Rajvardhan Patil,Wei Deng

DOI: https://doi.org/10.1109/southeastcon44009.2020.9368268

2020-01-01

Abstract:In this era, where the volume and diversity of malware is rising exponentially, new techniques need to be employed for faster and accurate identification of the malwares. Manual heuristic inspection of malware analysis are neither effective in detecting new malware, nor efficient as they fail to keep up with the high spreading rate of malware. Machine learning approaches have therefore gained momentum. They have been used to automate static and dynamic analysis investigation where malware having similar behavior are clustered together, and based on the proximity unknown malwares get classified to their respective families. Although many such research efforts have been conducted where data-mining and machine-learning techniques have been applied, in this paper we show how the accuracy can further be improved using deep learning networks. As deep learning offers superior classification by constructing neural networks with a higher number of potentially diverse layers it leads to improvement in automatic detection and classification of the malware variants.In this research, we present a framework which extracts various feature-sets such as system calls, operational codes, sections, and byte codes from the malware files. In the experimental and result section, we compare the accuracy obtained from each of these features and demonstrate that feature vector for system calls yields the highest accuracy. The paper concludes by showing how deep learning approach performs better than the traditional shallow machine learning approaches.

Yajie Dong,Zhenyan Liu,Yida Yan,Yong Wang,Tu Peng,Ji Zhang

DOI: https://doi.org/10.1007/978-3-319-64701-2_28

2017-01-01

Abstract:The Internet has become an indispensable part of people's work and life. It provides favorable communication conditions for malwares. Therefore, malwares are endless and spread faster and become one of the main threats of current network security. Based on the malware analysis process, from the original feature extraction and feature selection to malware detection, this paper introduces the machine learning algorithm such as clustering, classification and association analysis, and how to use the machine learning algorithm to malware and its variants for effective analysis.

Yangyang Meng,Honglin Zhuang,Zhechao Lin,Yetao Jia

DOI: https://doi.org/10.1109/cisai54367.2021.00158

2021-09-01

Abstract:Under the background of massive malware, traditional methods of malware analysis can no longer efficiently meet the task of malware analysis. The development of machine learning technologies has effectively solved this problem. In recent years, machine learning and deep learning technologies have been gradually applied to the detection of malicious software. Machine learning-based malware classification has become a research hotspot in the field of malware detection. As an overview of machine learning-based detection and classification of malware, we analyze and summarize the system framework of malware detection and classification, introduce the basic categories of malware features and main classifiers of malware detection and classification, and propose a basic framework and technical architecture of feature processing technologies. Then, we summarize some issues and challenges faced by the current malware detection-related work. Finally, we discuss some potential research directions of machine learning-based detection and classification of malware from three aspects.

Huijuan Wang,Boyan Cui,Quanbo Yuan,Ruonan Shi,Mengying Huang

DOI: https://doi.org/10.1016/j.neucom.2024.128010

IF: 6

2024-06-16

Neurocomputing

Abstract:With the popularization of computer technology, the number of malware has increased dramatically in recent years. Some malware can threaten the network security of users by downloading and installing, and even spreading widely on the Internet, causing consequences such as private data leakage in the operating system, extortion, and network paralysis. In order to deal with these threats, researchers analyze malicious samples through various analysis techniques, which are usually divided into static and dynamic analysis based on the principle of whether the code needs to be executed or not. This paper analyzes in detail several classical methods of feature extraction in malware detection techniques. With the technological development of artificial intelligence, deep learning is gradually being introduced into malware detection, which does not require the identification of professional security personnel and greatly improves the generalization ability of detection. In the paper, text-based detection methods, image visualization-based detection, and graph structure-based detection techniques are reviewed according to different feature extraction methods. In addition, the paper compares 26 datasets that have been commonly used in recent years applied in the research field and explains the main contents and specifications of the datasets. Finally, a summary and outlook of the malware research field is given.

computer science, artificial intelligence

Mathew Ashik,A. Jyothish,S. Anandaram,P. Vinod,Francesco Mercaldo,Fabio Martinelli,Antonella Santone

