Conference proceeding
Inoculation against malware infection using kernel-level software sensors
Proceedings of the 8th ACM international conference on autonomic computing
14 Jun 2011
Abstract
We present a technique for dynamic malware detection that relies on a set of sensors that monitor the interaction of applications with the underlying operating system. By monitoring the requests that each process makes to kernel-level operating system functions, we build a statistical model that describes both clean and infected systems in terms of the distribution of data collected from each sensor. The model parameters are learned from labeled training data gathered from machines infected with canonical samples of malware. We present a technique for detecting malware using the Neyman-Pearson test from classical detection theory. This technique classifies a system as either clean or infected at runtime as measurements are collected from the sensors. We provide experimental results that illustrate the effectiveness of this technique for a selection of malware samples. Additionally, we provide a performance analysis of our sensing and detection techniques in terms of the overhead they introduce to the system. Finally, we show this method to be effective in detecting previously unknown malware when trained to detect similar malware under similar load conditions.
Metrics
7 Record Views
4 citations in Scopus
Details
- Title
- Inoculation against malware infection using kernel-level software sensors
- Creators
- Raymond Canzanese - Drexel UniversityMoshe Kam - Drexel UniversitySpiros Mancoridis - Drexel University
- Publication Details
- Proceedings of the 8th ACM international conference on autonomic computing
- Conference
- 8th ACM international conference on autonomic computing, 8th
- Series
- ICAC '11
- Publisher
- Association for Computing Machinery (ACM)
- Resource Type
- Conference proceeding
- Language
- English
- Academic Unit
- Computer Science
- Scopus ID
- 2-s2.0-79960194121
- Other Identifier
- 991019174906704721