Yunji Liang,Qiushi Wang,Kang Xiong,Xiaolong Zheng,Zhiwen Yu,Daniel Zeng

DOI: https://doi.org/10.1109/tdsc.2021.3121388

2021-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:As cybercrimes grow in scale with devastating economic costs, it is important to protect potential victims against diverse attacks. In spite of the diversity of cybercrimes, it is the uniform resource locators (URLs) that connect vulnerable users with potential attacks. Although numerous solutions (e.g., rule-based solutions and machine learning-based methods) are proposed for malicious URL detection, they cannot provide robust performance due to the diversity of cybercrimes and cannot cope with the explosive growth of malicious URLs with the evolution of obfuscation strategies. In this paper, we propose a deep learning-based system, dubbed as CyberLen, to detect malicious URLs robustly and effectively. Specifically, we use factorization machine (FM) to learn the latent interaction among lexical features. For the deep structural features, position embedding is introduced for token vectorization to reduce the ambiguity of URL tokens. Meanwhile, temporal convolution network (TCN) is utilized to learn the long-distance dependency among URL tokens. To fuse heterogeneous features, self-paced wide <span class="mjpage"></span>&amp; deep learning strategy is proposed to train a robust model effectively. The proposed solution is evaluated on a large-scale URL dataset. Our experimental results show that position embedding is constructive to reducing the ambiguity of URL tokens, and the self-paced wide <span class="mjpage"></span>&amp; deep learning strategy shows superior performance in terms of F1 score and convergence speed.<svg xmlns="http://www.w3.org/2000/svg" style="display: none;"><defs id="MathJax_SVG_glyphs"></defs></svg>

computer science, information systems, software engineering, hardware & architecture

Anthony Downs,C. Schlenoff

Abstract:Purpose – This paper aims to define and describe test methods and metrics to assess industrial robot system agility in both simulation and in reality. Design/methodology/approach – The paper describes test methods and associated quantitative and qualitative metrics for assessing robot system efficiency and effectiveness, which can then be used for the assessment of system agility. Findings – The paper describes how the test methods were implemented in a simulation environment and real-world environment. It also shows how the metrics are measured and assessed as they would be in a future competition. Practical implications – The test methods described in this paper will push forward the state of the art in software agility for manufacturing robots, allowing small and medium manufacturers to better utilize robotic systems. Originality/value – The paper fulfills the identified need for standard test methods to measure and allow for improvement in software agility for manufacturing robots.

Zuguo Chen,Yanglong Liu,Chaoyang Chen,Ming Lu,Xuzhuo Zhang

DOI: https://doi.org/10.1155/2021/9994127

IF: 1.968

2021-05-26

Security and Communication Networks

Abstract:The traditional malicious uniform resource locator (URL) detection method excessively relies on the matching rules formulated by the network security personnel, which is hard to fully express the text information of the URL. Thus, an improved multilayer recurrent convolutional neural network model based on the YOLO algorithm is proposed to detect malicious URL in this paper. First, single characters are mapped to dense vectors using word embedding, and the dense vectors are participated in the training process of the whole model according to the structural characteristics of the URL in the method. Then, the CSPDarknet neural network model based on the improved YOLO algorithm is proposed to extract features of the URL. Finally, the extracted features are used to evaluate malicious URL by the bidirectional LSTM recurrent neural network algorithm. In order to verify the validity of the algorithm, a total of 200,000 URLs are collected, including 100,000 normal URLs labeled “good” and 100,000 malicious URLs labeled “bad”. The experimental results show that the method detects malicious URLs more quickly and effectively and has high accuracy, high recall rate, and high accuracy compared with Text-RCNN, BRNN, and other models.

computer science, information systems,telecommunications

Ruitong Liu,Yanbin Wang,Haitao Xu,Zhan Qin,Yiwei Liu,Zheng Cao

2023-11-21

Abstract:The widespread use of the Internet has revolutionized information retrieval methods. However, this transformation has also given rise to a significant cybersecurity challenge: the rapid proliferation of malicious URLs, which serve as entry points for a wide range of cyber threats. In this study, we present an efficient pre-training model-based framework for malicious URL detection. Leveraging the subword and character-aware pre-trained model, CharBERT, as our foundation, we further develop three key modules: hierarchical feature extraction, layer-aware attention, and spatial pyramid pooling. The hierarchical feature extraction module follows the pyramid feature learning principle, extracting multi-level URL embeddings from the different Transformer layers of CharBERT. Subsequently, the layer-aware attention module autonomously learns connections among features at various hierarchical levels and allocates varying weight coefficients to each level of features. Finally, the spatial pyramid pooling module performs multiscale downsampling on the weighted multi-level feature pyramid, achieving the capture of local features as well as the aggregation of global features. The proposed method has been extensively validated on multiple public datasets, demonstrating a significant improvement over prior works, with the maximum accuracy gap reaching 8.43% compared to the previous state-of-the-art method. Additionally, we have assessed the model's generalization and robustness in scenarios such as cross-dataset evaluation and adversarial attacks. Finally, we conducted real-world case studies on the active phishing URLs.