DOI: https://doi.org/10.3390/electronics10141694

IF: 2.9

2021-07-15

Electronics

Abstract:Malware is one of the most significant threats in today’s computing world since the number of websites distributing malware is increasing at a rapid rate. Malware analysis and prevention methods are increasingly becoming necessary for computer systems connected to the Internet. This software exploits the system’s vulnerabilities to steal valuable information without the user’s knowledge, and stealthily send it to remote servers controlled by attackers. Traditionally, anti-malware products use signatures for detecting known malware. However, the signature-based method does not scale in detecting obfuscated and packed malware. Considering that the cause of a problem is often best understood by studying the structural aspects of a program like the mnemonics, instruction opcode, API Call, etc. In this paper, we investigate the relevance of the features of unpacked malicious and benign executables like mnemonics, instruction opcodes, and API to identify a feature that classifies the executable. Prominent features are extracted using Minimum Redundancy and Maximum Relevance (mRMR) and Analysis of Variance (ANOVA). Experiments were conducted on four datasets using machine learning and deep learning approaches such as Support Vector Machine (SVM), Naïve Bayes, J48, Random Forest (RF), and XGBoost. In addition, we also evaluate the performance of the collection of deep neural networks like Deep Dense network, One-Dimensional Convolutional Neural Network (1D-CNN), and CNN-LSTM in classifying unknown samples, and we observed promising results using APIs and system calls. On combining APIs/system calls with static features, a marginal performance improvement was attained comparing models trained only on dynamic features. Moreover, to improve accuracy, we implemented our solution using distinct deep learning methods and demonstrated a fine-tuned deep neural network that resulted in an F1-score of 99.1% and 98.48% on Dataset-2 and Dataset-3, respectively.

engineering, electrical & electronic,computer science, information systems,physics, applied

Daniel Gibert,Carles Mateu,Jordi Planes

DOI: https://doi.org/10.1016/j.jnca.2019.102526

IF: 7.574

2020-03-01

Journal of Network and Computer Applications

Abstract:The struggle between security analysts and malware developers is a never-ending battle with the complexity of malware changing as quickly as innovation grows. Current state-of-the-art research focus on the development and application of machine learning techniques for malware detection due to its ability to keep pace with malware evolution. This survey aims at providing a systematic and detailed overview of machine learning techniques for malware detection and in particular, deep learning techniques. The main contributions of the paper are: (1) it provides a complete description of the methods and features in a traditional machine learning workflow for malware detection and classification, (2) it explores the challenges and limitations of traditional machine learning and (3) it analyzes recent trends and developments in the field with special emphasis on deep learning approaches. Furthermore, (4) it presents the research issues and unsolved challenges of the state-of-the-art techniques and (5) it discusses the new directions of research. The survey helps researchers to have an understanding of the malware detection field and of the new developments and directions of research explored by the scientific community to tackle the problem.

computer science, interdisciplinary applications, software engineering, hardware & architecture

Liu,Bao-sheng Wang,Bo Yu,Qiu-xi Zhong

DOI: https://doi.org/10.1631/fitee.1601325

IF: 2.526

2017-01-01

Frontiers of Information Technology & Electronic Engineering

Abstract:The explosive growth of malware variants poses a major threat to information security. Traditional anti-virus systems based on signatures fail to classify unknown malware into their corresponding families and to detect new kinds of malware programs. Therefore, we propose a machine learning based malware analysis system, which is composed of three modules: data processing, decision making, and new malware detection. The data processing module deals with gray-scale images, Opcode n-gram, and import functions, which are employed to extract the features of the malware. The decision-making module uses the features to classify the malware and to identify suspicious malware. Finally, the detection module uses the shared nearest neighbor (SNN) clustering algorithm to discover new malware families. Our approach is evaluated on more than 20 000 malware instances, which were collected by Kingsoft, ESET NOD32, and Anubis. The results show that our system can effectively classify the unknown malware with a best accuracy of 98.9%, and successfully detects 86.7% of the new malware.

