-malware-work/

  13. rdrr: bw.scott: Scott’s rule for bandwidth selection for kernel density (2013). https://rdrr.io/cran/spatstat.core/man/bw.scott.html

  14. Saeed, M.: A gentle introduction to sigmoid function (2021). https://machinelearningmastery.com/a-gentle-introduction-to-sigmoid-function/

  15. sklearn: density (2023). https://scikit-learn.org/stable/modules/density.html

  16. tensorflow: Intro to autoencoders (2023). https://www.tensorflow.org/tutorials/generative/autoencoder

  17. Tyagi, N.: L2 and l1 regularization in machine learning (2017). https://www.analyticssteps.com/blogs/l2-and-l1-regularization-machine-learning

Download references

Author information

Authors and Affiliations

  1. FSP Consulting Services, Reading, UK

    Valentina Dumitrasc

  2. BarcelonaTech, Barcelona, Spain

    René Serral-Gracià

Authors
  1. Valentina Dumitrasc
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. René Serral-Gracià
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to René Serral-Gracià .

Editor information

Editors and Affiliations

  1. Norwegian University of Science and Technology, Gjøvik, Norway

    Sokratis Katsikas

  2. Norwegian Computing Center, Oslo, Norway

    Habtamu Abie

  3. University of Trento, Trento, Italy

    Silvio Ranise

  4. University of Genoa, Genoa, Italy

    Luca Verderame

  5. Consiglio Nazionale delle Ricerche (CNR), Genoa, Italy

    Enrico Cambiaso

  6. SINTEF A.S., Oslo, Norway

    Rita Ugarelli

  7. Instituto Superior de Engenharia do Porto, Porto, Portugal

    Isabel Praça

  8. Hong Kong Polytechnic University, Hong Kong, China

    Wenjuan Li

  9. Technical University of Denmark, Kongens Lyngby, Denmark

    Weizhi Meng

  10. University of Nottingham, Nottingham, UK

    Steven Furnell

  11. Norwegian University of Science and Technology, Gjøvik, Norway

    Basel Katt

  12. Norwegian Computing Center, Oslo, Norway

    Sandeep Pirbhulal

  13. Institute for Energy Technology (IFE), Halden, Norway

    Ankur Shukla

  14. University of Calabria, Rende, Italy

    Michele Ianni

  15. University of Verona, Verona, Italy

    Mila Dalla Preda

  16. The University of Texas at San Antonio, San Antonio, TX, USA

    Kim-Kwang Raymond Choo

  17. University of Lisbon, Lisbon, Portugal

    Miguel Pupo Correia

  18. University of Twente, Enschede, The Netherlands

    Abhishta Abhishta

  19. University of Amsterdam, Amsterdam, The Netherlands

    Giovanni Sileno

  20. Open University in the Netherlands, Heerlen, The Netherlands

    Mina Alishahi

  21. Robert Gordon University, Aberdeen, UK

    Harsha Kalutarage

  22. Osaka University, Osaka, Japan

    Naoto Yanai

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Dumitrasc, V., Serral-Gracià, R. (2024). User Behavior Analysis for Malware Detection. In: Katsikas, S., et al. Computer Security. ESORICS 2023 International Workshops. ESORICS 2023. Lecture Notes in Computer Science, vol 14399. Springer, Cham. https://doi.org/10.1007/978-3-031-54129-2_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-54129-2_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-54128-5

  • Online ISBN: 978-3-031-54129-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation