Araştırma Makalesi
BibTex RIS Kaynak Göster

Malware Detection Method Based on File and Registry Operations Using Machine Learning

Yıl 2022, Cilt: 5 Sayı: 2, 134 - 146, 31.08.2022

Ömer Aslan Erdal Akin

https://doi.org/10.35377/saucis...1049798

Öz

Malware (Malicious Software) is any software which performs malicious activities on computer-based systems without the user's consent. The number, severity, and complexity of malware have been increasing recently. The detection of malware becomes challenging because new malware variants are using obfuscation techniques to hide themselves from the malware detection systems. In this paper, a new behavioral-based malware detection method is proposed based on file-registry operations. When malware features are generated, only the operations which are performed on specific file and registry locations are considered. The file-registry operations divided into five groups: autostart file locations, temporary file locations, specific system file locations, autostart registry locations, and DLLs related registry locations. Based on the file-registry operations and where they performed, the malware features are generated. These features are seen in malware samples with high frequencies, while rarely seen in benign samples. The proposed method is tested on malware and benign samples in a virtual environment, and a dataset is created. Well-known machine learning algorithms including C4.5 (J48), RF (Random Forest), SLR (Simple Logistic Regression), AdaBoost (Adaptive Boosting), SMO (Sequential Minimal Optimization), and KNN (K-Nearest Neighbors) are used for classification. In the best case, we obtained 98.8% true positive rate, 0% false positive rate, 100% precision and 99.05% accuracy which is quite high when compared with leading methods in the literature.

Anahtar Kelimeler

Cybersecurity malware detection behavior-based detection file-registry behaviors machine learning

Kaynakça

  • [1] Ö. Aslan, R. Samet. "Investigation of possibilities to detect malware using existing tools," IEEE/ACS 14th International Conference on Computer Systems and Applications (AICCSA) (pp. 1277-1284), October 2017.
  • [2] Ö. Aslan and R.Samet. "A comprehensive review on malware detection approaches," IEEE Access, 8, 6249-6271, 2020.
  • [3] A. Souri and R. Hosseini. "A state-of-the-art survey of malware detection approaches using data mining techniques," Human-centric Computing and Information Sciences, 8(1), 1-22, 2018.
  • [4] Ö. Aslan, R. Samet and Ö.Ö. Tanrıöver. "Using a Subtractive Center Behavioral Model to Detect Malware, " Security and Communication Networks, 2020, 2020.
  • [5] J. Nazari. "Defense and Detection Strategies against Internet Worms," Artech House, 2004.
  • [6] S. Sparks and J. Butler. "Shadow walker: Raising the bar for rootkit detection," Black Hat Japan, 11(63), 504-533, 2005.
  • [7] K. Savage, P. Coogan, and H. Lau. "The evolution of ransomware," Symantec report, August 2015.
  • [8] P. Luckett, J. T. McDonald and J. Dawson. "Neural network analysis of system call timing for rootkit detection," Cybersecurity Symposium (CYBERSEC) (pp. 1-6), April 2016.
  • [9] Ö. Aslan, Ö. "Performance comparison of static malware analysis tools versus antivirus scanners to detect malware," In International Multidisciplinary Studies Congress (IMSC), 2017.
  • [10]Z. Xu, S. Ray, P. Subramanyan and S. Malik. "Malware detection using machine learning based analysis of virtual memory access patterns," In Design, Automation & Test in Europe Conference & Exhibition (DATE), 2017 (pp. 169-174), March 2017.
  • [11] N.A. Rosli, W. Yassin, M. A. Faizal and S. R. Selamat. "Clustering Analysis for Malware Behavior Detection using Registry Data," International Journal of Advanced Computer Science and Applications (IJACSA), 10, 12, 2019.
  • [12] M. B. Bahador, M. Abadi and A. Tajoddin. "HLMD: a signature-based approach to hardware-level behavioral malware detection and classification," The Journal of Supercomputing, 75(8), 5551-5582, 2019.
  • [13] H. Zhang, W. Zhang, Z. Lv, A. K. Sangaiah, T. Huang and N. Chilamkurti. MALDC: "A depth detection method for malware based on behavior chains," World Wide Web, 23(2), 991-1010, 2020.
  • [14] Y. Sun, A. K. Bashir, U. Tariq and F. Xiao. "Effective malware detection scheme based on classified behavior graph in IIoT," Ad Hoc Networks, 102558, 2021.
  • [15] Malware downloading webstie, "https://www.virusign.com/", accessible in 2021.
  • [16] Malware downloading webstie, "https://malshare.com/", accessible in 2021.
  • [17] Malware downloading webstie, "http://www.tekdefense.com/", accessible in 2021.