Daniele Ucci,Leonardo Aniello,Roberto Baldoni

DOI: https://doi.org/10.1016/j.cose.2018.11.001

2019-03-01

Abstract:Coping with malware is getting more and more challenging, given their relentless growth in complexity and volume. One of the most common approaches in literature is using machine learning techniques, to automatically learn models and patterns behind such complexity, and to develop technologies to keep pace with malware evolution. This survey aims at providing an overview on the way machine learning has been used so far in the context of malware analysis in Windows environments, i.e. for the analysis of Portable Executables. We systematize surveyed papers according to their objectives (i.e., the expected output), what information about malware they specifically use (i.e., the features), and what machine learning techniques they employ (i.e., what algorithm is used to process the input and produce the output). We also outline a number of issues and challenges, including those concerning the used datasets, and identify the main current topical trends and how to possibly advance them. In particular, we introduce the novel concept of malware analysis economics, regarding the study of existing trade-offs among key metrics, such as analysis accuracy and economical costs.

computer science, information systems

Muhammad Shoaib Akhtar,Tao Feng

DOI: https://doi.org/10.3390/s23020946

IF: 3.9

2023-01-14

Sensors

Abstract:This research study mainly focused on the dynamic malware detection. Malware progressively changes, leading to the use of dynamic malware detection techniques in this research study. Each day brings a new influx of malicious software programmes that pose a threat to online safety by exploiting vulnerabilities in the Internet. The proliferation of harmful software has rendered manual heuristic examination of malware analysis ineffective. Automatic behaviour-based malware detection using machine learning algorithms is thus considered a game-changing innovation. Threats are automatically evaluated based on their behaviours in a simulated environment, and reports are created. These records are converted into sparse vector models for use in further machine learning efforts. Classifiers used to synthesise the results of this study included kNN, DT, RF, AdaBoost, SGD, extra trees and the Gaussian NB classifier. After reviewing the test and experimental data for all five classifiers, we found that the RF, SGD, extra trees and Gaussian NB Classifier all achieved a 100% accuracy in the test, as well as a perfect precision (1.00), a good recall (1.00), and a good f1-score (1.00). Therefore, it is reasonable to assume that the proof-of-concept employing autonomous behaviour-based malware analysis and machine learning methodologies might identify malware effectively and rapidly.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Dr. P. Sruthi,Dr. Y. Ambica,Thumula Pranay Krishna Kumar,Thota Ajitha,Nilagiri Venkat Prasad

DOI: https://doi.org/10.22214/ijraset.2024.59911

2024-04-30

International Journal for Research in Applied Science and Engineering Technology

Abstract:Abstract: In the modern era of technology, malicious software, or malware, holds a serious security hazard as computer users, businesses, and governments see an uptick in malware attacks. In attempts to identify unknown malware, current malware detection solutions use dynamic as well as static examination of malware signatures and behavior patterns, which takes time and is unsuccessful. Modern malware employs evasive strategies such as metamorphosis and polymorphism to rapidly alter its actions and produce a multitude of variants. Machine learning algorithms (MLAs) are being used more and more to do an efficient malware analysis because new malware is primarily versions of current malware. Extensive feature engineering, feature learning, and feature representation are needed for this. It is likely to fully eliminate the feature engineering stage by utilizing sophisticated MLAs like deep learning. Even though there have been a few fresh investigations in the field, the algorithms' performance is skewed by the training set. It is a prerequisite to reduce bias and figure out these techniques holistically in order to develop new, improved techniques for successful zero-day malware detection. This paper fills a vacuum in the literature by comparing and contrasting deep learning architectures with standard MLAs for malware detection, classification, and categorization using public and private datasets. The public and private dataset’s train and test splits, which were gathered during distinctly different periods, are not connected to one another in the experimental study. Furthermore, we provide a new method of image processing with ideal parameters for deep learning architectures and MLAs. In response to a thorough scientific assessment of these methodologies, deep learning architectures perform more efficiently than traditional MLAs. All in all, our work suggests a scalable and multimodal deep learning system for real-time malware detection through visual means. An improved technique for successful zero-day malware detection is the visualization and deep learning architectures for static, dynamic, and image processing based blended methods in a big data environment.

