'Institute of Electrical and Electronics Engineers (IEEE)'
Abstract
Recently it has been shown, that it is possible to detect malware based on the memory access patterns produced before executions reaches its Entry Point. In this paper, we investigate the usefulness of memory access patterns over time, i.e to what extent can machine learning algorithm trained on “old” data, detect new malware samples, that was not part of the training set and how does this performance change over time. During our experiments, we found that machine learning models trained on memory access patterns of older samples can provide both high accuracy and a high true positive rate for the period from several months to almost a year from the update of the model. We also perform a substantial analysis of our findings that may aid researchers who work with malware and Big Data
