Cardiff University | Prifysgol Caerdydd ORCA
Online Research @ Cardiff 
WelshClear Cookie - decide language by browser settings

LAB to SOC: Robust Features for Dynamic Malware Detection

Rhode, Matilda, Tuson, Lewis, Burnap, Peter and Jones, Kevin 2019. LAB to SOC: Robust Features for Dynamic Malware Detection. Presented at: 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2019), Portland, OR, USA, 24-27 June 2019. 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks – Industry Track. IEEE, pp. 13-16. 10.1109/DSN-Industry.2019.00010

Full text not available from this repository.

Abstract

Machine learning models regularly achieve more than 95% accuracy in academic literature for dynamic malware detection problems, but the samples providing the data for these models are rarely shared publicly. This not only creates a benchmarking problem for academic and industry practitioners but could fail to reveal the hidden bias of machine learning models towards data from a particular source. This paper simulates 'lab' experiments with several filetypes, machine learning algorithms, and features tested using data from two sources to probe the robustness of these models across different test sets. The first source is the same as the training data, the second is a commercial malware dataset provided by an organisation's advanced malware detection methods. These preliminary results indicate that for Windows executable files, widely used API call features are less robust than behavioural metrics such as CPU usage, RAM use, and packets received and transmitted, which give greater consistency in predictive accuracy rates across the different test sets.

Item Type: Conference or Workshop Item (Paper)
Date Type: Published Online
Status: Published
Schools: Computer Science & Informatics
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Publisher: IEEE
ISBN: 9781728130323
Last Modified: 25 Mar 2020 13:30
URI: http://orca-mwe.cf.ac.uk/id/eprint/130438

Citation Data

Cited 1 time in Scopus. View in Scopus. Powered By Scopus® Data

Actions (repository staff only)

Edit Item Edit Item