Paper Info
Title
Efficient and Interpretable Real-Time Malware Detection Using Random-Forest
Abstract
Malicious software, often described as malware, is one of the greatest threats to modern computer systems, and attackers continue to develop more sophisticated methods to access and compromise data and resources. Machine learning methods have potential to improve malware detection both in terms of accuracy and detection runtime, and is an active area within academic research and commercial development. Whilst the majority of research focused on improving accuracy and runtime of these systems, to date there has been little focus on the interpretability of detection results. In this paper, we propose a lightweight malware detection system called NODENS that can be deployed on affordable hardware such as a Raspberry Pi. Crucially, NODENS provides transparency of output results so that an end-user can begin to examine why the classifier believes a software sample to be either malicious or benign. Using an efficient Random-Forest approach, our system provides interpretability whilst not sacrificing accuracy or detection runtime, with an average detection speed of between 3-8 seconds, allowing for early remedial action to be taken before damage is caused.
Year
DOI
Venue
2019
10.1109/CyberSA.2019.8899533
2019 International Conference on Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)
Keywords
DocType
ISBN
interpretable real-time malware detection,malicious software,modern computer systems,sophisticated methods,compromise data,machine learning methods,detection runtime,active area,academic research,commercial development,lightweight malware detection system,NODENS,output results,software sample,average detection speed,efficient random-forest approach,Raspberry Pi
Conference
978-1-7281-0233-7
Citations 
PageRank 
References 
0
0.34
3
Authors
3
Name
Order
Citations
PageRank
Alan Mills100.68
Theodoros Spyridopoulos200.34
Phil Legg312.05