Cryptography and Security

Rajvardhan Patil,Wei Deng

DOI: https://doi.org/10.1109/southeastcon44009.2020.9368268

2020-01-01

Abstract:In this era, where the volume and diversity of malware is rising exponentially, new techniques need to be employed for faster and accurate identification of the malwares. Manual heuristic inspection of malware analysis are neither effective in detecting new malware, nor efficient as they fail to keep up with the high spreading rate of malware. Machine learning approaches have therefore gained momentum. They have been used to automate static and dynamic analysis investigation where malware having similar behavior are clustered together, and based on the proximity unknown malwares get classified to their respective families. Although many such research efforts have been conducted where data-mining and machine-learning techniques have been applied, in this paper we show how the accuracy can further be improved using deep learning networks. As deep learning offers superior classification by constructing neural networks with a higher number of potentially diverse layers it leads to improvement in automatic detection and classification of the malware variants.In this research, we present a framework which extracts various feature-sets such as system calls, operational codes, sections, and byte codes from the malware files. In the experimental and result section, we compare the accuracy obtained from each of these features and demonstrate that feature vector for system calls yields the highest accuracy. The paper concludes by showing how deep learning approach performs better than the traditional shallow machine learning approaches.

Xichen Zhang,Arash Habibi Lashkari,Ali A. Ghorbani

DOI: https://doi.org/10.1111/coin.12422

2020-11-23

Computational Intelligence

Abstract:<p>Malicious online advertisement detection has attracted increasing attention in recent years in both academia and industry. The existing advertising blocking systems are vulnerable to the evolution of new attacks and can cause time latency issues by analyzing web content or querying remote servers. This article proposes a lightweight detection system for advertisement Uniform resource locators (URLs) detection, depending only on lexical‐based features. Deep learning algorithms are used for online advertising classification. After optimizing the deep neural network architecture, our proposed approach can achieve satisfactory results with false negative rate as low as 1.31%. We also design a novel unsupervised method for data clustering. With the implementation of AutoEncoder for feature preprocessing and t‐distributed stochastic neighbor embedding for clustering and visualization, our model outperforms other dimensionality reduction algorithms by generating clear clusterings for different URL families.</p>

computer science, artificial intelligence

Vineet Kumar Chauhan,Awadhesh Kumar

DOI: https://doi.org/10.1016/j.eswa.2024.125507

IF: 8.5

2024-10-27

Expert Systems with Applications

Abstract:Malware is one of the most popular cyber-attacks, and it is becoming more common on the network every day. In contrast to benign transmission, which typically exhibits symmetrical patterns, malware communication often shows asymmetrical behaviours, making detection a complex challenge. Fortunately, malware can be distinguished and identified for actual activities utilizing a variety of artificial intelligence methods. However, insufficient work has been allocated to the problem of handling high-dimensional and huge data. This paper proposes a novel deep learning-based approach to identify malicious Uniform Resource Locators (URLs) specifically designed to handle the challenges posed by large-scale and complex data. Initially, input data is sourced from a comprehensive Kaggle dataset, which includes diverse and large-scale URL samples. The URLs are then transformed into vector representations using a Vector Embedding Module, which employs a character-level word embedding technique to capture intricate patterns within the URLs. To further refine the data, the Chaotic Kookaburra Efficient-Bo Network (CKEBO-Net) is applied to extract the most significant features from these vectors, effectively reducing the dimensionality and computational burden. Subsequently, the Cascaded Capsule Twin Attentional Dilated Convolutional Network (C 2 TA_DiCN) model is introduced to classify and identify malicious URLs with high precision. This model leverages the unique strengths of capsule networks and attentional mechanisms, enhancing its capability to capture subtle dependencies within the data. Furthermore, the Lyrebird Meta-heuristic Optimization (LMO) algorithm is used to fine-tune the model parameters appropriately, ensuring that the training process is efficient and robust. The proposed approach is implemented using Python and rigorously evaluated on the Kaggle dataset. Simulation results demonstrate that the proposed method significantly outperforms existing models, achieving a malicious URL detection accuracy of 99.7%.

