Muhammad Shoaib Akhtar,Tao Feng

DOI: https://doi.org/10.3390/sym14112304

2022-11-04

Symmetry

Abstract:One of the most significant issues facing internet users nowadays is malware. Polymorphic malware is a new type of malicious software that is more adaptable than previous generations of viruses. Polymorphic malware constantly modifies its signature traits to avoid being identified by traditional signature-based malware detection models. To identify malicious threats or malware, we used a number of machine learning techniques. A high detection ratio indicated that the algorithm with the best accuracy was selected for usage in the system. As an advantage, the confusion matrix measured the number of false positives and false negatives, which provided additional information regarding how well the system worked. In particular, it was demonstrated that detecting harmful traffic on computer systems, and thereby improving the security of computer networks, was possible using the findings of malware analysis and detection with machine learning algorithms to compute the difference in correlation symmetry (Naive Byes, SVM, J48, RF, and with the proposed approach) integrals. The results showed that when compared with other classifiers, DT (99%), CNN (98.76%), and SVM (96.41%) performed well in terms of detection accuracy. DT, CNN, and SVM algorithms' performances detecting malware on a small FPR (DT = 2.01%, CNN = 3.97%, and SVM = 4.63%,) in a given dataset were compared. These results are significant, as malicious software is becoming increasingly common and complex.

Rajvardhan Patil,Wei Deng

DOI: https://doi.org/10.1109/southeastcon44009.2020.9368268

2020-01-01

Abstract:In this era, where the volume and diversity of malware is rising exponentially, new techniques need to be employed for faster and accurate identification of the malwares. Manual heuristic inspection of malware analysis are neither effective in detecting new malware, nor efficient as they fail to keep up with the high spreading rate of malware. Machine learning approaches have therefore gained momentum. They have been used to automate static and dynamic analysis investigation where malware having similar behavior are clustered together, and based on the proximity unknown malwares get classified to their respective families. Although many such research efforts have been conducted where data-mining and machine-learning techniques have been applied, in this paper we show how the accuracy can further be improved using deep learning networks. As deep learning offers superior classification by constructing neural networks with a higher number of potentially diverse layers it leads to improvement in automatic detection and classification of the malware variants.In this research, we present a framework which extracts various feature-sets such as system calls, operational codes, sections, and byte codes from the malware files. In the experimental and result section, we compare the accuracy obtained from each of these features and demonstrate that feature vector for system calls yields the highest accuracy. The paper concludes by showing how deep learning approach performs better than the traditional shallow machine learning approaches.

Wanyu Li,Hailiang Tang,Hailin Zhu,Wenxiao Zhang,Chen Liu

DOI: https://doi.org/10.1016/j.cose.2024.103752

IF: 5.105

2024-02-14

Computers & Security

Abstract:The cyber ecosystem is facing severe threats from malware attacks, making it imperative to detect malware to safeguard a purified Internet environment. However, current studies primarily concentrate on examining the time-based correlation between APIs for malware detection while neglecting the contextual associations derived from API categories, resulting in inadequate detection performance. In this paper, we present TS-Mal, a novel Mal ware detection model incorporated T emporal and S tructural features learning. Particularly, TS-Mal first designs a temporal vector learning method to automatically capture the evolving representation from the non-repetitive API sequences, which can efficiently pursue the attack preferences of malware. Then TS-Mal introduces heterogeneous graphs to model the interactive relationships between APIs and presents a dense-interactive structural embedding approach to generate the fine-grained API structural representation, which is capable of utilizing API category interaction information to boost detection effectiveness. Finally, TS-Mal simultaneously integrates temporal and structural attack features to accurately identify the unknown malware, effectively defending against new malware attacks. Experimental results on real-world datasets demonstrate that our proposed TS-Mal model outperforms existing state-of-the-art methods.

