Enterprise Malware Detection using Digital Forensic Artifacts and Machine Learning

Authors: ,

Abstract: Malware detection is a complex task. Numerous log aggregation solutions and intrusion detection systems can help find anomalies within a host or a network and detect intrusions, but they require precise calibration, skilled analysts, and cutting-edge technology. In addition, processing host-based data is challenging, as every log, event, and configuration can be analyzed. In order to obtain trusted information about a host state, the analysis of a computer’s memory can be performed, but obtaining the data from acquisition and performing the analysis can be challenging. To address this limitation, this paper proposes to collect artifacts within a network environment. This approach involves remotely gathering memory-based and disk-based artifacts from a simulated enterprise network using Velociraptor. The data was then processed using three machine learning algorithms to detect the malware samples against regular user activity generated with a user simulation tool for added realism. With this method, Random Forest and Support Vector Machine achieved a perfect classification of 41 malware samples.

WSEAS Transactions on Computer Research, ISSN / E-ISSN: 1991-8755 / 2415-1521, Volume 12, 2024, Art. #33

PDF
• HTML
DOI
XML
Cite
×
Citation Tools
WSEAS AMA
Mathieu Drolet, Vincent Roberge, "Enterprise Malware Detection using Digital Forensic Artifacts and Machine Learning," WSEAS Transactions on Computer Research, vol. 12, pp. 336-347, 2024, DOI:10.37394/232018.2024.12.33
Mathieu Drolet, Vincent Roberge. Enterprise Malware Detection using Digital Forensic Artifacts and Machine Learning. WSEAS Transactions on Computer Research. 2024;12:336-347. 10.37394/232018.2024.12.33
Copy to Clipboard
Citation copied to Clipboard

Certification

---