computer science, artificial intelligence,engineering, electrical & electronic,operations research & management science

Hui-Juan Zhu,Liang-Min Wang,Sheng Zhong,Yang Li,Victor S. Sheng,Huijuan Zhu,Liangmin Wang

DOI: https://doi.org/10.1109/tkde.2021.3067658

IF: 9.235

2021-01-01

IEEE Transactions on Knowledge and Data Engineering

Abstract:Android is a growing target for malicious software (malware) because of its popularity and functionality. Malware poses a serious threat to users' privacy, money, equipment and file integrity. A series of data-driven malware detection methods were proposed. However, there exist two key challenges for these methods: (1) how to learn effective feature representation from raw data; (2) how to reduce the dependence on the prior knowledge or human labors in feature learning. Inspired by the success of deep learning methods in the feature representation learning community, we propose a malware detection framework which starts with learning rich-features by a novel unsupervised feature learning algorithm Merged Sparse Auto-Encoder (MSAE). In order to extract more compact and discriminative feature from the rich-features to further boost the malware detection capability, a hybrid deep network learning algorithm Stacked Hybrid Learning MSAE and SDAE (SHLMD) is established by further incorporating a classical deep learning method Stacked Denoising Auto-encoders (SDAE). After that, we feed the feature learned by MSAE and SHLMD respectively to classification algorithms, e.g., Support Vector Machine (SVM) or K-NearestNeighbor (KNN), to train a malware detection model. Evaluation results on two real-world datasets demonstrate that SHLMD achieves 94.46 and 90.57 percent accuracy respectively, which outperforms the classical unsupervised feature representation learning Sparse Auto-encoder (SAE). MSAE performs similarly to SAE. SHLMD can further improve the performance of MSAE and the supervised fine-tuned method SDAE. Besides, we compare the performance of our methods with that of state-of-the-art detection approaches, including classical deep-learning-based methods. Extensive experiments show that our proposed methods are effective enough to detect Android malware.

computer science, information systems, artificial intelligence,engineering, electrical & electronic

XiangDong Huang,Hao Li,Jiajia Liu,FengChun Liu,Jian Wang,BaoShan Xie,BaoPing Chen,Qi Zhang,Tao Xue

DOI: https://doi.org/10.1155/2022/9241670

IF: 3.12

2022-06-26

Computational Intelligence and Neuroscience

Abstract:With the rapid development of the Internet, malicious domain names pose more and more serious threats to many fields, such as network security and social security, and there have been many research results on malicious domain detection. This article proposes a malicious domain name detection model based on improved deep learning, which can combine the advantages of three different network models, convolutional neural network (CNN), temporal convolutional network (TCN), and long short-term memory network (LSTM) in malicious domain name detection, to obtain a better detection effect than that of the original single or two models. Experiments show that the effect of the improved deep learning model proposed in this article is better than that of the combined model of CNN and LSTM or the combined model of CNN and TCN, and the accuracy and regression rates reached 99.76% and 98.81%, respectively.

mathematical & computational biology,neurosciences

Doyen Sahoo,Chenghao Liu,Steven C.H. Hoi

DOI: https://doi.org/10.48550/arXiv.1701.07179

2019-08-21

Abstract:Malicious URL, a.k.a. malicious website, is a common and serious threat to cybersecurity. Malicious URLs host unsolicited content (spam, phishing, drive-by exploits, etc.) and lure unsuspecting users to become victims of scams (monetary loss, theft of private information, and malware installation), and cause losses of billions of dollars every year. It is imperative to detect and act on such threats in a timely manner. Traditionally, this detection is done mostly through the usage of blacklists. However, blacklists cannot be exhaustive, and lack the ability to detect newly generated malicious URLs. To improve the generality of malicious URL detectors, machine learning techniques have been explored with increasing attention in recent years. This article aims to provide a comprehensive survey and a structural understanding of Malicious URL Detection techniques using machine learning. We present the formal formulation of Malicious URL Detection as a machine learning task, and categorize and review the contributions of literature studies that addresses different dimensions of this problem (feature representation, algorithm design, etc.). Further, this article provides a timely and comprehensive survey for a range of different audiences, not only for machine learning researchers and engineers in academia, but also for professionals and practitioners in cybersecurity industry, to help them understand the state of the art and facilitate their own research and practical applications. We also discuss practical issues in system design, open research challenges, and point out some important directions for future research.