computer science, information systems

Muhammad Shoaib Akhtar,Tao Feng

DOI: https://doi.org/10.3390/s23020946

IF: 3.9

2023-01-14

Sensors

Abstract:This research study mainly focused on the dynamic malware detection. Malware progressively changes, leading to the use of dynamic malware detection techniques in this research study. Each day brings a new influx of malicious software programmes that pose a threat to online safety by exploiting vulnerabilities in the Internet. The proliferation of harmful software has rendered manual heuristic examination of malware analysis ineffective. Automatic behaviour-based malware detection using machine learning algorithms is thus considered a game-changing innovation. Threats are automatically evaluated based on their behaviours in a simulated environment, and reports are created. These records are converted into sparse vector models for use in further machine learning efforts. Classifiers used to synthesise the results of this study included kNN, DT, RF, AdaBoost, SGD, extra trees and the Gaussian NB classifier. After reviewing the test and experimental data for all five classifiers, we found that the RF, SGD, extra trees and Gaussian NB Classifier all achieved a 100% accuracy in the test, as well as a perfect precision (1.00), a good recall (1.00), and a good f1-score (1.00). Therefore, it is reasonable to assume that the proof-of-concept employing autonomous behaviour-based malware analysis and machine learning methodologies might identify malware effectively and rapidly.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Pascal Maniriho,Abdun Naser Mahmood,Mohammad Jabed Morshed Chowdhury

DOI: https://doi.org/10.1016/j.future.2021.11.030

IF: 7.307

2022-05-01

Future Generation Computer Systems

Abstract:There has been an increasing trend of malware release, which raises the alarm for security professionals worldwide. It is often challenging to stay on top of different types of malware and their detection techniques, which are essential, particularly for researchers and the security community. Analysing malware to get insights into what it intends to perform on the victim’s system is one of the crucial steps towards malware detection. Malware analysis can be performed through static analysis, code analysis, dynamic analysis, memory analysis and hybrid analysis techniques. The next step to malware analysis is the detection model’s design using malware’s extracted patterns from the analysis. Machine learning and deep learning methods have drawn attention to researchers, owing to their ability to implement sophisticated malware detection models that can deal with known and unknown malicious activities. Therefore, this survey presents a comprehensive study and analysis of current malware and detection techniques using the snowball approach. It presents a comprehensive study on malware analysis testbeds, dynamic malware analysis and memory analysis, the taxonomy of malware behaviour analysis tools, datasets repositories, feature selection, machine learning and deep learning techniques. Moreover, comparisons of behaviour-based malware detection techniques have been grouped by categories of machine learning and deep learning techniques. This study also looks at various performance evaluation metrics, current research challenges in this area and possible future direction of research.

Thomas Davies

DOI: https://doi.org/10.48550/arXiv.2202.08037

2022-02-16

Cryptography and Security

Abstract:In cybersecurity it is often the case that malicious or anomalous activity can only be detected by combining many weak indicators of compromise, any one of which may not raise suspicion when taken alone. The path that such indicators take can also be critical. This makes the problem of analysing cybersecurity data particularly well suited to Topological Data Analysis (TDA), a field that studies the high level structure of data using techniques from algebraic topology, both for exploratory analysis and as part of a machine learning workflow. By introducing TDA and reviewing the work done on its application to cybersecurity, we hope to highlight to researchers a promising new area with strong potential to improve cybersecurity data science.

