Sie befinden Sich nicht im Netzwerk der Universität Paderborn. Der Zugriff auf elektronische Ressourcen ist gegebenenfalls nur via VPN oder Shibboleth (DFN-AAI) möglich. mehr Informationen...
OS-Independent Malware Detection: Applying Machine Learning and Computer Vision in Memory Forensics
Ist Teil von
2021 17th International Conference on Computational Intelligence and Security (CIS), 2021, p.616-620
Ort / Verlag
IEEE
Erscheinungsjahr
2021
Link zum Volltext
Quelle
IEEE Electronic Library (IEL)
Beschreibungen/Notizen
Malware detection is an essential task to protect computing systems, and it is crucial to detect potential malicious code in memory. Thus, we utilize the memory forensics approach to build an OS-independent malware detection system. To accomplish this goal, we integrate fundamental machine learning techniques with memory forensics for building a classification tool and apply computer vision for preprocessing data. Our system needs a huge data set from both benign and malicious memory dumps for building a machine learning model. Therefore, we also build a MemGen system to simulate any scenario for computers and dump benign or malicious memory snapshots. We use the MemGen system to create a new dataset that includes types of 2750 samples of 8 different newest malware and benign memory dumps. The results are obtained by applying the machine learning algorithms SVM based on RBF kernel, Random Forest, and Decision Tree on the generated dataset by MemGen that has an accuracy of 93.42%, 93.75%, 92.83% respectively. Moreover, we test the trained models to recognize unknown malware and obtained quite impressive results with accuracy up to 87.44%, 84.78%, 80% on average for Random Forest, Decision Tree, and SVM algorithms, on a dataset of 900 malware samples from 3 types of malware: OskiStealer, RedLineStealer, and SnapKeylogger.