TY - GEN
T1 - MEDUSA
T2 - 4th IEEE International Conference on Collaboration and Internet Computing, CIC 2018
AU - Ahmed, Muhammad Ejaz
AU - Nepal, Surya
AU - Kim, Hyoungshick
N1 - Publisher Copyright:
© 2018 IEEE.
PY - 2018/11/15
Y1 - 2018/11/15
N2 - Traditional malware detection techniques have focused on analyzing known malware samples' codes and behaviors to construct an effective database of malware signatures. In recent times, however, such techniques have inherently exposed limitations in detecting unknown malware samples and maintaining the database up-to-date, as many polymorphic and metamorphic malware samples are newly created and spread very quickly throughout the Internet. To address the limitations of existing signature-based malware scanners, we take a different view and focus on designing a novel malware detection framework, called MEDUSA (MalwarE Detection Using Statistical Analysis of system's behavior), for building a model for a system's behaviors with normal processes. Unlike traditional approaches for malware detection, MEDUSA has the potential to effectively detect unknown malware samples because it is designed to monitor a system's behavior and detect significant changes from the system's normal status. In this paper, we specifically discuss several important considerations that must be taken into account to successfully develop MEDUSA in practice.
AB - Traditional malware detection techniques have focused on analyzing known malware samples' codes and behaviors to construct an effective database of malware signatures. In recent times, however, such techniques have inherently exposed limitations in detecting unknown malware samples and maintaining the database up-to-date, as many polymorphic and metamorphic malware samples are newly created and spread very quickly throughout the Internet. To address the limitations of existing signature-based malware scanners, we take a different view and focus on designing a novel malware detection framework, called MEDUSA (MalwarE Detection Using Statistical Analysis of system's behavior), for building a model for a system's behaviors with normal processes. Unlike traditional approaches for malware detection, MEDUSA has the potential to effectively detect unknown malware samples because it is designed to monitor a system's behavior and detect significant changes from the system's normal status. In this paper, we specifically discuss several important considerations that must be taken into account to successfully develop MEDUSA in practice.
KW - Anomaly detection
KW - Malware detection
KW - System artifacts
KW - System behavior
KW - System profile
UR - https://www.scopus.com/pages/publications/85059739662
U2 - 10.1109/CIC.2018.00044
DO - 10.1109/CIC.2018.00044
M3 - Conference contribution
AN - SCOPUS:85059739662
T3 - Proceedings - 4th IEEE International Conference on Collaboration and Internet Computing, CIC 2018
SP - 272
EP - 278
BT - Proceedings - 4th IEEE International Conference on Collaboration and Internet Computing, CIC 2018
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 18 October 2018 through 20 October 2018
ER -