Malware is one of the most serious network security threats. To detect unknown variants of malware, many researches have proposed various methods of malware detection based on machine learning in recent years. However, modern malware is often protected by software packers, obfuscation, and other technologies, which bring challenges to malware analysis and detection. In this paper, we propose a system call based malware detection technology. By comparing malware and benign software in a sandbox environment, a sensitive system call context is extracted based on information gain, which reduces obfuscation caused by a normal system call. By using the deep belief network, we train a malware detection model with sensitive system call context to improve the detection accuracy.
In order to solve the problem of insufficient use of sequence information and low detection efficiency of traditional anomaly detection methods, this paper introduces Markov chain into user behaviour sequence detection, and proposes a description based on Markov chain and support vector data field ( SVDD) User Behaviour Sequence Detection Method (ASDMS), which first uses the Markov chain to accurately quantify the user behaviour sequence, then constructs the user’s normal behaviour sequence model based on the support vector data field description model, and identifies the user anomaly behaviour. The experimental results show that the ASDMS method has better performance and timeliness than the traditional abnormal behaviour detection method.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.