This research paper introduces PARIS, a novel system designed for real-time detection of malicious behavior in Windows environments. The authors highlight the increasing sophistication of cyberattacks, particularly Advanced Persistent Threats (APTs), which often employ stealth tactics to evade traditional detection methods.
Existing static analysis methods are limited in their ability to detect obfuscated or polymorphic malware, while traditional dynamic monitoring approaches struggle with high overhead and evasion techniques. PARIS addresses these challenges by leveraging Event Tracing for Windows (ETW) to selectively collect and analyze maliciousness-related API call stacks, significantly reducing data overhead while maintaining high detection accuracy.
The researchers developed a prototype of PARIS and evaluated its performance in real-world settings using both benign and malicious datasets. They assessed system overhead, accuracy of behavior recognition, and the impact of different models and parameters.
PARIS represents a significant advancement in real-time malware detection by effectively balancing the trade-off between overhead and accuracy. Its ability to identify malicious behaviors in real-time with minimal system impact makes it a valuable tool for enhancing cybersecurity posture.
The authors acknowledge the reliance on the assumption that ETW remains uncompromised. Future research could explore methods to enhance the resilience of PARIS against potential attacks targeting the ETW framework. Additionally, expanding the system's capabilities to encompass other operating systems beyond Windows would broaden its applicability.
To Another Language
from source content
arxiv.org
Key Insights Distilled From
by Jian Wang, L... at arxiv.org 11-05-2024
https://arxiv.org/pdf/2411.01273.pdfDeeper Inquiries