Malicious File Detection Method Using Machine Learning and Interworking with MITRE ATT&CK Framework
With advances in cyber threats and increased intelligence, incidents continue to occur related to new ways of using new technologies. In addition, as intelligent and advanced cyberattack technologies gradually increase, the limit of inefficient malicious code detection and analysis has been reached,...
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2022-10-01
|
| Series: | Applied Sciences |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2076-3417/12/21/10761 |
| _version_ | 1827647443041255424 |
|---|---|
| author | Gwanghyun Ahn Kookjin Kim Wonhyung Park Dongkyoo Shin |
| author_facet | Gwanghyun Ahn Kookjin Kim Wonhyung Park Dongkyoo Shin |
| author_sort | Gwanghyun Ahn |
| collection | DOAJ |
| description | With advances in cyber threats and increased intelligence, incidents continue to occur related to new ways of using new technologies. In addition, as intelligent and advanced cyberattack technologies gradually increase, the limit of inefficient malicious code detection and analysis has been reached, and inaccurate detection rates for unknown malicious codes are increasing. Thus, this study used a machine learning algorithm to achieve a malicious file detection accuracy of more than 99%, along with a method for visualizing data for the detection of malicious files using the dynamic-analysis-based MITRE ATT&CK framework. The PE malware dataset was classified into Random Forest, Adaboost, and Gradient Boosting models. These models achieved accuracies of 99.3%, 98.4%, and 98.8%, respectively, and malicious file analysis results were derived through visualization by applying the MITRE ATT&CK matrix. |
| first_indexed | 2024-03-09T19:19:11Z |
| format | Article |
| id | doaj.art-886480418be64387b3d157040e393574 |
| institution | Directory Open Access Journal |
| issn | 2076-3417 |
| language | English |
| last_indexed | 2024-03-09T19:19:11Z |
| publishDate | 2022-10-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Applied Sciences |
| spelling | doaj.art-886480418be64387b3d157040e3935742023-11-24T03:32:29ZengMDPI AGApplied Sciences2076-34172022-10-0112211076110.3390/app122110761Malicious File Detection Method Using Machine Learning and Interworking with MITRE ATT&CK FrameworkGwanghyun Ahn0Kookjin Kim1Wonhyung Park2Dongkyoo Shin3Department of Computer Engineering, Sejong University, Seoul 05006, KoreaDepartment of Computer Engineering, Sejong University, Seoul 05006, KoreaDepartment of Information Security Engineering, Sangmyung University, Cheonan 03016, KoreaDepartment of Computer Engineering, Sejong University, Seoul 05006, KoreaWith advances in cyber threats and increased intelligence, incidents continue to occur related to new ways of using new technologies. In addition, as intelligent and advanced cyberattack technologies gradually increase, the limit of inefficient malicious code detection and analysis has been reached, and inaccurate detection rates for unknown malicious codes are increasing. Thus, this study used a machine learning algorithm to achieve a malicious file detection accuracy of more than 99%, along with a method for visualizing data for the detection of malicious files using the dynamic-analysis-based MITRE ATT&CK framework. The PE malware dataset was classified into Random Forest, Adaboost, and Gradient Boosting models. These models achieved accuracies of 99.3%, 98.4%, and 98.8%, respectively, and malicious file analysis results were derived through visualization by applying the MITRE ATT&CK matrix.https://www.mdpi.com/2076-3417/12/21/10761MITRE ATT&CKmalware detectiondynamic analysismachine learning |
| spellingShingle | Gwanghyun Ahn Kookjin Kim Wonhyung Park Dongkyoo Shin Malicious File Detection Method Using Machine Learning and Interworking with MITRE ATT&CK Framework Applied Sciences MITRE ATT&CK malware detection dynamic analysis machine learning |
| title | Malicious File Detection Method Using Machine Learning and Interworking with MITRE ATT&CK Framework |
| title_full | Malicious File Detection Method Using Machine Learning and Interworking with MITRE ATT&CK Framework |
| title_fullStr | Malicious File Detection Method Using Machine Learning and Interworking with MITRE ATT&CK Framework |
| title_full_unstemmed | Malicious File Detection Method Using Machine Learning and Interworking with MITRE ATT&CK Framework |
| title_short | Malicious File Detection Method Using Machine Learning and Interworking with MITRE ATT&CK Framework |
| title_sort | malicious file detection method using machine learning and interworking with mitre att ck framework |
| topic | MITRE ATT&CK malware detection dynamic analysis machine learning |
| url | https://www.mdpi.com/2076-3417/12/21/10761 |
| work_keys_str_mv | AT gwanghyunahn maliciousfiledetectionmethodusingmachinelearningandinterworkingwithmitreattckframework AT kookjinkim maliciousfiledetectionmethodusingmachinelearningandinterworkingwithmitreattckframework AT wonhyungpark maliciousfiledetectionmethodusingmachinelearningandinterworkingwithmitreattckframework AT dongkyooshin maliciousfiledetectionmethodusingmachinelearningandinterworkingwithmitreattckframework |