Graphite: Real-Time Graph-Based Detection of Malware Attacks on Windows Systems
Guardado en:
| Publicado en: | ProQuest Dissertations and Theses (2025) |
|---|---|
| Autor principal: | |
| Publicado: |
ProQuest Dissertations & Theses
|
| Materias: | |
| Acceso en línea: | Citation/Abstract Full Text - PDF |
| Etiquetas: |
Sin Etiquetas, Sea el primero en etiquetar este registro!
|
| Resumen: | Advanced malware attacks often employed sophisticated tactics such as DLL injection, script-based attacks, and the exploitation of zero-day vulnerabilities. As evidenced by the recent high-profile cyber attacks, these techniques have enabled attackers to infiltrate computer systems that were thought to be well-protected. Thus, there is an urgent need to enhance current malware defenses with advanced Artificial Intelligence (AI) techniques that can effectively detect in real-time the elusive traces of malware attacks concealed within the extensive realm of normal activities. This project introduces Graphite, a graph-based approach for real-time detection of advanced malware attacks based on the event data collected from Event Tracing for Windows (ETW). Graphite first abstracts various entities and their relationships embodied within system events into computation graphs, which are amenable to graph-based machine learning methods. As a computation graph can be gigantic, making real-time malware detection inefficient, we project the graph into smaller graphlets, which are then subsequently fed into our graph-based approach to detect malicious activities. We have also developed a multi-label classification approach using an ensemble of classifier chains to identify different malware types. Our experimental results show that Graphite achieves high classification accuracy in both offline and real-time malware detection. |
|---|---|
| ISBN: | 9798290966908 |
| Fuente: | ProQuest Dissertations & Theses Global |