Alan Mills
Efficient and interpretable real-time malware detection using random-forest
Mills, Alan; Spyridopoulos, Theodoros; Legg, Phil
Authors
Theo Spyridopoulos Theo.Spyridopoulos@uwe.ac.uk
Occasional Associate Lecturer - CSCT FET
Professor Phil Legg Phil.Legg@uwe.ac.uk
Professor in Cyber Security
Abstract
© 2019 IEEE. Malicious software, often described as malware, is one of the greatest threats to modern computer systems, and attackers continue to develop more sophisticated methods to access and compromise data and resources. Machine learning methods have potential to improve malware detection both in terms of accuracy and detection runtime, and is an active area within academic research and commercial development. Whilst the majority of research focused on improving accuracy and runtime of these systems, to date there has been little focus on the interpretability of detection results. In this paper, we propose a lightweight malware detection system called NODENS that can be deployed on affordable hardware such as a Raspberry Pi. Crucially, NODENS provides transparency of output results so that an end-user can begin to examine why the classifier believes a software sample to be either malicious or benign. Using an efficient Random-Forest approach, our system provides interpretability whilst not sacrificing accuracy or detection runtime, with an average detection speed of between 3-8 seconds, allowing for early remedial action to be taken before damage is caused.
Presentation Conference Type | Conference Paper (published) |
---|---|
Conference Name | 2019 International Conference on Cyber Situational Awareness, Data Analytics and Assessment, Cyber SA 2019 |
Start Date | Jun 3, 2019 |
End Date | Jun 4, 2019 |
Acceptance Date | Mar 26, 2019 |
Online Publication Date | Jun 4, 2019 |
Publication Date | Jun 1, 2019 |
Deposit Date | Apr 4, 2019 |
Publicly Available Date | Apr 4, 2019 |
Publisher | Institute of Electrical and Electronics Engineers (IEEE) |
Peer Reviewed | Peer Reviewed |
ISBN | 9781728102320 |
DOI | https://doi.org/10.1109/CyberSA.2019.8899533 |
Public URL | https://uwe-repository.worktribe.com/output/846193 |
Publisher URL | https://doi.org/10.1109/CyberSA.2019.8899533 |
Contract Date | Apr 4, 2019 |
Files
cybersa19_malware.pdf
(280 Kb)
PDF
Licence
http://www.rioxx.net/licenses/all-rights-reserved
Publisher Licence URL
http://www.rioxx.net/licenses/all-rights-reserved
Copyright Statement
(c) 2019 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting/ republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works.
You might also like
A Game Theoretical Method for Cost-Benefit Analysis of Malware Dissemination Prevention
(2015)
Journal Article
Critical infrastructure cyber-security risk management
(2017)
Book Chapter
Real-time monitoring of privacy abuses and intrusion detection in android system
(2015)
Presentation / Conference Contribution
Application of a game theoretic approach in smart sensor data trustworthiness problems
(2015)
Presentation / Conference Contribution
Applying the ACPO guidelines to building automation systems
(2015)
Presentation / Conference Contribution
Downloadable Citations
About UWE Bristol Research Repository
Administrator e-mail: repository@uwe.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search