Dr. Pradeep Kumar

DOI: https://doi.org/10.22214/ijraset.2024.58295

2024-02-29

International Journal for Research in Applied Science and Engineering Technology

Abstract:Abstract: Malware, derived from "Malicious software," is a comprehensive term encompassing any software intentionally crafted to disrupt, damage, or illicitly access computer systems. It's critical to determine whether a file includes malware. The increase in malware is causing a lot of problems for businesses, including data loss and other problems. Malware can swiftly inflict significant damage to a system by slowing it down and encrypting a sizable amount of data on a personal computer. This suggests that lowering the number of false positives is important. A comprehensive description of the adaptable framework for machine learning algorithms may be found in this study. It is possible to detect malware with these methods. The justification for this is that these algorithms simplify the process of distinguishing between files that are infected with malware and those that are not. Modern antivirus and anti-malware tools offer effective protection against various malware attacks. Nevertheless, due to the constantly changing landscape of malicious activities, it is imperative to curate an up-to-date database of previous malware instances. This repository serves as a valuable resource for anticipating the characteristics of future attacks and facilitating swift responses. Different machine learning methods, including decision trees and random forests, are used in our malware detection process. The method with the highest accuracy is chosen, giving the system an excellent detection ratio. Additionally, the confusion matrix is used to calculate the false positive and false negative rates, which is how the system's performance is determined.

Ting Liu,Xiaohong Guan,Yu Qu,Yanan Sun

DOI: https://doi.org/10.1007/978-3-642-24403-2_14

2011-01-01

Abstract:In recent years, millions of new malicious programs are produced by Pa mature industry of malware production. These programs have tremendous challenges on the signature-based anti-virus products and pose great threats on network and information security. Machine learning techniques are applicable for detecting unknown malicious programs without knowing their signatures. In this paper, a Layered Detection (LD) method is developed to detect malwares with a two-layer framework. The Low-Level-Classifiers (LLC) are employed to identify whether the programs perform any malicious functions according to the API-calls of the programs. The Up-level-Classifier (ULC) is applied to detect malwares according to the low level function identification. The LD method is compared with many classical classification algorithms with comprehensive test datasets containing 16135 malwares and 1800 benign programs. The experiments demonstrate that the LD method outperforms other algorithms in terms of detection accuracy.

Muhammad Shoaib Akhtar,Tao Feng

DOI: https://doi.org/10.3390/sym14112304

2022-11-04

Symmetry

Abstract:One of the most significant issues facing internet users nowadays is malware. Polymorphic malware is a new type of malicious software that is more adaptable than previous generations of viruses. Polymorphic malware constantly modifies its signature traits to avoid being identified by traditional signature-based malware detection models. To identify malicious threats or malware, we used a number of machine learning techniques. A high detection ratio indicated that the algorithm with the best accuracy was selected for usage in the system. As an advantage, the confusion matrix measured the number of false positives and false negatives, which provided additional information regarding how well the system worked. In particular, it was demonstrated that detecting harmful traffic on computer systems, and thereby improving the security of computer networks, was possible using the findings of malware analysis and detection with machine learning algorithms to compute the difference in correlation symmetry (Naive Byes, SVM, J48, RF, and with the proposed approach) integrals. The results showed that when compared with other classifiers, DT (99%), CNN (98.76%), and SVM (96.41%) performed well in terms of detection accuracy. DT, CNN, and SVM algorithms' performances detecting malware on a small FPR (DT = 2.01%, CNN = 3.97%, and SVM = 4.63%,) in a given dataset were compared. These results are significant, as malicious software is becoming increasingly common and complex.

