Automated Detection of Malware Activities Using Nonnegative Matrix Factorization

Chansu Han, Jun'ichi Takeuchi, Takeshi Takahashi, Daisuke Inoue

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

Malware is increasingly diversified and sophisti-cated. It is essential to rapidly and accurately detect malware activities when malware infection spreads. However, accurately distinguishing potential malware activities from countless indis-criminate scanning attacks is a huge challenge. In this study, we introduce Dark-NMF, a darknet analysis engine using Non-negative Matrix Factorization (NMF). Dark-NMF focuses on synchronizing the spatiotemporal features seen when malware infection spreads and detects abnormally synchronous spatial features (source hosts and destination ports) automatically in near real-time. Dark-NMF measures the synchronization of spatial features by decomposing spatiotemporal patterns from darknet traffic using NMF. We tuned the hyperparameters of Dark- Nmfand evaluated the detection performance of malware activities against the performance of existing methods such as GLASSO and ChangeFinder using a human-labeled ground truth. We found that Dark-NMF detects all malware activities that should be detected in the ground truth without a miss. We also showed that Dark- Nmfhas many advantages over existing methods and provided a highly practical operation guideline. Consequently, Dark-NMF is expected to contribute as threat intelligence information for rapid response to malware activity.

Original languageEnglish
Title of host publicationProceedings - 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2021
EditorsLiang Zhao, Neeraj Kumar, Robert C. Hsu, Deqing Zou
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages548-556
Number of pages9
ISBN (Electronic)9781665416580
DOIs
Publication statusPublished - 2021
Event20th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2021 - Shenyang, China
Duration: Oct 20 2021Oct 22 2021

Publication series

NameProceedings - 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2021

Conference

Conference20th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2021
Country/TerritoryChina
CityShenyang
Period10/20/2110/22/21

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Information Systems
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Automated Detection of Malware Activities Using Nonnegative Matrix Factorization'. Together they form a unique fingerprint.

Cite this