Automatic malware detection given changes to file systems
Keywords:
malware detection, SQL, intenship, Commvault, directory metadata, traffic analysis, deviations, anomaliesAbstract
When malware gains access to an operating system, it can detrimentally affect it by altering a user's files in different directories. By monitoring whether the number of changes that occur in a specific time interval deviate from user patterns, one can infer the presence of a potential anomaly or piece of malware, prompting a user to take action against it. To automate this detection process, timestamps of directory metadata were collected in a specific time interval and compiled into a Structured Query Language (SQL) database. Once collected, the database is analyzed by an anomaly detection script, which utilizes a statistical model to return potential anomalies by detecting deviations from regular user patterns. Once these potential anomalies are flagged, they are compared with other timestamps to ensure those flagged are neither caused by user or regularly-scheduled patterns.
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Journal of Science & Engineering
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