Ahmed Alghamdi

DOI: https://doi.org/10.52783/cana.v31.1476

2024-09-02

Abstract:The growing sophistication of malware in exisiting environment poses tough demands on its detection methods of another kind. This paper introduces a framework for cyber security improvement, a means to solve strongly the probability issue of how to determine the behavior algorithmically in your system. This research is applied to malware detection systems based on methods (Support Vector Machines, Random Forest) and Neural Networks that are robust against deception. Statistical analysis of security threats and a review of current methods used for malware detection are given at its outset. The proposed framework, with its statistical framework analysis, looks for patterns and anomalies that indicate malice. It then integrates cryptographic techniques onto data transmission, computation processes; that the core of our system remains untouched by potential disturbances. The concept is further elaborated with open-source code from the field, Machine Learning (SVM, Random Forest, Neural Networks), As if with this variety of tools we can now detect and classify types of malware that generate irregular patterns but do not necessarily resemble known signatures at all. Such a hybrid security mechanism as described here, combining the best of statistics, cryptographic security, and machine learning, gives a precision of detection beyond compare to today's systems. The experiments show large gains in both detection accuracy and response speed, demonstrating this whole-element approach's potential to better safeguard cybersecurity in all manner of fields. It may be foreseen that this proposed line of research could well become a key new tool, capable of adaptation and expansion with the needs expanding around us.

Xia Xiao-Ling,Ding Yu-Xin,Jiang Jing-Zhi,Zeng Rong

DOI: https://doi.org/10.1109/ICMLC.2017.8107737

2017-01-01

Abstract:Malware in form of Internet worms, computer viruses, and Trojan horses poses a major threat to the security of networked systems. So how to describe the behavior knowledge of malware is an interesting and meaningful work. In recent years, different ontology technologies have been proposed to represent domain knowledge. In the study, we apply ontology techniques into the field of malware detection, and propose the malware detection method based on ontology. This method is based on the behavior of malicious code, and makes a knowledge representation of the malware behaviors from a variety of perspectives. We use the common behaviors of individuals to represent the behaviors of a malware family, and use the ontology reasoning mechanism to detect unknown malware samples. Experiments show that the method has high malicious code detection rate and low false alarm rate.

Shi Jin,Zhaofeng Guo,Dongli Liu,Yanhua Yang

DOI: https://doi.org/10.1155/2022/4977898

2022-02-23

Abstract:In recent years, with the development of information technology, the Internet has become an essential tool for human daily life. However, as the popularity and scale of the Internet continue to expand, malware has also emerged as an increasingly widespread trend, and its development has brought many negative impacts to the society. As the number of types of malware is getting enormous, the attacks are constantly updated, and at the same time, the spread is very fast, causing more and more damage to the network, the requirements and standards for malware detection are constantly rising. How to effectively detect malware is a research trend; in order to tackle the new needs and problems arising from the development of malware, this paper proposes to guide machine learning algorithms to implement malware detection in a distributed environment: firstly, each detection node in the distributed network performs anomaly detection on the captured software information and data, then performs feature analysis to discover unknown malware and obtain its samples, updates the new malware features to all feature detection nodes in the whole distributed network, and trains the random forest-based machine learning algorithm for malware classification and detection, thus completing the global response processing capability for malware. By building a distributed system framework, the global capture capability of malware detection is enhanced to robustly respond to the increasing and rapid spread of malware, and machine learning algorithms are integrated into it to achieve effective detection of malware. Extended experiments on the Ember 2017 and Ember 2018 databases show that our proposed approach achieves advanced performance and effectively addresses the problem of malware detection.

Jeyaprakash Hemalatha,Subbiah Geetha,Seifedine Kadry,Robertas Damaševičius,S. Roseline

DOI: https://doi.org/10.3390/e23030344

IF: 2.738

2021-03-15

Entropy

Abstract:Recently, there has been a huge rise in malware growth, which creates a significant security threat to organizations and individuals. Despite the incessant efforts of cybersecurity research to defend against malware threats, malware developers discover new ways to evade these defense techniques. Traditional static and dynamic analysis methods are ineffective in identifying new malware and pose high overhead in terms of memory and time. Typical machine learning approaches that train a classifier based on handcrafted features are also not sufficiently potent against these evasive techniques and require more efforts due to feature-engineering. Recent malware detectors indicate performance degradation due to class imbalance in malware datasets. To resolve these challenges, this work adopts a visualization-based method, where malware binaries are depicted as two-dimensional images and classified by a deep learning model. We propose an efficient malware detection system based on deep learning. The system uses a reweighted class-balanced loss function in the final classification layer of the DenseNet model to achieve significant performance improvements in classifying malware by handling imbalanced data issues. Comprehensive experiments performed on four benchmark malware datasets show that the proposed approach can detect new malware samples with higher accuracy (98.23% for the Malimg dataset, 98.46% for the BIG 2015 dataset, 98.21% for the MaleVis dataset, and 89.48% for the unseen Malicia dataset) and reduced false-positive rates when compared with conventional malware mitigation techniques while maintaining low computational time. The proposed malware detection solution is also reliable and effective against obfuscation attacks.

