Table of Contents
Fetching ...

Towards Online Malware Detection using Process Resource Utilization Metrics

Themistoklis Diamantopoulos, Dimosthenis Natsos, Andreas L. Symeonidis

TL;DR

This paper proposes an online learning approach for dynamic malware detection, that overcomes limitations by incorporating temporal information to continuously update its models using behavioral features, specifically process resource utilization metrics.

Abstract

The rapid growth of Cloud Computing and Internet of Things (IoT) has significantly increased the interconnection of computational resources, creating an environment where malicious software (malware) can spread rapidly. To address this challenge, researchers are increasingly utilizing Machine Learning approaches to identify malware through behavioral (i.e. dynamic) cues. However, current approaches are limited by their reliance on large labeled datasets, fixed model training, and the assumption that a trained model remains effective over time-disregarding the ever-evolving sophistication of malware. As a result, they often fail to detect evolving malware attacks that adapt over time. This paper proposes an online learning approach for dynamic malware detection, that overcomes these limitations by incorporating temporal information to continuously update its models using behavioral features, specifically process resource utilization metrics. By doing so, the proposed models can incrementally adapt to emerging threats and detect zero-day malware effectively. Upon evaluating our approach against traditional batch algorithms, we find it effective in detecting zero-day malware. Moreover, we demonstrate its efficacy in scenarios with limited data availability, where traditional batch-based approaches often struggle to perform reliably.

Towards Online Malware Detection using Process Resource Utilization Metrics

TL;DR

This paper proposes an online learning approach for dynamic malware detection, that overcomes limitations by incorporating temporal information to continuously update its models using behavioral features, specifically process resource utilization metrics.

Abstract

The rapid growth of Cloud Computing and Internet of Things (IoT) has significantly increased the interconnection of computational resources, creating an environment where malicious software (malware) can spread rapidly. To address this challenge, researchers are increasingly utilizing Machine Learning approaches to identify malware through behavioral (i.e. dynamic) cues. However, current approaches are limited by their reliance on large labeled datasets, fixed model training, and the assumption that a trained model remains effective over time-disregarding the ever-evolving sophistication of malware. As a result, they often fail to detect evolving malware attacks that adapt over time. This paper proposes an online learning approach for dynamic malware detection, that overcomes these limitations by incorporating temporal information to continuously update its models using behavioral features, specifically process resource utilization metrics. By doing so, the proposed models can incrementally adapt to emerging threats and detect zero-day malware effectively. Upon evaluating our approach against traditional batch algorithms, we find it effective in detecting zero-day malware. Moreover, we demonstrate its efficacy in scenarios with limited data availability, where traditional batch-based approaches often struggle to perform reliably.
Paper Structure (13 sections, 2 equations, 6 figures, 1 table)

This paper contains 13 sections, 2 equations, 6 figures, 1 table.

Figures (6)

  • Figure 1: Steps of our online malware detection methodology
  • Figure 2: Number of malware per year
  • Figure 3: Evaluation of batch vs online model in a batch evaluation setting
  • Figure 4: Evaluation of batch vs online model when the online model is updated
  • Figure 5: Accuracy of online model every 250 instances
  • ...and 1 more figures