Abstract | ||
---|---|---|
The complex computing systems employed by governments, corporations, and other institutions are frequently targeted by cyber-attacks designed for espionage and sabotage. The malicious software used in such attacks are typically custom-designed or obfuscated to avoid detection by traditional antivirus software. Our goal is to create a malware detection system that can quickly and accurately detect such otherwise difficult-to-detect malware. We pose the problem of malware detection as a multi-channel change-point detection problem, wherein the goal is to identify the point in time when a system changes from a known clean state to an infected state. We present a host-based malware detection system designed to run at the hyper visor level, monitoring hyper visor and guest operating system sensors and sequentially determining whether the host is infected. We present a case study wherein the detection system is used to detect various types of malware on an active web server under heavy computational load. |
Year | DOI | Venue |
---|---|---|
2013 | 10.1109/SERE.2013.20 | Software Security and Reliability |
Keywords | Field | DocType |
difficult-to-detect malware,malware detection,clean state,malware detection system,multi-channel change-point malware detection,complex computing system,detection system,system change,guest operating system sensor,host-based malware detection system,multi-channel change-point detection problem,malware,file servers,change detection,malicious software,espionage,change point detection,internet,cyber attacks,feature extraction,computational complexity,computer viruses,detectors | Cryptovirology,File server,Change detection,Computer science,Computer security,Computer virus,Hypervisor,Malware,Cyber-collection,Web server | Conference |
ISSN | ISBN | Citations |
2378-3877 | 978-1-4799-0406-8 | 2 |
PageRank | References | Authors |
0.40 | 17 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Raymond Canzanese | 1 | 26 | 2.23 |
Moshe Kam | 2 | 290 | 49.13 |
Spiros Mancoridis | 3 | 888 | 56.82 |