Abstract
The complex computing systems employed by governments, corporations, and other institutions are frequently targeted by cyber-attacks designed for espionage and sabotage. The malicious software used in such attacks are typically custom-designed or obfuscated to avoid detection by traditional antivirus software. Our goal is to create a malware detection system that can quickly and accurately detect such otherwise difficult-to-detect malware. We pose the problem of malware detection as a multi-channel change-point detection problem, wherein the goal is to identify the point in time when a system changes from a known clean state to an infected state. We present a host-based malware detection system designed to run at the hyper visor level, monitoring hyper visor and guest operating system sensors and sequentially determining whether the host is infected. We present a case study wherein the detection system is used to detect various types of malware on an active web server under heavy computational load.
Original language | English (US) |
---|---|
Pages | 70-79 |
Number of pages | 10 |
DOIs | |
State | Published - 2013 |
Externally published | Yes |
Event | 7th International Conference on Software Security and Reliability, SERE 2013 - Gaithersburg, MD, United States Duration: Jun 18 2013 → Jun 20 2013 |
Other
Other | 7th International Conference on Software Security and Reliability, SERE 2013 |
---|---|
Country/Territory | United States |
City | Gaithersburg, MD |
Period | 6/18/13 → 6/20/13 |
All Science Journal Classification (ASJC) codes
- Software
- Safety, Risk, Reliability and Quality
Keywords
- behavioral detection
- change detection
- change-point detection
- malware
- multi-channel
- quickest detection