Abstract
Demand for autonomous protection in computing devices can not go unnoticed with an enormous increase in cyberattacks. Consequently, cybersecurity measures to continuously monitor and analyze device critical activity, identify suspicious behavior, and proactively mitigate security risks are highly desirable. In this article, a concept of behavioral profiling is described to distinguish between benign and malicious software by observing a system’s internal resource usage on Windows devices. We rely on the Windows built-in event tracing mechanism to log processes’ critical interactions for a given amount of time that are converted into structured data using a graph data structure.
After that, we extract features from the generated graphs to analyze a process behavior using a deep neural network. Finally, we evaluate our prototype on a collected dataset that contains one thousand benign and malicious samples each and achieve an accuracy of ≈ 90%.
After that, we extract features from the generated graphs to analyze a process behavior using a deep neural network. Finally, we evaluate our prototype on a collected dataset that contains one thousand benign and malicious samples each and achieve an accuracy of ≈ 90%.
| Original language | English |
|---|---|
| Title of host publication | 2023 IEEE symposium on computers and communications (ISCC): proceedings |
| DOIs | |
| Publication status | Published - 09 Jul 2023 |
| Externally published | Yes |