Identifying stealth malware using CPU power consumption and learning algorithms

View/ Open
Date
2018Author
Lucket, Patrick
McDonald, J. Todd
Glisson, William Bradley
Benton, Ryan
Dawson, Joel
Doyle, Blair A.
Metadata
Show full item recordAbstract
With the increased assimilation of technology into all aspects of everyday life, rootkits pose a credible threat to
individuals, corporations, and governments. Using various techniques, rootkits can infect systems and remain undetected for
extended periods of time. This threat necessitates the careful consideration of real-time detection solutions. Behavioral detection
techniques allow for the identification of rootkits with no previously recorded signatures. This research examines a variety of
machine learning algorithms, including Nearest Neighbor, Decision Trees, Neural Networks, and Support Vector Machines, and
proposes a behavioral detection method based on low yield CPU power consumption. The method is evaluated onWindows 10,
Ubuntu Desktop, and Ubuntu Server operating systems along with employing three different rootkits. Relevant features within
the data are calculated and the overall best performing algorithms are identified. A nested neural network is then applied that
enables highly accurate data classification. Our results present a viable method of rootkit detection that can operate in real-time
with minimal computational and space complexity.