physics, multidisciplinary

Sanjay Sharma,C. Rama Krishna,Sanjay K. Sahay

DOI: https://doi.org/10.48550/arXiv.1903.02966

2019-03-07

Abstract:In today's digital world most of the anti-malware tools are signature based which is ineffective to detect advanced unknown malware viz. metamorphic malware. In this paper, we study the frequency of opcode occurrence to detect unknown malware by using machine learning technique. For the purpose, we have used kaggle Microsoft malware classification challenge dataset. The top 20 features obtained from fisher score, information gain, gain ratio, chi-square and symmetric uncertainty feature selection methods are compared. We also studied multiple classifier available in WEKA GUI based machine learning tool and found that five of them (Random Forest, LMT, NBT, J48 Graft and REPTree) detect malware with almost 100% accuracy.

Cryptography and Security,Machine Learning

Mathew Ashik,A. Jyothish,S. Anandaram,P. Vinod,Francesco Mercaldo,Fabio Martinelli,Antonella Santone

DOI: https://doi.org/10.3390/electronics10141694

IF: 2.9

2021-07-15

Electronics

Abstract:Malware is one of the most significant threats in today’s computing world since the number of websites distributing malware is increasing at a rapid rate. Malware analysis and prevention methods are increasingly becoming necessary for computer systems connected to the Internet. This software exploits the system’s vulnerabilities to steal valuable information without the user’s knowledge, and stealthily send it to remote servers controlled by attackers. Traditionally, anti-malware products use signatures for detecting known malware. However, the signature-based method does not scale in detecting obfuscated and packed malware. Considering that the cause of a problem is often best understood by studying the structural aspects of a program like the mnemonics, instruction opcode, API Call, etc. In this paper, we investigate the relevance of the features of unpacked malicious and benign executables like mnemonics, instruction opcodes, and API to identify a feature that classifies the executable. Prominent features are extracted using Minimum Redundancy and Maximum Relevance (mRMR) and Analysis of Variance (ANOVA). Experiments were conducted on four datasets using machine learning and deep learning approaches such as Support Vector Machine (SVM), Naïve Bayes, J48, Random Forest (RF), and XGBoost. In addition, we also evaluate the performance of the collection of deep neural networks like Deep Dense network, One-Dimensional Convolutional Neural Network (1D-CNN), and CNN-LSTM in classifying unknown samples, and we observed promising results using APIs and system calls. On combining APIs/system calls with static features, a marginal performance improvement was attained comparing models trained only on dynamic features. Moreover, to improve accuracy, we implemented our solution using distinct deep learning methods and demonstrated a fine-tuned deep neural network that resulted in an F1-score of 99.1% and 98.48% on Dataset-2 and Dataset-3, respectively.

engineering, electrical & electronic,computer science, information systems,physics, applied

Xiao-Song Zhang,Liu Zhi,Da-Peng Chen

DOI: https://doi.org/10.1109/icacia.2008.4769974

2008-01-01

Abstract:Malware has posted a great risk to the privacy of users and data. Unfortunately, current anomaly detection is both coarse-grained and ineffective to detect them, because some behaviors can only be triggered in specific circumstances, moreover, it is difficult to analyze and evaluate compromised data. In this paper, we address the two problems via taint-based analysis. First, we precisely characterize malware behaviors in virtual environments, where behaviors can be completely explored by tainting return values of security-related system calls in order to traverse multiple execution branches. Second, sensitive data are also tainted to track their propagation to determine whether they are transmitted maliciously. A supporting distributed architecture is presented to optimize efficiency. Our approach is an effective complement to current anomaly-based models. The initial experiment demonstrates our system can detect a variety of malware with high accuracy and low overhead.

