Next-generation antivirus endowed with web-server Sandbox applied to audit fileless attack

Sidney M L Lima,Sérgio M M Fernandes,Rafael D T De Lima,Jemerson R De Oliveira,Wellington P Dos Santos,Washington W A Da Silva,Petrônio G Lopes,Thyago De A Monteiro,Edison De Q Albuquerque,Danilo M Souza,Ricardo P Pinheiro,Sthéfano H M T Silva

doi:10.1007/s00500-022-07447-4

Sidney M L Lima, Sérgio M M Fernandes + Show 10 more

Open Access

https://doi.org/10.1007/s00500-022-07447-4

Copy DOI

Abstract

Almost all malwares running on web-server are php codes. Then, the present paper creates a next generation antivirus (NGAV) expert in auditing threats web-based, specifically from php files, in real time. In our methodology, the malicious behaviors, of the personal computer, serve as input attributes of the statistical learning machines. In all, our dynamic feature extraction monitors 11,777 behaviors that the web fileless attack can do when launched directly from a malicious web-server to a listening service in a personal computer. Our NGAV achieves an average 99.95% accuracy in the distinction between benign and malware web scripts. Distinct initial conditions and kernels of neural networks classifiers are investigated in order to maximize the accuracy of our NGAV. Our NGAV can supply the limitations of the commercial antiviruses as for the detection of Web fileless attack. In opposition of analysis of individual events, our engine employs authorial Web-server Sandbox, machine learning, and artificial intelligence in order to identify malicious Web-sites.

Full Text