Yasamin Alagrash, Nithasha Mohan, Sandhya Rani Gollapalli, J. Rrushi
{"title":"恶意软件检测中用户任务的机器学习和识别","authors":"Yasamin Alagrash, Nithasha Mohan, Sandhya Rani Gollapalli, J. Rrushi","doi":"10.1109/TPS-ISA48467.2019.00018","DOIUrl":null,"url":null,"abstract":"Malware often act on a compromised machine with the identifier of a legitimate user. We analyzed numerous malware and user tasks, and found subtle differences between how the two operate on a machine. We have developed a machine learning approach that characterizes user tasks through their resource utilization. We have found that many routine user tasks retain their resource utilization patterns, despite the occurrence of new dynamics each time a user carries out those tasks. On the other hand, upon landing on a target machine, malware perform a substantial amount of work to explore the machine and discover resources that are of interest to threat actors. Our approach collects live performance counter data from the operating system kernel, and subsequently pre-processes and analyzes those data to learn and then recognize the resource utilization of a task. We develop decoy process mechanisms that camouflage performance counter data to prevent malware from learning the resource utilization of a user task. We tested our approach against both legitimate users in real-world work settings and malware samples, and discuss our findings in the paper.","PeriodicalId":129820,"journal":{"name":"2019 First IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA)","volume":"58 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Machine Learning and Recognition of User Tasks for Malware Detection\",\"authors\":\"Yasamin Alagrash, Nithasha Mohan, Sandhya Rani Gollapalli, J. Rrushi\",\"doi\":\"10.1109/TPS-ISA48467.2019.00018\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Malware often act on a compromised machine with the identifier of a legitimate user. We analyzed numerous malware and user tasks, and found subtle differences between how the two operate on a machine. We have developed a machine learning approach that characterizes user tasks through their resource utilization. We have found that many routine user tasks retain their resource utilization patterns, despite the occurrence of new dynamics each time a user carries out those tasks. On the other hand, upon landing on a target machine, malware perform a substantial amount of work to explore the machine and discover resources that are of interest to threat actors. Our approach collects live performance counter data from the operating system kernel, and subsequently pre-processes and analyzes those data to learn and then recognize the resource utilization of a task. We develop decoy process mechanisms that camouflage performance counter data to prevent malware from learning the resource utilization of a user task. We tested our approach against both legitimate users in real-world work settings and malware samples, and discuss our findings in the paper.\",\"PeriodicalId\":129820,\"journal\":{\"name\":\"2019 First IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA)\",\"volume\":\"58 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 First IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/TPS-ISA48467.2019.00018\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 First IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/TPS-ISA48467.2019.00018","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Machine Learning and Recognition of User Tasks for Malware Detection
Malware often act on a compromised machine with the identifier of a legitimate user. We analyzed numerous malware and user tasks, and found subtle differences between how the two operate on a machine. We have developed a machine learning approach that characterizes user tasks through their resource utilization. We have found that many routine user tasks retain their resource utilization patterns, despite the occurrence of new dynamics each time a user carries out those tasks. On the other hand, upon landing on a target machine, malware perform a substantial amount of work to explore the machine and discover resources that are of interest to threat actors. Our approach collects live performance counter data from the operating system kernel, and subsequently pre-processes and analyzes those data to learn and then recognize the resource utilization of a task. We develop decoy process mechanisms that camouflage performance counter data to prevent malware from learning the resource utilization of a user task. We tested our approach against both legitimate users in real-world work settings and malware samples, and discuss our findings in the paper.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
