User behavior analysis for malware detection

The rise in cyber-attacks and cyber-crime is causing more and more organizations and individuals to consider the correct implementation of their security systems. The consequences of a security breach can be devastating, ranging from loss of public confidence to bankruptcy. Traditional techniques fo...

ver descrição completa

Detalhes bibliográficos
Autores: Dumitrasc, Valentina, Serral Gracià, René|||0000-0003-2112-0952
Tipo de documento: capítulo de livro
Data de publicação:2024
País:España
Recursos:Universitat Politècnica de Catalunya (UPC)
Repositório:UPCommons. Portal del coneixement obert de la UPC
Idioma:inglês
OAI Identifier:oai:upcommons.upc.edu:2117/459485
Acesso em linha:https://hdl.handle.net/2117/459485
https://dx.doi.org/10.1007/978-3-031-54129-2_6
Access Level:Acceso aberto
Palavra-chave:Machine learning
Malware detection
User behavior
Analysis
Autoencoder
Àrees temàtiques de la UPC::Informàtica::Seguretat informàtica
Àrees temàtiques de la UPC::Informàtica::Intel·ligència artificial::Aprenentatge automàtic
Descrição
Resumo:The rise in cyber-attacks and cyber-crime is causing more and more organizations and individuals to consider the correct implementation of their security systems. The consequences of a security breach can be devastating, ranging from loss of public confidence to bankruptcy. Traditional techniques for detecting and stopping malware rely on building a database of known signatures using known samples of malware. However, these techniques are not very effective at detecting zero-day exploits because there are no samples in their malware signature databases. To address this challenge, our work proposes a novel approach to malware detection using machine learning techniques. Our solution provides a two-fold contribution, on the one hand, our training the model does not require any kind of malware, as it creates a user profile using only normal user behavior data, detecting malware by identifying deviations from this profile. On the other hand, as we shall see, our solution is able to dynamically train the model using only six sessions to minimize false positives. As a consequence, our model can quickly and effectively detect zero-day malware and other unknown threats without previous knowledge. The proposed approach is evaluated using real-world datasets, and different machine learning algorithms are compared to evaluate their performance in detecting unknown threats. The results show that the proposed approach is effective in detecting malware, achieving high accuracy and low false positive rates.