XMal: A lightweight memory-based explainable obfuscated-malware detector

被引：10

作者：

Alani M.M. ^{[1
,2
]}

Mashatan A. ^{[1
]}

Miri A. ^{[3
]}

机构：

[1] Cybersecurity Research Lab, Toronto Metropolitan University, Toronto

[2] School of IT Administration and Security, Seneca College of Applied Arts and Technology, Toronto

[3] Computer Science Department, Toronto Metropolitan University, Toronto

来源：

Computers and Security | 2023年 / 133卷

基金：

加拿大自然科学与工程研究理事会;

关键词：

Explainable machine learning; Machine learning; Malware; Malware detection; Obfuscated malware;

D O I：

10.1016/j.cose.2023.103409

中图分类号：

学科分类号：

摘要：

An average of 560,000 new malware instances are being detected every day. Malware detection is becoming one of the biggest challenges in the field of computer security. The use of code obfuscation techniques by malicious actors is gaining popularity, further complicating the process of detection. In this paper, we introduce a lightweight obfuscated-malware detector based on machine learning that is also explainable. The proposed method, based on extreme gradient boost, employs only five features extracted from memory dumps, achieving a detection accuracy of over 99%. These five features were selected using recursive feature elimination, based on feature importance. Through testing, we demonstrated that the system was capable of detecting malware instances in just 0.413 μs. The model was explained using Shapley additive explanations. © 2023 Elsevier Ltd

引用

共 47 条

[11]

(2021)

[12]

Darabian H., Homayounoot S., Dehghantanha A., Hashemi S., Karimipour H., Parizi R.M., Choo K.-K.R., Detecting cryptomining malware: a deep learning approach for static and dynamic analysis, J. Grid Comput., 18, 2, pp. 293-303, (2020)

[13]

Darem A., Abawajy J., Makkar A., Alhashmi A., Alanazi S., Visualization and deep-learning-based malware variant detection using opcode-level features, Future Gener. Comput. Syst., 125, pp. 314-323, (2021)

[14]

Demetrio L., Coull S.E., Biggio B., Lagorio G., Armando A., Roli F., Adversarial exemples: a survey and experimental evaluation of practical attacks on machine learning for windows malware detection, ACM Trans. Priv. Secur., 24, 4, (2021)

[15]

Giudici P., Raffinetti E., Explainable ai methods in cyber risk management, Qual. Reliab. Eng. Int., 38, 3, pp. 1318-1326, (2022)

[16]

Grosse K., Papernot N., Manoharan P., Backes M., McDaniel P., Adversarial examples for malware detection, Computer Security – ESORICS 2017, pp. 62-79, (2017)

[17]

Guyon I., Weston J., Barnhill S., Vapnik V., Gene selection for cancer classification using support vector machines, Mach. Learn., 46, pp. 389-422, (2002)

[18]

(2021)

[19]

Jahromi A.N., Hashemi S., Dehghantanha A., Parizi R.M., Choo K.-K.R., An enhanced stacked lstm method with no random initialization for malware threat hunting in safety and time-critical systems, IEEE Trans. Emerg. Top. Comput. Intell., 4, 5, pp. 630-640, (2020)

[20]

Kabir M.H., Hasan K.F., Hasan M.K., Ansari K., Explainable Artificial Intelligence for Smart City Application: A Secure and Trusted Platform, pp. 241-263, (2022)

← 1 2 3 4 5 →