Matthew G. Gaber,Mohiuddin Ahmed,Helge Janicke

DOI: https://doi.org/10.1145/3638552

IF: 16.6

2023-12-28

ACM Computing Surveys

Abstract:In this survey, we review the key developments in the field of malware detection using AI and analyze core challenges. We systematically survey state-of-the-art methods across five critical aspects of building an accurate and robust AI powered malware detection model: malware sophistication, analysis techniques, malware repositories, feature selection and machine learning vs deep learning. The effectiveness of an AI model is dependent on the quality of the features it is trained with. In turn, the quality and authenticity of these features is dependent on the quality of the dataset and the suitability of the analysis tool. Static analysis is fast but is limited by the widespread use of obfuscation. Dynamic analysis is not impacted by obfuscation but is defeated by ubiquitous anti-analysis techniques and requires more computational power. Sophisticated and evasive malware is challenging to extract authentic discriminatory features from and combined with poor quality datasets this can lead to a situation where a model achieves high accuracy with only one specific dataset.

computer science, theory & methods

Xiangyu Han,Fusheng Jin,Runan Wang,Shuliang Wang,Ye Yuan

DOI: https://doi.org/10.1016/j.neucom.2020.02.131

IF: 6

2020-01-01

Neurocomputing

Abstract:Classification and distinguishing of malware is key to predict the malicious attack, which is essential in self-driving systems. In order to handle large number of malware variants, many machine learning methods have been proposed. However, the accuracy and efficiency of multiple class classification of malware still remained inadequate to meet demand. In this paper, we propose a 4-LFE method to deal with the issues above. We extract multi-features from malicious programs by combining pixel and n-gram features. In the process of feature selection, we apply L1-L2 penalty into the Logistic Regression, then use LDA to reduce dimensions of malware features. Based on the selected features, we study the performance of classification on ten machine learning algorithms. We assess our approach’s precision on a public dataset consisting 10,868 malware samples. Experimental results show our method could classify malware to their family with accuracy of 99.99%.

S. Soja Rani,S. R. Reeja

DOI: https://doi.org/10.1007/978-3-030-34515-0_42

2019-11-07

Abstract:Malwares are increasing in volume and variety, by posing a big threat to digital world and is one of the major alarms over the past few years for the security in industries. They can penetrate networks, steal confidential information from computers, bring down servers and can cripple infrastructures. Traditional Anti-Intrusion Detection/Intrusion prevention system and anti-virus softwares follow signature based methods which makes the detection of unknown or zero day malwares almost impossible. This issue can be solved by more sophisticated mechanisms in which, static and dynamic malware analysis can be used together with machine learning algorithms for classifying and detecting malware. Through this paper we present a survey on the different techniques for concealment and obfuscation used to make sophisticated malware as well as the different approaches used in malware detection and analysis.

GAO Yang,WANG Li-wei,REN Wang,XIE Feng,MO Xiao-feng,LUO Xiong,WANG Wei-ping,YANG Xi

DOI: https://doi.org/10.13374/j.issn2095-9389.2019.09.16.005

2020-01-01

Abstract:Due to the popularity of intelligent mobile devices, malwares in the internet have seriously threatened the security of industrial control systems. Increasing number of malware attacks has become a major concern in the information security community. Currently, with the increase of malware variants in a wide range of application fields, some technical challenges must be addressed to detect malwares and achieve security protection in industrial control systems. Although many traditional solutions have been developed to provide effective ways of detecting malwares, some current approaches have their limitations in intelligently detecting and recognizing malwares, as more complex malwares exist. Given the success of machine learning methods and techniques in data analysis applications, some advanced algorithms can also be applied in the detection and analysis of complex malwares. To detect malwares and consider the advantages of machine learning algorithms, we developed a detection framework for malwares that threatens the network security of industrial control systems through the combination of an advanced machine learning algorithm, i.e., reinforcement learning. During the implementation process, according to the actual needs of malware behavior detection, key modules including feature extraction, policy, and classification networks were designed on the basis of the intelligent features of reinforcement learning algorithms in relation to sequence decision and dynamic feedback learning. Moreover, the training algorithms for the above key modules were presented while providing the detailed functional analysis and implementation framework. In the application experiments, after preprocessing the actual dataset of malwares, the developed method was tested and the satisfactory classification performance for malware was achieved that verified the efficiency and effectiveness of the reinforcement learning-based method. This method can provide an intelligent decision aid for general malware behavior detection.

