Drive-by-download malware detection in hosts by analyzing system resource utilization using one class support vector machines

Abstract

Drive-by-Download is an unintentional download of a malware on to a user system. Detection of drive-by-download based malware infection in a host is a challenging task, due to the stealthy nature of this attack. The user of the system is not aware of the malware infection occurred as it happens in the background. The signature based antivirus systems are not able to detect zero-day malware. Most of the detection has been performed either from the signature matching or by reverse engineering the binaries or by running the binaries in a sandbox environment. In this paper, we propose One Class SVM based supervised learning method to detect the drive-by-download infection. The features comprises of system RAM and CPU utilization details. The experimental setup to collect data contains machine specification matching 4 user profiles namely Designer, Gamer, Normal User and Student. The experimental system proposed in this paper was evaluated using precision, recall and F-measure.