Proposing A New Approach for Detecting Malware Based on the Event Analysis Technique
Nguyen Duc Viet1, Dang Dinh Quan2
1Nguyen Duc, Institute of Post and Telecommunications Technology, Hanoi University, Vietnam
2Dang Dinh Quan, Lecturer, Faculty of Information Technology, Hanoi University, Vietnam.
Manuscript received on 12 June 2023 | Revised Manuscript received on 23 June 2023 | Manuscript Accepted on 15 July 2023 | Manuscript published on 30 July 2023 | PP: 21-27 | Volume-12 Issue-8, July 2023 | Retrieval Number: 100.1/ijitee.H96510712823 | DOI: 10.35940/ijitee.H9651.0712823
Open Access | Editorial and Publishing Policies | Cite | Zenodo | Indexing and Abstracting
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC-BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: The attack technique using malware distribution forms is a dangerous, difficult-to-detect, and preventable attack method. Current malware detection studies and proposals often rely on two primary methods: utilising sign sets and analysing abnormal behaviours using machine learning or deep learning techniques. This paper will propose a method to detect malware on Endpoints based on Event IDs using deep learning. Event IDs are behaviours of malware tracked and collected on the operating system kernel of endpoints. The malware detection proposal based on Event IDs represents a new research approach that has not been extensively studied or proposed. To achieve this purpose, this paper proposes combining various data mining methods and deep learning algorithms. The data mining process is presented in detail in Section 2 of the paper.
Keywords: Malware detection; Endpoint; Event analysis technique; deep learning; Doc2Vec
Scope of the Article: Deep learning