A Two-stage Malware Detection Architecture Inspired by Human Immune System




                          Mohammed A. F. Salah, Mohd Fadzli Marhusin & Rossilawati Sulaiman


                                                          Abstract



               Malware  sophistication  is  on  the  rise  and  continue  being  a  serious  threat  against
               privacy,  availability  and  integrity  of  information.  This  paper  proposed  an  architecture
               which consist of two detectors. The first detector observes for malware in general. It will
               classify an executable if whether it is benign or malign and updates its Knowledge Base
               dynamically. The second detector is a specialized one, aiming to detect ransomware via
               its deep scan capability. This detector will be activated if the first detector senses the
               presence  of  ransomware  pre-execution  activities.  The  detector  will  decide  whether  a
               program  is  a  ransomware  or  not  and  dynamically  update  its  Knowledge  Base
               dynamically.




























                                                                                                           18