Content area

Abstract

Translate

The rapid increase in new malware necessitates effective detection methods. While machine learning techniques have shown promise for malware detection, most research focuses on identifying malware through the content of executable files or full behavior logs collected from process start to finish. However, detecting threats like ransomware via full logs is redundant, as this malware type openly informs users of the infection. To address this, we present LEDA, a novel malware detection architecture designed to monitor process behavior during execution and to identify malicious actions in real time. LEDA dynamically learns the most relevant features for detection and optimally triggers model evaluations to minimize the performance impact perceived by users. We evaluated LEDA using a dataset of Windows malware and legitimate applications collected over a year, examining our model’s temporal decay in effectiveness.

Details

1009240
Subject
Operating systems;
Machine learning;
Malware;
Algorithms;
Artificial intelligence;
Sensors;
Ransomware
Business indexing term
Identifier / keyword
real-time malware detection; process behavior monitoring; machine learning; malware detection architecture
Title
LEDA—Layered Event-Based Malware Detection Architecture
Author
Radu, Marian Portase 1   VIAFID ORCID Logo  ; Raluca Laura Portase 2   VIAFID ORCID Logo  ; Colesa, Adrian 1   VIAFID ORCID Logo  ; Sebestyen, Gheorghe 2   VIAFID ORCID Logo 

 Computer Science Department, Technical University of Cluj Napoca, 400114 Cluj Napoca, Romania; Bitdefender, 060071 Bucharest, Romania 
 Computer Science Department, Technical University of Cluj Napoca, 400114 Cluj Napoca, Romania 
Publication title
Sensors; Basel
Volume
24
Issue
19
First page
6393
Publication year
2024
Publication date
2024
Publisher
MDPI AG
Place of publication
Basel
Country of publication
Switzerland
Publication subject
Biology--Biochemistry, Chemistry--Analytical Chemistry
e-ISSN
14248220
Source type
Scholarly Journal
Language of publication
English
Document type
Journal Article
Publication history
 
 
Online publication date
2024-10-02
Milestone dates
2024-08-14 (Received); 2024-09-30 (Accepted)
Publication history
 
 
   First posting date
02 Oct 2024
DOI
https://doi.org/10.3390/s24196393
ProQuest document ID
3116692920
Document URL
https://www.proquest.com/scholarly-journals/leda-layered-event-based-malware-detection/docview/3116692920/se-2?accountid=208611
Copyright
© 2024 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.
Last updated
2024-10-15
Database
ProQuest One Academic