Amir Djenna,Ahmed Bouridane,Saddaf Rubab,Ibrahim Moussa Marou

DOI: https://doi.org/10.3390/sym15030677

2023-03-09

Symmetry

Abstract:Malware, a lethal weapon of cyber attackers, is becoming increasingly sophisticated, with rapid deployment and self-propagation. In addition, modern malware is one of the most devastating forms of cybercrime, as it can avoid detection, make digital forensics investigation in near real-time impossible, and the impact of advanced evasion strategies can be severe and far-reaching. This makes it necessary to detect it in a timely and autonomous manner for effective analysis. This work proposes a new systematic approach to identifying modern malware using dynamic deep learning-based methods combined with heuristic approaches to classify and detect five modern malware families: adware, Radware, rootkit, SMS malware, and ransomware. Our symmetry investigation in artificial intelligence and cybersecurity analytics will enhance malware detection, analysis, and mitigation abilities to provide resilient cyber systems against cyber threats. We validated our approach using a dataset that specifically contains recent malicious software to demonstrate that the model achieves its goals and responds to real-world requirements in terms of effectiveness and efficiency. The experimental results indicate that the combination of behavior-based deep learning and heuristic-based approaches for malware detection and classification outperforms the use of static deep learning methods.

multidisciplinary sciences

Sanjay Sharma,C. Rama Krishna,Sanjay K. Sahay

DOI: https://doi.org/10.48550/arXiv.1903.02966

2019-03-07

Abstract:In today's digital world most of the anti-malware tools are signature based which is ineffective to detect advanced unknown malware viz. metamorphic malware. In this paper, we study the frequency of opcode occurrence to detect unknown malware by using machine learning technique. For the purpose, we have used kaggle Microsoft malware classification challenge dataset. The top 20 features obtained from fisher score, information gain, gain ratio, chi-square and symmetric uncertainty feature selection methods are compared. We also studied multiple classifier available in WEKA GUI based machine learning tool and found that five of them (Random Forest, LMT, NBT, J48 Graft and REPTree) detect malware with almost 100% accuracy.

Cryptography and Security,Machine Learning

Ömer Aslan

DOI: https://doi.org/10.3390/electronics12081861

IF: 2.9

2023-04-15

Electronics

Abstract:The increased usage of the Internet raises cyber security attacks in digital environments. One of the largest threats that initiate cyber attacks is malicious software known as malware. Automatic creation of malware as well as obfuscation and packing techniques make the malicious detection processes a very challenging task. The obfuscation techniques allow malware variants to bypass most of the leading literature malware detection methods. In this paper, a more effective malware detection system is proposed. The goal of the study is to detect traditional as well as new and complex malware variants. The proposed approach consists of three modules. Initially, the malware samples are collected and analyzed by using dynamic malware analysis tools, and execution traces are collected. Then, the collected system calls are used to create malware behaviors as well as features. Finally, a proposed deep learning methodology is used to effectively separate malware from benign samples. The deep learning methodology consists of one input layer, three hidden layers, and an output layer. In hidden layers, 500, 64, and 32 fully connected neurons are used in the first, second, and third hidden layers, respectively. To keep the model simple as well as obtain optimal solutions, we have selected three hidden layers in which neurons are decreasing in the following subsequent layers. To increase the model performance and use more important features, various activation functions are used. The test results show that the proposed system can effectively detect the malware with more than 99% DR, f-measure, and 99.80 accuracy, which is substantially high when compared with other methods. The proposed system can recognize new malware variants that could not be detected with signature, heuristic, and some behavior-based detection techniques. Further, the proposed system has performed better than the well-known methods that are mentioned in the literature based on the DR, precision, recall, f-measure, and accuracy metrics.

engineering, electrical & electronic,computer science, information systems,physics, applied