Go to ISCC 2023 homepageDevice Behavioral Profiling for Autonomous Protection Using Deep Neural Networks
Abstract: Demand for autonomous protection in computing devices can not go unnoticed with an enormous increase in cyber attacks. Consequently, cybersecurity measures to continuously monitor and analyze device critical activity, identify suspicious behavior, and proactively mitigate security risks are highly desirable. In this article, a concept of behavioral profiling is described to distinguish between benign and malicious software by observing a system's internal resource usage on Windows devices. We rely on the Windows built-in event tracing mechanism to log processes' critical interactions for a given amount of time that are converted into structured data using a graph data structure. After that, we extract features from the generated graphs to analyze a process behavior using a deep neural network. Finally, we evaluate our prototype on a collected dataset that contains one thousand benign and malicious samples each and achieve an accuracy of ≈ 90%.
0 Replies
Loading