Yıl 2022, Cilt: 5 Sayı: 2, 134 - 146, 31.08.2022

Ömer Aslan Erdal Akin

https://doi.org/10.35377/saucis...1049798

Öz

Kaynakça

  • [1] Ö. Aslan, R. Samet. "Investigation of possibilities to detect malware using existing tools," IEEE/ACS 14th International Conference on Computer Systems and Applications (AICCSA) (pp. 1277-1284), October 2017.
  • [2] Ö. Aslan and R.Samet. "A comprehensive review on malware detection approaches," IEEE Access, 8, 6249-6271, 2020.
  • [3] A. Souri and R. Hosseini. "A state-of-the-art survey of malware detection approaches using data mining techniques," Human-centric Computing and Information Sciences, 8(1), 1-22, 2018.
  • [4] Ö. Aslan, R. Samet and Ö.Ö. Tanrıöver. "Using a Subtractive Center Behavioral Model to Detect Malware, " Security and Communication Networks, 2020, 2020.
  • [5] J. Nazari. "Defense and Detection Strategies against Internet Worms," Artech House, 2004.
  • [6] S. Sparks and J. Butler. "Shadow walker: Raising the bar for rootkit detection," Black Hat Japan, 11(63), 504-533, 2005.
  • [7] K. Savage, P. Coogan, and H. Lau. "The evolution of ransomware," Symantec report, August 2015.
  • [8] P. Luckett, J. T. McDonald and J. Dawson. "Neural network analysis of system call timing for rootkit detection," Cybersecurity Symposium (CYBERSEC) (pp. 1-6), April 2016.
  • [9] Ö. Aslan, Ö. "Performance comparison of static malware analysis tools versus antivirus scanners to detect malware," In International Multidisciplinary Studies Congress (IMSC), 2017.
  • [10]Z. Xu, S. Ray, P. Subramanyan and S. Malik. "Malware detection using machine learning based analysis of virtual memory access patterns," In Design, Automation & Test in Europe Conference & Exhibition (DATE), 2017 (pp. 169-174), March 2017.
  • [11] N.A. Rosli, W. Yassin, M. A. Faizal and S. R. Selamat. "Clustering Analysis for Malware Behavior Detection using Registry Data," International Journal of Advanced Computer Science and Applications (IJACSA), 10, 12, 2019.
  • [12] M. B. Bahador, M. Abadi and A. Tajoddin. "HLMD: a signature-based approach to hardware-level behavioral malware detection and classification," The Journal of Supercomputing, 75(8), 5551-5582, 2019.
  • [13] H. Zhang, W. Zhang, Z. Lv, A. K. Sangaiah, T. Huang and N. Chilamkurti. MALDC: "A depth detection method for malware based on behavior chains," World Wide Web, 23(2), 991-1010, 2020.
  • [14] Y. Sun, A. K. Bashir, U. Tariq and F. Xiao. "Effective malware detection scheme based on classified behavior graph in IIoT," Ad Hoc Networks, 102558, 2021.
  • [15] Malware downloading webstie, "https://www.virusign.com/", accessible in 2021.
  • [16] Malware downloading webstie, "https://malshare.com/", accessible in 2021.
  • [17] Malware downloading webstie, "http://www.tekdefense.com/", accessible in 2021.
Toplam 17 adet kaynakça vardır.

Ayrıntılar

Birincil Dil İngilizce
Konular Bilgisayar Yazılımı
Bölüm Makaleler
Yazarlar

Ömer Aslan 0000-0003-0737-1966

Erdal Akin 0000-0002-2223-3927

Yayımlanma Tarihi 31 Ağustos 2022
Gönderilme Tarihi 28 Aralık 2021
Kabul Tarihi 25 Mayıs 2022
Yayımlandığı Sayı Yıl 2022Cilt: 5 Sayı: 2

Kaynak Göster

IEEE Ö. Aslan ve E. Akin, “Malware Detection Method Based on File and Registry Operations Using Machine Learning”, SAUCIS, c. 5, sy. 2, ss. 134–146, 2022, doi: 10.35377/saucis...1049798.
 Kapak Resmi İndir

    Sakarya University Journal of Computer and Information Sciences in Applied Sciences and Engineering: An interdisciplinary journal of information science