Alan Mills firstname.lastname@example.org
Efficient and interpretable real-time malware detection using random-forest
Mills, Alan; Spyridopoulos, Theodoros; Legg, Phil
Theo Spyridopoulos Theo.Spyridopoulos@uwe.ac.uk
Senior Lecturer in Forensic Computing
Phil Legg Phil.Legg@uwe.ac.uk
Associate Professor in Cyber Security
© 2019 IEEE. Malicious software, often described as malware, is one of the greatest threats to modern computer systems, and attackers continue to develop more sophisticated methods to access and compromise data and resources. Machine learning methods have potential to improve malware detection both in terms of accuracy and detection runtime, and is an active area within academic research and commercial development. Whilst the majority of research focused on improving accuracy and runtime of these systems, to date there has been little focus on the interpretability of detection results. In this paper, we propose a lightweight malware detection system called NODENS that can be deployed on affordable hardware such as a Raspberry Pi. Crucially, NODENS provides transparency of output results so that an end-user can begin to examine why the classifier believes a software sample to be either malicious or benign. Using an efficient Random-Forest approach, our system provides interpretability whilst not sacrificing accuracy or detection runtime, with an average detection speed of between 3-8 seconds, allowing for early remedial action to be taken before damage is caused.
|Start Date||Jun 3, 2019|
|Publication Date||Jun 1, 2019|
|Publisher||Institute of Electrical and Electronics Engineers (IEEE)|
|Peer Reviewed||Peer Reviewed|
|APA6 Citation||Mills, A., Spyridopoulos, T., & Legg, P. (2019). Efficient and interpretable real-time malware detection using random-forest. https://doi.org/10.1109/CyberSA.2019.8899533|
(c) 2019 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting/ republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works.
You might also like
Tools and techniques for improving cyber situational awareness of targeted phishing attacks
What makes for effective visualisation in cyber situational awareness for non-expert users?
Predicting user confidence during visual decision making