Abstract
The use of innovative and sophisticated malware definitions poses a serious threat to computer-based information systems. Such malware is adaptive to the existing security solutions and often works without detection. Once malware completes its malicious activity, it self-destructs and leaves no obvious signature for detection and forensic purposes. The detection of such sophisticated malware is very challenging and a non-trivial task because of the malware’s new patterns of exploiting vulnerabilities. Any security solutions require an equal level of sophistication to counter such attacks. In this paper, a novel reinforcement model based on Monte-Carlo simulation called eRBCM is explored to develop a security solution that can detect new and sophisticated network malware definitions. The new model is trained on several kinds of malware and can generalize the malware detection functionality. The model is evaluated using a benchmark set of malware. The results prove that eRBCM can identify a variety of malware with immense accuracy.
Highlights
As the Internet has become essential in our life, the number of users who use internet services such as e-commerce and e-banking, has increased rapidly
The rest of this paper is organized as follows: Section 2 presents the various approaches adopted to detect and analyze network malware; Section 3 describes our motivations and contributions; Section 4 provides a short introduction to Monte-Carlo-based real-time learning (MOCART); Section 5 illustrates the enhancements to our previous approach (RBCM) [14], made to avoid converging to local minima in the search spaces with a narrow range of values in an observation dataset; Section 6 shows the experimental set-up and compares the performance of eRBCM with its state-of-the-art rivals; and Section 7 presents our conclusions and future work
While random forest had a higher CC than other models, its performance lacked consistency in relation to accuracy due to the complex nature of malware patterns
Summary
As the Internet has become essential in our life, the number of users who use internet services such as e-commerce and e-banking, has increased rapidly. Millions of new definitions are generated daily to exploit the vulnerabilities and compromise commercial information systems [2] To overcome this severe threat, security companies such as Kaspersky and Symantec have introduced several anti-malware products to protect individuals and companies [2]. Referencing all the different malware has become a complex task because of the enormous increase in the number of malware programs, making it difficult to find lasting solutions These limitations have made it necessary to explore intelligent approaches that are flexible and adaptable in detecting unknown malware. Most of the new intelligent approaches to malware detection are trained using the selective features of known malware that can represent malware in its best form. The rest of this paper is organized as follows: Section 2 presents the various approaches adopted to detect and analyze network malware; Section 3 describes our motivations and contributions; Section 4 provides a short introduction to MOCART; Section 5 illustrates the enhancements to our previous approach (RBCM) [14], made to avoid converging to local minima in the search spaces with a narrow range of values in an observation dataset; Section 6 shows the experimental set-up and compares the performance of eRBCM with its state-of-the-art rivals; and Section 7 presents our conclusions and future work
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
