Research Repository

See what's under the surface

Efficient and interpretable real-time malware detection using random-forest

Mills, Alan; Spyridopoulos, Theodoros; Legg, Phil

Authors

Alan Mills alan2.mills@live.uwe.ac.uk

Phil Legg Phil.Legg@uwe.ac.uk
Associate Professor in Cyber Security

Abstract

Malicious software, often described as malware, is one of the greatest threats to modern computer systems, and attackers continue to develop more sophisticated methods to access and compromise data and resources. Machine learning methods have potential to improve malware detection both in terms of accuracy and detection runtime, and is an active area within academic research and commercial development. Whilst the majority of research focused on improving accuracy and runtime of these systems, to date there has been little focus on the interpretability of detection results. In this paper, we propose a lightweight malware detection system called NODENS that can be deployed on affordable hardware such as a Raspberry Pi. Crucially, NODENS provides transparency of output results so that an end-user can begin to examine why the classifier believes a software sample to be either malicious or benign. Using an efficient random forest approach, our system provides inter- pretability whilst not sacrificing accuracy or detection runtime, with an average detection speed of between 3-8 seconds, allowing for early remedial action to be taken before damage is caused.

Presentation Conference Type Conference Paper (unpublished)
Start Date Jun 3, 2019
Peer Reviewed Peer Reviewed
Institution Citation Mills, A., Spyridopoulos, T., & Legg, P. (2019, June). Efficient and interpretable real-time malware detection using random-forest. Paper presented at Int. Conf. on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)
Additional Information Title of Conference or Conference Proceedings : Int. Conf. on Cyber Situational Awareness, Data Analytics and Assessment