Neural Network Based Malware and Suspicious Activities Detection Based on User Activity

No Thumbnail Available



Journal Title

Journal ISSN

Volume Title


Addis Ababa University


Malware is a software program specially designed to disrupt, damage, or gain unauthorized access to a computer system. The number and types of malwares are increasing in alarming rate since the first time the word malware or virus has been heard. Currently there are more than half a million malwares produced in every day. In order to protect computers from such attack different methodologies have been proposed and implemented. However, none of the solutions are able to give absolute cure for malwares. In this work, another method to protect personal computers from any kind of malware by learning user activity is presented. The premise of the proposed solution is based on ‘human activity is repetitive behavior in nature’. So, this repetitive behavior can be used to differentiate normal application programs the user usually uses in its computer and new arriving programs or intruders. There is a newly developed dataset collection mechanism presented in this paper which will help to record the user activity of the user while using its computer. Using the collected user activity or datasets the neural network algorithm trained. After training, each computer will have its own neural network model. During testing, dataset collector program will capture a running program and evaluate using the neural network model trained by the dataset collected from the same computer. Based on the evaluation output, the specific running program will be categorized as malware or normal application process. In this research, the experiment has conducted in three different computers in order to understand if this approach will help to relate human activity with the program they used and the resource consumed during execution. From the experiment conducted based on ten days of knowledge (dataset), the proposed approach able to predict whether the running process is malware or normal application with 82%, 75% and 69% of accuracy for three different experiments. From this experiment, the proposed approach can be applied to detect malware programs.



Malware, Neural Network, Suspicious Activities Detection, User Activity