System Call-Based Detection of Malicious Processes

Authors

Raymond Canzanese, Drexel University College of Engineering
Spiros Mancoridis, College of Computing & Informatics
Moshe Kam, Newark College of Engineering

Document Type

Conference Proceeding

Publication Date

9-21-2015

Abstract

System call analysis is a behavioral malware detection technique that is popular due to its promising detection results and ease of implementation. This study describes a system that uses system call analysis to detect malware that evade traditional defenses. The system monitors executing processes to identify compromised hosts in production environments. Experimental results compare the effectiveness of multiple feature extraction strategies and detectors based on their detection accuracy at low false positive rates. Logistic regression and support vector machines consistently outperform log-likelihood ratio and signature detectors as processing and detection methods. A feature selection study indicates that a relatively small set of system call 3-grams provide detection accuracy comparable to that of more complex models. A case study indicates that the detection system performs well against a variety of malware samples, benign workloads, and host configurations.

Identifier

84962074638 (Scopus)

ISBN

[9781467379892]

Publication Title

Proceedings 2015 IEEE International Conference on Software Quality Reliability and Security Qrs 2015

External Full Text Location

https://doi.org/10.1109/QRS.2015.26

First Page

119

Last Page

124

Grant

CNS-1228847

Fund Ref

National Science Foundation

Recommended Citation

Canzanese, Raymond; Mancoridis, Spiros; and Kam, Moshe, "System Call-Based Detection of Malicious Processes" (2015). Faculty Publications. 6781.
https://digitalcommons.njit.edu/fac_pubs/6781