Abstract
The rise in cyber-attacks and cyber-crime is causing more and more organizations and individuals to consider the correct implementation of their security systems. The consequences of a security breach can be devastating, ranging from loss of public confidence to bankruptcy. Traditional techniques for detecting and stopping malware rely on building a database of known signatures using known samples of malware. However, these techniques are not very effective at detecting zero-day exploits because there are no samples in their malware signature databases.
To address this challenge, our work proposes a novel approach to malware detection using machine learning techniques. Our solution provides a two-fold contribution, on the one hand, our training the model does not require any kind of malware, as it creates a user profile using only normal user behavior data, detecting malware by identifying deviations from this profile. On the other hand, as we shall see, our solution is able to dynamically train the model using only six sessions to minimize false positives. As a consequence, our model can quickly and effectively detect zero-day malware and other unknown threats without previous knowledge.
The proposed approach is evaluated using real-world datasets, and different machine learning algorithms are compared to evaluate their performance in detecting unknown threats. The results show that the proposed approach is effective in detecting malware, achieving high accuracy and low false positive rates.
This work was partially funded by IRIS Artificial Intelligence Threat Reporting and Incident Response System (H2020-101021727).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
abuse.ch: Sha256 edfe81babf50c2506853fd8375f1be0b7bebbefb2e5e9a33eff95ec23e867de1, https://bazaar.abuse.ch/sample/edfe81babf50c2506853fd8375f1be0b7bebbefb2e5e9a33eff95ec23e867de1/
Brownlee, J.: Gentle introduction to the adam optimization algorithm for deep learning (2021). https://machinelearningmastery.com/adam-optimization-algorithm-for-deep-learning/
Brownlee, J.: A gentle introduction to the rectified linear unit (relu), https://machinelearningmastery.com/rectified-linear-activation-function-for-deep-learning-neural-networks/
Cyberwire, T.: signature-based detection. https://thecyberwire.com/glossary/signature-based-detection
Denning, D.: An intrusion-detection model (1987). https://ieeexplore.ieee.org/abstract/document/1702202
Gavriluţ, D., Cimpoeşu, M., Anton, D., Ciortuz, L.: Malware detection using machine learning. In: 2009 International Multiconference on Computer Science and Information Technology, pp. 735–741 (2009). https://doi.org/10.1109/IMCSIT.2009.5352759
Griffiths, C.: The latest 2023 cyber crime statistics (2023). https://aag-it.com/the-latest-cyber-crime-statistics/#
Hindy, H., Atkinson, R., Tachtatzis, C., Colin, J.N., Bayne, E., Bellekens, X.: Utilising deep learning techniques for effective zero-day attack detection. In: Electronics, vol. 9, p. 1684 (2020). https://doi.org/10.3390/electronics9101684
Lane, T., Brodley, C.E.: An application of machine learning to anomaly detection (1997). http://ftp.cerias.purdue.edu/pub/papers/terran-lane/brodley-lane-nissc97_paper.pdf
Miao, Y.: Understanding heuristic-based scanning vs. sandboxing (2015). https://www.opswat.com/blog/understanding-heuristic-based-scanning-vs-sandboxing
Ahmed, M.E., Nepal, S.,Kim, H.: Medusa: malware detection using statistical analysis of system’s behavior (2018). https://ieeexplore.ieee.org/abstract/document/8537842
packetlabs: What is wiper malware and how does it work? (2022). https://www.packetlabs.net/posts/how-does-wiper-malware-work/
rdrr: bw.scott: Scott’s rule for bandwidth selection for kernel density (2013). https://rdrr.io/cran/spatstat.core/man/bw.scott.html
Saeed, M.: A gentle introduction to sigmoid function (2021). https://machinelearningmastery.com/a-gentle-introduction-to-sigmoid-function/
sklearn: density (2023). https://scikit-learn.org/stable/modules/density.html
tensorflow: Intro to autoencoders (2023). https://www.tensorflow.org/tutorials/generative/autoencoder
Tyagi, N.: L2 and l1 regularization in machine learning (2017). https://www.analyticssteps.com/blogs/l2-and-l1-regularization-machine-learning
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Dumitrasc, V., Serral-Gracià, R. (2024). User Behavior Analysis for Malware Detection. In: Katsikas, S., et al. Computer Security. ESORICS 2023 International Workshops. ESORICS 2023. Lecture Notes in Computer Science, vol 14399. Springer, Cham. https://doi.org/10.1007/978-3-031-54129-2_6
Download citation
DOI: https://doi.org/10.1007/978-3-031-54129-2_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-54128-5
Online ISBN: 978-3-031-54129-2
eBook Packages: Computer ScienceComputer Science (R0)