Logo image
Back
Malware detection on virtual environment based on behavioral anomalies
Thesis   Open access

Malware detection on virtual environment based on behavioral anomalies

Abhilasha Jayaswal
Master of Science (M.S.), Drexel University
Jun 2020
DOI:
https://doi.org/10.17918/00000066
pdf
Jayaswal_Abhilasha_2020988.19 kBDownloadView
PDF Open Access Open Access (License Unspecified)

Abstract

Baum-Welch Algorithm Hidden Markov models Malware (Computer software) Computer Security
The present age is the age of the Internet and technological advancements. The increase in the number of appliances and the people connected to the internet has led to an increase in the number of cyber-attacks most of which are caused by using malware. There is a huge corpus of malware samples available out there and everyday new smarter malware comes into existence making signature-based detection not so convenient as new malware with different signature and ones that can change their signature to hide from being detected are being used by the cybercriminals. To compensate for that more and more organizations are moving towards anomaly-based detection techniques that make use of the knowledge of what consists of the normal behavior of the program. The Hidden Markov Model is the machine learning algorithm used in this thesis to classify a system feature as benign or malicious. The system feature that is used to conduct this experiment is system calls. System calls are considered one of the most effective system features used for malware detection. Ransomware created by a fellow Drexel Student is used to generate malicious system calls. The ransomware encrypts the data and asks for a ransom and once the ransom amount is entered the data is decrypted. The malware detector's performance is measured based on how well it is able to classify a system call as benign and malware.

Metrics

36 File views/ downloads
40 Record Views

Details

Logo image