Machine Learning,Cryptography and Security

Suresh Sankaranarayanan,Arvinthan Thevar Sivachandran,Anis Salwa Mohd Khairuddin,Khairunnisa Hasikin,Abdul Rahman Wahab Sait

DOI: https://doi.org/10.1371/journal.pone.0302196

IF: 3.7

2024-05-31

PLoS ONE

Abstract:Web applications are important for various online businesses and operations because of their platform stability and low operation cost. The increasing usage of Internet-of-Things (IoT) devices within a network has contributed to the rise of network intrusion issues due to malicious Uniform Resource Locators (URLs). Generally, malicious URLs are initiated to promote scams, attacks, and frauds which can lead to high-risk intrusion. Several methods have been developed to detect malicious URLs in previous works. There has been a good amount of work done to detect malicious URLs using various methods such as random forest, regression, LightGBM, and more as reported in the literature. However, most of the previous works focused on the binary classification of malicious URLs and are tested on limited URL datasets. Nevertheless, the detection of malicious URLs remains a challenging task that remains open to research. Hence, this work proposed a stacking-based ensemble classifier to perform multi-class classification of malicious URLs on larger URL datasets to justify the robustness of the proposed method. This study focuses on obtaining lexical features directly from the URL to identify malicious websites. Then, the proposed stacking-based ensemble classifier is developed by integrating Random Forest, XGBoost, LightGBM, and CatBoost. In addition, hyperparameter tuning was performed using the Randomized Search method to optimize the proposed classifier. The proposed stacking-based ensemble classifier aims to take advantage of the performance of each machine learning model and aggregate the output to improve prediction accuracy. The classification accuracies of the machine learning model when applied individually are 93.6%, 95.2%, 95.7% and 94.8% for random forest, XGBoost, LightGBM, and CatBoost respectively. The proposed stacking-based ensemble classifier has shown significant results in classifying four classes of malicious URLs (phishing, malware, defacement, and benign) with an average accuracy of 96.8% when benchmarked with previous works.

Yao Wang,Wan‐dong Cai,Peng‐cheng Wei,Wan-dong Cai,Peng-cheng Wei

DOI: https://doi.org/10.1002/sec.1441

IF: 1.968

2016-02-11

Security and Communication Networks

Abstract:Abstract Malicious JavaScript code in webpages on the Internet is an emergent security issue because of its universality and potentially severe impact. Because of its obfuscation and complexities, detecting it has a considerable cost. Over the last few years, several machine learning‐based detection approaches have been proposed; most of them use shallow discriminating models with features that are constructed with artificial rules. However, with the advent of the big data era for information transmission, these existing methods already cannot satisfy actual needs. In this paper, we present a new deep learning framework for detection of malicious JavaScript code, from which we obtained the highest detection accuracy compared with the control group. The architecture is composed of a sparse random projection, deep learning model, and logistic regression. Stacked denoising auto‐encoders were used to extract high‐level features from JavaScript code; logistic regression as a classifier was used to distinguish between malicious and benign JavaScript code. Experimental results indicated that our architecture, with over 27 000 labeled samples, can achieve an accuracy of up to 95%, with a false positive rate less than 4.2% in the best case. Copyright © 2016 John Wiley &amp; Sons, Ltd.

computer science, information systems,telecommunications

Xiaofei Xing,Xiang Jin,Haroon Elahi,Hai Jiang,Guojun Wang

DOI: https://doi.org/10.1109/access.2022.3155695

IF: 3.9

2022-01-01

IEEE Access

Abstract:Today, in the field of malware detection, the expanding limitations of traditional detection methods and the increasing accuracy of detection methods designed on the basis of artificial intelligence algorithms are driving research findings in this area in favour of the latter. Therefore, we propose a novel malware detection model in this paper. This model combines a grey-scale image representation of malware with an autoencoder network in a deep learning model, analyses the feasibility of the grey-scale image approach of malware based on the reconstruction error of the autoencoder, and uses the dimensionality reduction features of the autoencoder to achieve the classification of malware from benign software. The proposed detection model achieved an accuracy of 96% and a stable F-score of about 96% by using the Android-side dataset we collected, which outperformed some traditional machine learning detection algorithms.

