![]() ![]() First and foremost, measures should be taken to prevent these attacks. ![]() Therefore, it has become of a paramount importance for organizations to implement robust security policies in order to protect sensitive data from being compromised. Nowadays, it is web applications that are being used to access sensitive information, hence, they have become a preferred target for attackers through which to try and access sensitive data. These attacks can cause huge damage to various governmental, non-governmental, healthcare, financial and other organizations. The experimental results show that the proposed approach outperforms existing solutions in detecting six (6) families of malware: the detection accuracy of Sub-Curve HMM is over 94% compared to 83% for the baseline HMM approach and 73% for Information Gain.Ĭyber-attacks are happening with an ever-increasing frequency to organizations with the goal of gaining access to their sensitive information. By projecting a sequence of matching score into a curve, our approach discriminates malicious actions using discontinuities in the slope of the curve. Malicious and benign activities gain different matching scores over an adjoining set of API calls. Sequences of API calls are used to train HMMs and test the likelihood of matching to the model. This paper proposes the Sub-Curve HMM feature extraction approach that focuses on matching subsets of activities from the running processes that potentially lead to data exfiltration incidents. Substantial performance degradation can occur during the detection when a long sequence of APIs is used. Additionally, existing solutions require a whole picture of a program’s actions, and hence a small chunk of activities is much harder to detect. However, an obfuscation technique could insert minimal data stealing code into a large set of legitimate instructions, which makes the detector ineffective. ![]() Based on dynamic program’s behavior monitoring, existing solutions have shown that the Hidden Markov Model (HMM) is efficient in detecting malware using sequences of API calls. Malicious software (Malware) plays an important role in penetrating and extracting sensitive information. ![]()
0 Comments
Leave a Reply. |