A Malware Detection Method for Health Sensor Data Based on Machine Learning

Abstract

Traditional signature-based malware detection approaches are sensitive to small changes in the malware code. Currently, most malware programs are adapted from existing programs. Hence, they share some common patterns but have different signatures. To health sensor data, it is necessary to identify the malware pattern rather than only detect the small changes. However, to detect these health sensor data in malware programs timely, we propose a fast detection strategy to detect the patterns in the code with machine learning-based approaches. In particular, XGBoost, LightGBM and Random Forests will be exploited in order to analyze the code from health sensor data. The codes are fed into them as sequences of bytes/tokens or just as a single byte/token (e.g. 1-, 2-, 3-, or 4-grams). Terabytes of program with labels, including benign and malware programs, have been collected. The challenges of this task are to select and get the features, modify the three models in order to train and test the dataset, which consists of health sensor data, and evaluate the features and models. When a malware program is detected by one model, its pattern will be broadcast to the other models, which will prevent malware program from intrusion effectively.