Aidong Xu,Lin Chen,Xiaoyun Kuang,Huahui Lv,Hang Yang,Yixin Jiang,Bo Li

DOI: https://doi.org/10.1109/bigdatasecurity-hpsc-ids49724.2020.00021

2020-01-01

Abstract:In recent years, malicious programs seriously threaten the security of information system. Because of its particularity, complexity and vulnerability, power information system is difficult to detect and kill by traditional anti-virus software. To solve the above problems, this paper proposes a malicious behavior detection method based on deep learning, which can identify malicious programs and attack types according to the activities of malicious programs and malicious software behaviors. In this paper, a hybrid deep learning structure based on convolutional neural network (CNN) and long-and-short term memory (LSTM) network is proposed. The call sequence of API is combined with other statistical features. The vector information obtained is input into LSTM unit through convolution, and the classification results are obtained through the above model. Compared with the existing methods, this method significantly improves the preparation rate and execution efficiency.

Yu Chen,Yajian Zhou,Qingqing Dong,Qi Li

DOI: https://doi.org/10.1109/TOCS50858.2020.9339761

2020-01-01

Abstract:In recent years, phishing events occur frequently, and the detection of phishing URL has become a common concern in the field of network security. In previous studies, researchers distinguish phishing URLs from normal URLs by the string characteristics. However, this method is difficult to achieve efficient detection accuracy in the case of attacker's forgery of URL features. In this paper, we propose a phishing URL detection method based on URL content. Firstly, the simple features are used for preliminary screening, and then, the URLs that cannot be distinguished by simple features are input into the simulation environment to obtain the page content. Finally, the method based on CNN is used to detect malicious URLs based on the page content. Experiments show that our method can achieve satisfying detection accuracy.

Joshua Saxe,Richard Harang,Cody Wild,Hillary Sanders

DOI: https://doi.org/10.48550/arXiv.1804.05020

2018-04-14

Abstract:Malicious web content is a serious problem on the Internet today. In this paper we propose a deep learning approach to detecting malevolent web pages. While past work on web content detection has relied on syntactic parsing or on emulation of HTML and Javascript to extract features, our approach operates directly on a language-agnostic stream of tokens extracted directly from static HTML files with a simple regular expression. This makes it fast enough to operate in high-frequency data contexts like firewalls and web proxies, and allows it to avoid the attack surface exposure of complex parsing and emulation code. Unlike well-known approaches such as bag-of-words models, which ignore spatial information, our neural network examines content at hierarchical spatial scales, allowing our model to capture locality and yielding superior accuracy compared to bag-of-words baselines. Our proposed architecture achieves a 97.5% detection rate at a 0.1% false positive rate, and classifies small-batched web pages at a rate of over 100 per second on commodity hardware. The speed and accuracy of our approach makes it appropriate for deployment to endpoints, firewalls, and web proxies.

Cryptography and Security,Machine Learning

Adebayo Oshingbesan,Courage Ekoh,Chukwuemeka Okobi,Aime Munezero,Kagame Richard

DOI: https://doi.org/10.48550/arXiv.2209.09630

2022-09-13

Abstract:In detecting malicious websites, a common approach is the use of blacklists which are not exhaustive in themselves and are unable to generalize to new malicious sites. Detecting newly encountered malicious websites automatically will help reduce the vulnerability to this form of attack. In this study, we explored the use of ten machine learning models to classify malicious websites based on lexical features and understand how they generalize across datasets. Specifically, we trained, validated, and tested these models on different sets of datasets and then carried out a cross-datasets analysis. From our analysis, we found that K-Nearest Neighbor is the only model that performs consistently high across datasets. Other models such as Random Forest, Decision Trees, Logistic Regression, and Support Vector Machines also consistently outperform a baseline model of predicting every link as malicious across all metrics and datasets. Also, we found no evidence that any subset of lexical features generalizes across models or datasets. This research should be relevant to cybersecurity professionals and academic researchers as it could form the basis for real-life detection systems or further research work.

