Paper Info
Title
Multi-channel Change-Point Malware Detection
Abstract
The complex computing systems employed by governments, corporations, and other institutions are frequently targeted by cyber-attacks designed for espionage and sabotage. The malicious software used in such attacks are typically custom-designed or obfuscated to avoid detection by traditional antivirus software. Our goal is to create a malware detection system that can quickly and accurately detect such otherwise difficult-to-detect malware. We pose the problem of malware detection as a multi-channel change-point detection problem, wherein the goal is to identify the point in time when a system changes from a known clean state to an infected state. We present a host-based malware detection system designed to run at the hyper visor level, monitoring hyper visor and guest operating system sensors and sequentially determining whether the host is infected. We present a case study wherein the detection system is used to detect various types of malware on an active web server under heavy computational load.
Year
DOI
Venue
2013
10.1109/SERE.2013.20
Software Security and Reliability
Keywords
Field
DocType
difficult-to-detect malware,malware detection,clean state,malware detection system,multi-channel change-point malware detection,complex computing system,detection system,system change,guest operating system sensor,host-based malware detection system,multi-channel change-point detection problem,malware,file servers,change detection,malicious software,espionage,change point detection,internet,cyber attacks,feature extraction,computational complexity,computer viruses,detectors
Cryptovirology,File server,Change detection,Computer science,Computer security,Computer virus,Hypervisor,Malware,Cyber-collection,Web server
Conference
ISSN
ISBN
Citations 
2378-3877
978-1-4799-0406-8
2
PageRank 
References 
Authors
0.40
17
3
Name
Order
Citations
PageRank
Raymond Canzanese1262.23
Moshe Kam229049.13
Spiros Mancoridis388856.82