A Method For Estimating Process Maliciousness With Seq2seq Model
2018 32ND INTERNATIONAL CONFERENCE ON INFORMATION NETWORKING (ICOIN)(2018)
摘要
In recent years, cyber-attacks become more sophisticated and the damage caused by these attacks also becomes serious problem. In these attacks, specially-crafted malware, which utilizes countermeasures such as post execution binary elimination or process injection, is used not to be noticed by a target. Therefore, it is hard to detect malware used in these attacks with binary-dependent method before the intrusion, and the countermeasure after intrusion is required. This paper proposes an infection detection method by estimating maliciousness of processes in Windows machines. In our proposal, we extract feature vector sequence from process behavior captured by Process Monitor with Seq2Seq model at first, and then estimate the process maliciousness by classifying with the other Seq2Seq model. We evaluated the performance of our proposal by 5-fold cross validation and compared the performance with the method using uni-gram feature.
更多查看译文
关键词
Seq2Seq model,cyber-attacks,specially-crafted malware,post execution binary elimination,binary-dependent method,infection detection method,process behavior,process monitor,process maliciousness estimation,cross validation,uni-gram feature
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络