Cryptography and Security,Machine Learning

Qasem Abu Al-Haija,Mustafa Al-Fayoumi

DOI: https://doi.org/10.1007/s00521-023-08592-z

2023-04-20

Abstract:Uniform Resource Locator (URL) is a unique identifier composed of protocol and domain name used to locate and retrieve a resource on the Internet. Like any Internet service, URLs (also called websites) are vulnerable to compromise by attackers to develop Malicious URLs that can exploit/devastate the user's information and resources. Malicious URLs are usually designed with the intention of promoting cyber-attacks such as spam, phishing, malware, and defacement. These websites usually require action on the user's side and can reach users across emails, text messages, pop-ups, or devious advertisements. They have a potential impact that can reach, in some cases, to compromise the machine or network of the user, especially those arriving by email. Therefore, developing systems to detect malicious URLs is of great interest nowadays. This paper proposes a high-performance machine learning-based detection system to identify Malicious URLs. The proposed system provides two layers of detection. Firstly, we identify the URLs as either benign or malware using a binary classifier. Secondly, we classify the URL classes based on their feature into five classes: benign, spam, phishing, malware, and defacement. Specifically, we report on four ensemble learning approaches, viz. the ensemble of bagging trees (En_Bag) approach, the ensemble of k-nearest neighbor (En_kNN) approach, and the ensemble of boosted decision trees (En_Bos) approach, and the ensemble of subspace discriminator (En_Dsc) approach. The developed approaches have been evaluated on an inclusive and contemporary dataset for uniform resource locators (ISCX-URL2016). ISCX-URL2016 provides a lightweight dataset for detecting and categorizing malicious URLs according to their attack type and lexical analysis. Conventional machine learning evaluation measurements are used to evaluate the detection accuracy, precision, recall, F Score, and detection time. Our experiential assessment indicates that the ensemble of bagging trees (En_Bag) approach provides better performance rates than other ensemble methods. Alternatively, the ensemble of the k-nearest neighbor (En_kNN) approach provides the highest inference speed. We also contrast our En_Bag model with state-of-the-art solutions and show its superiority in binary classification and multi-classification with accuracy rates of 99.3% and 97.92%, respectively.

Kinh Tran,Dusan Sovilj

2024-09-12

Abstract:Malicious website detection is an increasingly relevant yet intricate task that requires the consideration of a vast amount of fine details. Our objective is to create a machine learning model that is trained on as many of these finer details as time will allow us to classify a website as benign or malicious. If malicious, the model will classify the role it plays (phishing, spam, malware hosting, etc.). We proposed 77 features and created a dataset of 441,701 samples spanning 9 website classifications to train our model. We grouped the proposed features into feature subsets based on the time and resources required to compute these features and the performance changes with the inclusion of each subset to the model. We found that the performance of the best performing model increased as more feature subsets were introduced. In the end, our best performing model was able to classify websites into 1 of 9 classifications with a 95.89\% accuracy score. We then investigated how well the features we proposed ranked in importance and detail the top 10 most relevant features according to our models. 2 of our URL embedding features were found to be the most relevant by our best performing model, with content-based features representing half of the top 10 spots. The rest of the list was populated with singular features from different feature categories including: a host feature, a robots.txt feature, a lexical feature, and a passive domain name system feature.

Cryptography and Security

Austin Brown,Maanak Gupta,Mahmoud Abdelsalam

2023-11-03

Abstract:Deep learning (DL) has proven to be effective in detecting sophisticated malware that is constantly evolving. Even though deep learning has alleviated the feature engineering problem, finding the most optimal DL model, in terms of neural architecture search (NAS) and the model's optimal set of hyper-parameters, remains a challenge that requires domain expertise. In addition, many of the proposed state-of-the-art models are very complex and may not be the best fit for different datasets. A promising approach, known as Automated Machine Learning (AutoML), can reduce the domain expertise required to implement a custom DL model. AutoML reduces the amount of human trial-and-error involved in designing DL models, and in more recent implementations can find new model architectures with relatively low computational overhead. This work provides a comprehensive analysis and insights on using AutoML for static and online malware detection. For static, our analysis is performed on two widely used malware datasets: SOREL-20M to demonstrate efficacy on large datasets; and EMBER-2018, a smaller dataset specifically curated to hinder the performance of machine learning models. In addition, we show the effects of tuning the NAS process parameters on finding a more optimal malware detection model on these static analysis datasets. Further, we also demonstrate that AutoML is performant in online malware detection scenarios using Convolutional Neural Networks (CNNs) for cloud IaaS. We compare an AutoML technique to six existing state-of-the-art CNNs using a newly generated online malware dataset with and without other applications running in the background during malware <a class="link-external link-http" href="http://execution.In" rel="external noopener nofollow">this http URL</a> general, our experimental results show that the performance of AutoML based static and online malware detection models are on par or even better than state-of-the-art models or hand-designed models presented in literature.

Cryptography and Security