Identifying stealth malware using CPU power consumption and learning algorithms

Luckett, Patrick; McDonald, J. Todd; Glisson, William Bradley; Benton, Ryan; Dawson, Joel; Doyle, Blair A.

doi:10.3233/jcs-171060

Cited by 11 publications

(4 citation statements)

References 36 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…[37] described a network time analysis approach for monitoring performance changes caused by hardware virtualization, with the goal of detecting the hardware virtualization rootkit. [11,39] identify rootkits by using power-based malware detection on general-purpose computers and [19,39,61] use machine learning (ML) and deep learning (DL) to perform a behavioral detection method based on CPU power consumption. Gibraltar [6] and Copilot [49] leverage direct memory access (DMA) via physical PCI to separately detect rootkit in kernel memory from another machine.…”

Section: Related Workmentioning

confidence: 99%

ULTRA: Ultimate Rootkit Detection over the Air

Pham

Marion

Heuser

2022

Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses

View full text Add to dashboard Cite

HAL is a multi-disciplinary open access archive for the deposit and dissemination of scientific research documents, whether they are published or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers. L'archive ouverte pluridisciplinaire HAL, est destinée au dépôt et à la diffusion de documents scientifiques de niveau recherche, publiés ou non, émanant des établissements d'enseignement et de recherche français ou étrangers, des laboratoires publics ou privés.

show abstract

Section: Related Workmentioning

confidence: 99%

ULTRA: Ultimate Rootkit Detection over the Air

Pham

Marion

Heuser

2022

Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses

View full text Add to dashboard Cite

show abstract

“…Luckett et al [19] have proposed in their study the emulator checks environment attributes-API discrepancy, time difference and Inconsistencies-in CPU instructions execution mechanism-this was done using an emulator-those attributes may deduce the information about an antivirus [19].…”

Section: Literature Reviewmentioning

confidence: 99%

A Malware Obfuscation AI Technique to Evade Antivirus Detection in Counter Forensic Domain

Mawgoud

Rady

Tawfik

2020

Enabling AI Applications in Data Science

View full text Add to dashboard Cite

“…While academicians are interested in detecting malicious activity [17,[30][31], opportunities abound to improve Android malware detection accuracy in commercial AV. Zhou and Jiang [7] evaluated Android malware detection using the following antivirus programs: AVG Antivirus Free v2.9 (AVG), Lookout Security & Antivirus v6.9 (or Lookout), Norton Mobile Security Lite v2.5.0.379 (Norton), and TrendMicro Mobile Security Personal Edition v2.0.0.1294 (TrendMicro).…”

Section: Introductionmentioning

confidence: 99%

Machine Learning-Based Android Malware Detection Using Manifest Permissions

McDonald¹,

Herron²,

Glisson³

et al. 2021

Proceedings of the Annual Hawaii International Conference on System Sciences

Self Cite

View full text Add to dashboard Cite

The Android operating system is currently the most prevalent mobile device operating system holding roughly 54 percent of the total global market share. Due to Android's substantial presence, it has gained the attention of those with malicious intent, namely, malware authors. As such, there exists a need for validating and improving current malware detection techniques. Automated detection methods such as anti-virus programs are critical in protecting the wide variety of Android-powered mobile devices on the market. This research investigates effectiveness of four different machine learning algorithms in conjunction with features selected from Android manifest file permissions to classify applications as malicious or benign. Case study results, on a test set consisting of 5,243 samples, produce accuracy, recall, and precision rates above 80%. Of the considered algorithms (Random Forest, Support Vector Machine, Gaussian Naïve Bayes, and K-Means), Random Forest performed the best with 82.5% precision and 81.5% accuracy.

show abstract

Identifying stealth malware using CPU power consumption and learning algorithms

Cited by 11 publications

References 36 publications

ULTRA: Ultimate Rootkit Detection over the Air

ULTRA: Ultimate Rootkit Detection over the Air

A Malware Obfuscation AI Technique to Evade Antivirus Detection in Counter Forensic Domain

Machine Learning-Based Android Malware Detection Using Manifest Permissions

Contact Info

Product

Resources

About