4.7 Article

Learning Fast and Slow: Propedeutica for Real-Time Malware Detection

出版社

IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
DOI: 10.1109/TNNLS.2021.3121248

关键词

Malware; Real-time systems; Detectors; Sun; Software algorithms; Feature extraction; Computational modeling; Deep learning (DL); malware detection; multistage classification; spatial-temporal analysis

资金

  1. National Science Foundation

向作者/读者索取更多资源

Propedeutica is a real-time malware detection framework that combines conventional machine learning and deep learning techniques, utilizing ML classifier for fast detection and DL detector for accuracy. It introduces a novel DL architecture, DeepMalware, to address spatial-temporal dynamics and software execution heterogeneity. With evaluations on malware and benign samples, Propedeutica achieves high accuracy and low false-positive rate.
Existing malware detectors on safety-critical devices have difficulties in runtime detection due to the performance overhead. In this article, we introduce Propedeutica, a framework for efficient and effective real-time malware detection, leveraging the best of conventional machine learning (ML) and deep learning (DL) techniques. In Propedeutica, all software start executions are considered as benign and monitored by a conventional ML classifier for fast detection. If the software receives a borderline classification from the ML detector (e.g., the software is 50% likely to be benign and 50% likely to be malicious), the software will be transferred to a more accurate, yet performance demanding DL detector. To address spatial-temporal dynamics and software execution heterogeneity, we introduce a novel DL architecture (DeepMalware) for Propedeutica with multistream inputs. We evaluated Propedeutica with 9115 malware samples and 1338 benign software from various categories for the Windows OS. With a borderline interval of [30%, 70%], Propedeutica achieves an accuracy of 94.34% and a false-positive rate of 8.75%, with 41.45% of the samples moved for DeepMalware analysis. Even using only CPU, Propedeutica can detect malware within less than 0.1 s.

作者

我是这篇论文的作者
点击您的名字以认领此论文并将其添加到您的个人资料中。

评论

主要评分

4.7
评分不足

次要评分

新颖性
-
重要性
-
科学严谨性
-
评价这篇论文

推荐

暂无数据
暂无数据