Malware, a diverse category of software specifically engineered to compromise devices, poses a serious threat to the security of computer systems and networks. Traditional malware detection methods, such as signature-based or behavior-based, rely on predefined patterns or manual analysis of mal ware characteristics or behaviors. However, these methods are ineffective against new or unknown malware, as they cannot recognize malware that does not match the existing patterns or profiles. Machine learning (ML) methods, on the other hand, can learn from data to detect malware based on complex patterns, without requiring prior knowledge or human intervention. In this paper, we propose and apply an anomaly detection approach on Programmable Executable files to detect and prevent malware installation. We evaluated our approach on a publicly available dataset, namely, Blue Hexagon Qpen Dataset for Malware AnalysiS (BODMAS) dataset using three classifiers, KNearest Neighbor, Support Vector Machine, and Random Forest to identify anomalies in the PE files. RF outperformed its counterparts and yielded highest accuracy of 99.73% with zero False Positive Rate.

Malware Detection using Anomaly Detection Algorithms

Attaullah Buriro
Writing – Original Draft Preparation
;Flaminia Luccio
Membro del Collaboration Group
2024-01-01

Abstract

Malware, a diverse category of software specifically engineered to compromise devices, poses a serious threat to the security of computer systems and networks. Traditional malware detection methods, such as signature-based or behavior-based, rely on predefined patterns or manual analysis of mal ware characteristics or behaviors. However, these methods are ineffective against new or unknown malware, as they cannot recognize malware that does not match the existing patterns or profiles. Machine learning (ML) methods, on the other hand, can learn from data to detect malware based on complex patterns, without requiring prior knowledge or human intervention. In this paper, we propose and apply an anomaly detection approach on Programmable Executable files to detect and prevent malware installation. We evaluated our approach on a publicly available dataset, namely, Blue Hexagon Qpen Dataset for Malware AnalysiS (BODMAS) dataset using three classifiers, KNearest Neighbor, Support Vector Machine, and Random Forest to identify anomalies in the PE files. RF outperformed its counterparts and yielded highest accuracy of 99.73% with zero False Positive Rate.
2024
In Proceedings of the Fifteenth International Conference on Ubiquitous and Future Networks (ICUFN), Budapest, Hungary, 2024, pp. 330-335
4.1 Articolo in Atti di convegno
File in questo prodotto:
File Dimensione Formato  
Malware_Detection_using_Anomaly_Detection_Algorithms.pdf

non disponibili

Tipologia: Versione dell'editore
Licenza: Copyright dell'editore
Dimensione 225.27 kB
Formato Adobe PDF
  Visualizza/Apri
225.27 kB Adobe PDF   Visualizza/Apri

I documenti in ARCA sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/10278/5068483
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 1
  • ???jsp.display-item.citation.isi??? ND
social impact