Automatic malware detection given changes to file systems

Authors

  • Saketh Ayyagari Science & Engineering Magnet Program, Manalapan High School
  • Sanath Kumar Commvault

Keywords:

malware detection, SQL, intenship, Commvault, directory metadata, traffic analysis, deviations, anomalies

Abstract

When malware gains access to an operating system, it can detrimentally affect it by altering a user's files in different directories. By monitoring whether the number of changes that occur in a specific time interval deviate from user patterns, one can infer the presence of a potential anomaly or piece of malware, prompting a user to take action against it. To automate this detection process, timestamps of directory metadata were collected in a specific time interval and compiled into a Structured Query Language (SQL) database. Once collected, the database is analyzed by an anomaly detection script, which utilizes a statistical model to return potential anomalies by detecting deviations from regular user patterns. Once these potential anomalies are flagged, they are compared with other timestamps to ensure those flagged are neither caused by user or regularly-scheduled patterns. 

Downloads

Published

2025-01-27 — Updated on 2025-01-28

Issue

Vol. 1 No. 3 (2025): Science and Engineering Senior Projects and Internships, Semester I, 2025-01-28

Section

Abstracts

License

Copyright (c) 2025 Journal of Science & Engineering

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

How to Cite

Ayyagari, S., & Kumar, S. (2025). Automatic malware detection given changes to file systems. Journal of Science & Engineering , 1(3), 60. http://34.172.72.90/index.php/jse/article/view/46