Rhode, Matilda
2021.
Racing demons: Malware detection in early execution.
PhD Thesis,
Cardiff University.
Item availability restricted. |
Preview |
PDF (Matilda Rhode PhD Thesis)
- Accepted Post-Print Version
Available under License Creative Commons Attribution Non-commercial No Derivatives. Download (4MB) | Preview |
![[thumbnail of Cardiff University Electronic Publication Form]](https://orca.cardiff.ac.uk/style/images/fileicons/application_pdf.png) |
PDF (Cardiff University Electronic Publication Form)
- Supplemental Material
Restricted to Repository staff only Download (222kB) |
Abstract
Malicious software (malware) causes increasingly devastating social and financial losses each year. As such, academic and commercial research has been directed towards automatically sorting malicious software from benign software. Machine learning (ML)has been widely proposed to address this challenge in an attempt to move away from the time consuming practice of hand-writing detection rules. Building on the promising results of previous ML malware detection research, this thesis focuses on the use of dynamic behavioural data captured from malware activity, arguing that dynamic models are more robust to attacker evasion techniques than code-based detection methods. This thesis seeks to address some of the open problems that security practitioners may face in adopting dynamic behavioural automatic malware detection. First, the reliability in performance of different data sources and algorithms when translating lab-oratory results into real-world use; this has not been analysed in previous dynamic detection literature. After highlighting that the best-performing data and algorithm in the laboratory may not be the best-performing in the real world, the thesis turns to one of the main criticisms of dynamic data: the time taken to collect it. In previous research, dynamic detection is often conducted for several minutes per sample, making it incompatible with the speed of code-based detection. This thesis presents the first model of early-stage malware prediction using just a few seconds of collected data. Finally, building on early-stage detection in an isolated environment, real-time detection on a live machine in use is simulated. Real-time detection further reduces the computational costs of dynamic analysis. This thesis further presents the first results of the damage prevention using automated malware detection and process killing during normal machine use.
| Item Type: | Thesis (PhD) |
|---|---|
| Date Type: | Completion |
| Status: | Unpublished |
| Schools: | Computer Science & Informatics |
| Subjects: | Q Science > QA Mathematics > QA75 Electronic computers. Computer science |
| Funders: | Engineering and Physical Sciences Research Council (EPSRC) (iCASE grant), Airbus (iCASE grant) |
| Date of First Compliant Deposit: | 6 July 2022 |
| Date of Acceptance: | 30 June 2022 |
| Last Modified: | 14 Jul 2022 13:02 |
| URI: | https://orca.cardiff.ac.uk/id/eprint/151083 |
Actions (repository staff only)
 |
Edit Item |
Download Statistics
Download Statistics
Cardiff University Information Services