In this technical world, the detection of malware variants is getting cumbersome day by day. Newer variants of malware make it even tougher to detect them. The enormous amount of diversified malware enforced us to stumble on new techniques like machine learning. In this work, we propose an incremental malware detection model for meta-feature API and system call sequence. We represent the host behaviour using a sequence of API calls and system calls. For the creation of sequential system calls, we use NITRSCT (NITR System call Tracer) and for sequential API calls, we generate a list of anomaly scores for each API call sequence using Numenta Hierarchical Temporal Memory (N-HTM). We have converted the API call sequence into six meta-features that narrates its influence. We do the feature selection using a correlation matrix with a heatmap to select the best meta-features. An incremental malware detection model is proposed to decide the label of the binary executable under study. We classify malware samples into their respective types and demonstrated via a case study that, our proposed model can reduce the effort required in STS-Tool(Socio-Technical Security Tool) approach and Abuse case. Theoretical analysis and real-life experiments show that our model is efficient and achieves 95.2% accuracy. The detection speed of our proposed model is 0.03s. We resolve the issue of limited precision and recall while detecting malware. User's requirement is also met by fixing the trade-off between accuracy and speed.
2
Dostęp do pełnego tekstu na zewnętrznej witrynie WWW
This paper examines the decentralized controller for a software interconnected system subject to malicious attack. The security of software interconnected system (SIS) subject to malicious attacks is discussed using Event-Triggered Mechanism (ETM). We design a novel ETM with decentralized feedback for managing resources and keeping system stable during attacks. We use Numenta-Hierarchical Temporal Memory (N-HTM) for monitoring the ETM values. Numerical simulation of service provider system is considered for illustrating our model's effectiveness. Experiments reveal that our model stabilizes system after an average of 2s from the launch of last attack. Average consumption of the resources is reduced by 70%.
JavaScript jest wyłączony w Twojej przeglądarce internetowej. Włącz go, a następnie odśwież stronę, aby móc w pełni z niej korzystać.