User behavior analysis for malware detection

Abstract

The rise in cyber-attacks and cyber-crime is causing more and more organizations and individuals to consider the correct implementation of their security systems. The consequences of a security breach can be devastating, ranging from loss of public confidence to bankruptcy. Traditional techniques for detecting and stopping malware rely on building a database of known signatures using known samples of malware. However, these techniques are not very effective at detecting zero-day exploits because there are no samples in their malware signature databases. To address this challenge, our work proposes a novel approach to malware detection using machine learning techniques. Our solution provides a two-fold contribution, on the one hand, our training the model does not require any kind of malware, as it creates a user profile using only normal user behavior data, detecting malware by identifying deviations from this profile. On the other hand, as we shall see, our solution is able to dynamically train the model using only six sessions to minimize false positives. As a consequence, our model can quickly and effectively detect zero-day malware and other unknown threats without previous knowledge. The proposed approach is evaluated using real-world datasets, and different machine learning algorithms are compared to evaluate their performance in detecting unknown threats. The results show that the proposed approach is effective in detecting malware, achieving high accuracy and low false positive rates.

This work was partially funded by IRIS Artificial Intelligence Threat Reporting and Incident Response System (H2020-101021727).

Peer Reviewed

Postprint (author's final draft)