Abstract
The use of Computer systems to keep track of day to day activities for single-user systems as well as the implementation of business logic in enterprises is the demand of the hour. As it plays a vital role in making available information on one click as well as impacts improvement in business and influences the profit or loss. There is always a possible threat from unauthorized users as well as untrusted or unknown applications. Trivially a host is intended to run with a list of known or trusted applications based on user’s preference. Any application beyond the trusted list can be called as untrusted or unknown application, which is not expected to run on that host. Untrusted applications becomes available to a host from sources like websites, emails, external storage devices etc. Such untrusted programs may be malicious or non-malicious in nature but the presence must be detected, as it is not a trusted program from user’s view point. All such programs may target the system either to steal valuable information or to decrease the system performance without the knowledge of the user of the system. Antimalware vendors provide support to defend the system from malicious programs. They do not include users trusted program list in to consideration. It is also true that new instances of attacks are found very frequently. Hence there is a need for a system which can be self-defending from anomalous activities on the system with reference to a trusted program list. In this paper design of an “Anomalous In-Memory Process detector based on the use of the DLL (Dynamic Link Library) sequence” is proposed, which does accountability of trusted programs intended to run on a particular host and create a knowledgebase of classes of processes with TF-IDF (Term Frequency-Inverse Document Frequency) multinomial logistic regression based learning approach. This knowledgebase becomes useful to map a suspected In-memory process to a class of processes using loaded DLL’s of it. With a cross-validation approach, the suspected process and processes of its predicted class are used to conclude whether it is a trusted, variant of the trusted or untrusted process for that host. Not necessarily the untrusted program is a malware but it may be a program not listed in the trusted program list for the specific host. Hence this work aims to detect anomaly in concern with list of trusted applications based on user’s preference by doing a dynamic analysis on In-memory processes.
Highlights
In the 21st century use of computers is becoming quite obvious in all fields, starting with the banking sector, education sector, health sector, e-commerce, etc
The objective of the system is to detect any deviation in the Inmemory processes of the specific host
Three different multinomial classification approaches considered during evaluation of the process class prediction model where OvR Logistic Regression is proven to be the best performer compared to others
Summary
In the 21st century use of computers is becoming quite obvious in all fields, starting with the banking sector, education sector, health sector, e-commerce, etc. Whether large commercial sectors or small retail counters or individual use of computers increases day by day with the availability of Internet facilities. There are intelligent programmers, who somehow put a piece of code (a small program which is unknown or untrusted) on a computer of interest with an intention of either stealing or misusing the data kept on computers or making computers non operable. Such programs are referred to as malware or potentially unwanted application (PUA). PUA do not have any specific types as they seem to be normal programs but there may a possible threat due to the presence of them
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: International Journal of Advanced Computer Science and Applications
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