Chan Woo Kim

DOI: https://doi.org/10.48550/arXiv.1802.05412

2018-05-20

Abstract:As computing systems become increasingly advanced and as users increasingly engage themselves in technology, security has never been a greater concern. In malware detection, static analysis, the method of analyzing potentially malicious files, has been the prominent approach. This approach, however, quickly falls short as malicious programs become more advanced and adopt the capabilities of obfuscating its binaries to execute the same malicious functions, making static analysis extremely difficult for newer variants. The approach assessed in this paper is a novel dynamic malware analysis method, which may generalize better than static analysis to newer variants. Inspired by recent successes in Natural Language Processing (NLP), widely used document classification techniques were assessed in detecting malware by doing such analysis on system calls, which contain useful information about the operation of a program as requests that the program makes of the kernel. Features considered are extracted from system call traces of benign and malicious programs, and the task to classify these traces is treated as a binary document classification task of system call traces. The system call traces were processed to remove the parameters to only leave the system call function names. The features were grouped into various n-grams and weighted with Term Frequency-Inverse Document Frequency. This paper shows that Linear Support Vector Machines (SVM) optimized by Stochastic Gradient Descent and the traditional Coordinate Descent on the Wolfe Dual form of the SVM are effective in this approach, achieving a highest of 96% accuracy with 95% recall score. Additional contributions include the identification of significant system call sequences that could be avenues for further research.

Cryptography and Security,Computation and Language

Thomas Davies

DOI: https://doi.org/10.48550/arXiv.2204.12919

2022-04-26

Abstract:Topological Data Analysis (TDA) gives practioners the ability to analyse the global structure of cybersecurity data. We use TDA for anomaly detection in host-based logs collected with the open-source Logging Made Easy (LME) project. We present an approach that builds a filtration of simplicial complexes directly from Windows logs, enabling analysis of their intrinsic structure using topological tools. We compare the efficacy of persistent homology and the spectrum of graph and hypergraph Laplacians as feature vectors against a standard log embedding that counts events, and find that topological and spectral embeddings of computer logs contain discriminative information for classifying anomalous logs that is complementary to standard embeddings. We end by discussing the potential for our methods to be used as part of an explainable framework for anomaly detection.

Machine Learning,Artificial Intelligence,Cryptography and Security

Pascal Maniriho,Abdun Naser Mahmood,Mohammad Jabed Morshed Chowdhury

2024-01-29

Abstract:Malware is one of the most common and severe cyber-attack today. Malware infects millions of devices and can perform several malicious activities including mining sensitive data, encrypting data, crippling system performance, and many more. Hence, malware detection is crucial to protect our computers and mobile devices from malware attacks. Deep learning (DL) is one of the emerging and promising technologies for detecting malware. The recent high production of malware variants against desktop and mobile platforms makes DL algorithms powerful approaches for building scalable and advanced malware detection models as they can handle big datasets. This work explores current deep learning technologies for detecting malware attacks on the Windows, Linux, and Android platforms. Specifically, we present different categories of DL algorithms, network optimizers, and regularization methods. Different loss functions, activation functions, and frameworks for implementing DL models are presented. We also present feature extraction approaches and a review of recent DL-based models for detecting malware attacks on the above platforms. Furthermore, this work presents major research issues on malware detection including future directions to further advance knowledge and research in this field.

