Files and links (1)
Accepted (AM)Open Access (License Unspecified), Open
Conference proceeding
Multi-channel Change-Point Malware Detection
2013 IEEE 7th International Conference on Software Security and Reliability
Jun 2013
Abstract
The complex computing systems employed by governments, corporations, and other institutions are frequently targeted by cyber-attacks designed for espionage and sabotage. The malicious software used in such attacks are typically custom-designed or obfuscated to avoid detection by traditional antivirus software. Our goal is to create a malware detection system that can quickly and accurately detect such otherwise difficult-to-detect malware. We pose the problem of malware detection as a multi-channel change-point detection problem, wherein the goal is to identify the point in time when a system changes from a known clean state to an infected state. We present a host-based malware detection system designed to run at the hypervisor level, monitoring hypervisor and guest operating system sensors and sequentially determining whether the host is infected. We present a case study wherein the detection system is used to detect various types of malware on an active web server under heavy computational load.
Metrics
Details
- Title
- Multi-channel Change-Point Malware Detection
- Creators
- Raymond Canzanese - Drexel UniversityMoshe Kam - Drexel UniversitySpiros Mancoridis - Drexel UniversityIEEE
- Publication Details
- 2013 IEEE 7th International Conference on Software Security and Reliability
- Publisher
- IEEE
- Resource Type
- Conference proceeding
- Language
- English
- Academic Unit
- Computer Science
- Web of Science ID
- WOS:000327102200013
- Scopus ID
- 2-s2.0-84883340952
- Other Identifier
- 991019167559804721
InCites Highlights
Data related to this publication, from InCites Benchmarking & Analytics tool:
- Web of Science research areas
- Computer Science, Software Engineering
- Computer Science, Theory & Methods
- Engineering, Electrical & Electronic