Back to Search
Start Over
Learning Fast and Slow: Propedeutica for Real-Time Malware Detection
- Source :
- IEEE Transactions on Neural Networks and Learning Systems; 2022, Vol. 33 Issue: 6 p2518-2529, 12p
- Publication Year :
- 2022
-
Abstract
- Existing malware detectors on safety-critical devices have difficulties in runtime detection due to the performance overhead. In this article, we introduce P<sc>ropedeutica</sc>, a framework for efficient and effective real-time malware detection, leveraging the best of conventional machine learning (ML) and deep learning (DL) techniques. In P<sc>ropedeutica</sc>, all software start executions are considered as benign and monitored by a conventional ML classifier for fast detection. If the software receives a borderline classification from the ML detector (e.g., the software is 50% likely to be benign and 50% likely to be malicious), the software will be transferred to a more accurate, yet performance demanding DL detector. To address spatial–temporal dynamics and software execution heterogeneity, we introduce a novel DL architecture (D<sc>eep</sc>M<sc>alware</sc>) for P<sc>ropedeutica</sc> with multistream inputs. We evaluated P<sc>ropedeutica</sc> with 9115 malware samples and 1338 benign software from various categories for the Windows OS. With a borderline interval of [30%, 70%], P<sc>ropedeutica</sc> achieves an accuracy of 94.34% and a false-positive rate of 8.75%, with 41.45% of the samples moved for D<sc>eep</sc>M<sc>alware</sc> analysis. Even using only CPU, P<sc>ropedeutica</sc> can detect malware within less than 0.1 s.
Details
- Language :
- English
- ISSN :
- 2162237x and 21622388
- Volume :
- 33
- Issue :
- 6
- Database :
- Supplemental Index
- Journal :
- IEEE Transactions on Neural Networks and Learning Systems
- Publication Type :
- Periodical
- Accession number :
- ejs59826379
- Full Text :
- https://doi.org/10.1109/TNNLS.2021.3121248