Cryptography and Security

Wu Bing,Yun Xiaochun

2012-01-01

Abstract:We present the dynamic information security theory model: P2DR to deal with malware epidemics. The model includes the following stages: detection of a malware epidemic by detection system, establishment of countermeasure strategy in strategy coordination center, activation of protection and response system, defense system activation for real-time protection and response. The process is a periodic one in which the strategy is adjusted dynamically. In the model we propose, the detection system is considered to be the key component. Based on our analysis of traditional IDS architecture, we think that it is not suitable for inspecting high speed network traffic and monitoring multivariant malware epidemics. Therefore, we propose a parallel detection model which can be applied to the backbone network matched with appropriate protocol parsing. Normalized taxonomy is also presented for the detection rules of malware. Five detection rule sets are covered, namely, match rules based on deep content pre-processing, special algorithms, binary level, binary level requiring network information checks, and pure network information. A Virus Detection System is realized based on the framework above.

Et al. Rajesh Yadav

DOI: https://doi.org/10.17762/ijritcc.v11i11s.9817

2023-11-30

International Journal on Recent and Innovation Trends in Computing and Communication

Abstract:The huge amounts of data and information that need to be analyzed for possible malicious intent are one ofthe big and significant challenges that the Web faces today. Malicious software, also referred to as malware developed by attackers, is polymorphic and metamorphic in nature which can modify the code as it spreads.In addition, the diversity and volume of their variants severely undermine the effectiveness of traditional defenses that typically use signature-based techniques and are unable to detect malicious executables previously unknown. Malware family variants share typical patterns of behavior that indicate their origin and purpose. The behavioral trends observed either statically or dynamically can be manipulated by usingmachine learning techniques to identify and classify unknown malware into their established families. Thissurvey paper gives an overview of the malware detection and analysis techniques and tools.

Dr. Pradeep Kumar

DOI: https://doi.org/10.22214/ijraset.2024.58295

2024-02-29

International Journal for Research in Applied Science and Engineering Technology

Abstract:Abstract: Malware, derived from "Malicious software," is a comprehensive term encompassing any software intentionally crafted to disrupt, damage, or illicitly access computer systems. It's critical to determine whether a file includes malware. The increase in malware is causing a lot of problems for businesses, including data loss and other problems. Malware can swiftly inflict significant damage to a system by slowing it down and encrypting a sizable amount of data on a personal computer. This suggests that lowering the number of false positives is important. A comprehensive description of the adaptable framework for machine learning algorithms may be found in this study. It is possible to detect malware with these methods. The justification for this is that these algorithms simplify the process of distinguishing between files that are infected with malware and those that are not. Modern antivirus and anti-malware tools offer effective protection against various malware attacks. Nevertheless, due to the constantly changing landscape of malicious activities, it is imperative to curate an up-to-date database of previous malware instances. This repository serves as a valuable resource for anticipating the characteristics of future attacks and facilitating swift responses. Different machine learning methods, including decision trees and random forests, are used in our malware detection process. The method with the highest accuracy is chosen, giving the system an excellent detection ratio. Additionally, the confusion matrix is used to calculate the false positive and false negative rates, which is how the system's performance is determined.

Daniele Ucci,Leonardo Aniello,Roberto Baldoni

DOI: https://doi.org/10.1016/j.cose.2018.11.001

2019-03-01

Abstract:Coping with malware is getting more and more challenging, given their relentless growth in complexity and volume. One of the most common approaches in literature is using machine learning techniques, to automatically learn models and patterns behind such complexity, and to develop technologies to keep pace with malware evolution. This survey aims at providing an overview on the way machine learning has been used so far in the context of malware analysis in Windows environments, i.e. for the analysis of Portable Executables. We systematize surveyed papers according to their objectives (i.e., the expected output), what information about malware they specifically use (i.e., the features), and what machine learning techniques they employ (i.e., what algorithm is used to process the input and produce the output). We also outline a number of issues and challenges, including those concerning the used datasets, and identify the main current topical trends and how to possibly advance them. In particular, we introduce the novel concept of malware analysis economics, regarding the study of existing trade-offs among key metrics, such as analysis accuracy and economical costs.

computer science, information systems