Rajvardhan Patil,Wei Deng

DOI: https://doi.org/10.1109/southeastcon44009.2020.9368268

2020-01-01

Abstract:In this era, where the volume and diversity of malware is rising exponentially, new techniques need to be employed for faster and accurate identification of the malwares. Manual heuristic inspection of malware analysis are neither effective in detecting new malware, nor efficient as they fail to keep up with the high spreading rate of malware. Machine learning approaches have therefore gained momentum. They have been used to automate static and dynamic analysis investigation where malware having similar behavior are clustered together, and based on the proximity unknown malwares get classified to their respective families. Although many such research efforts have been conducted where data-mining and machine-learning techniques have been applied, in this paper we show how the accuracy can further be improved using deep learning networks. As deep learning offers superior classification by constructing neural networks with a higher number of potentially diverse layers it leads to improvement in automatic detection and classification of the malware variants.In this research, we present a framework which extracts various feature-sets such as system calls, operational codes, sections, and byte codes from the malware files. In the experimental and result section, we compare the accuracy obtained from each of these features and demonstrate that feature vector for system calls yields the highest accuracy. The paper concludes by showing how deep learning approach performs better than the traditional shallow machine learning approaches.

Wenjuan Lian,Guoqing Nie,Yanyan Kang,Bin Jia,Yang Zhang

DOI: https://doi.org/10.23919/jcc.2022.02.014

2022-02-01

China Communications

Abstract:In recent years, with the increase in the price of cryptocurrencies, the number of malicious cryptomining software has increased significantly. With their powerful spreading ability, cryptomining malware can unknowingly occupy our resources, harm our interests, and damage more legitimate assets. However, although current traditional rule-based malware detection methods have a low false alarm rate, they have a relatively low detection rate when faced with a large volume of emerging malware. Even though common machine learning-based or deep learning-based methods have certain ability to learn and detect unknown malware, the characteristics they learn are single and independent, and cannot be learned adaptively. Aiming at the above problems, we propose a deep learning model with multi-input of multi-modal features, which can simultaneously accept digital features and image features on different dimensions. The model in turn includes parallel learning of three sub-models and ensemble learning of another specific sub-model. The four sub-models can be processed in parallel on different devices and can be further applied to edge computing environments. The model can adaptively learn multi-modal features and output prediction results. The detection rate of our model is as high as 97.01% and the false alarm rate is only 0.63%. The experimental results prove the advantage and effectiveness of the proposed method.

telecommunications

Hossein Sayadi,Yifeng Gao,Hosein Mohammadi Makrani,Jessica Lin,Paulo Cesar Costa,Setareh Rafatirad,Houman Homayoun

DOI: https://doi.org/10.3390/cryptography5040028

2021-10-17

Cryptography

Abstract:According to recent security analysis reports, malicious software (a.k.a. malware) is rising at an alarming rate in numbers, complexity, and harmful purposes to compromise the security of modern computer systems. Recently, malware detection based on low-level hardware features (e.g., Hardware Performance Counters (HPCs) information) has emerged as an effective alternative solution to address the complexity and performance overheads of traditional software-based detection methods. Hardware-assisted Malware Detection (HMD) techniques depend on standard Machine Learning (ML) classifiers to detect signatures of malicious applications by monitoring built-in HPC registers during execution at run-time. Prior HMD methods though effective have limited their study on detecting malicious applications that are spawned as a separate thread during application execution, hence detecting stealthy malware patterns at run-time remains a critical challenge. Stealthy malware refers to harmful cyber attacks in which malicious code is hidden within benign applications and remains undetected by traditional malware detection approaches. In this paper, we first present a comprehensive review of recent advances in hardware-assisted malware detection studies that have used standard ML techniques to detect the malware signatures. Next, to address the challenge of stealthy malware detection at the processor’s hardware level, we propose StealthMiner, a novel specialized time series machine learning-based approach to accurately detect stealthy malware trace at run-time using branch instructions, the most prominent HPC feature. StealthMiner is based on a lightweight time series Fully Convolutional Neural Network (FCN) model that automatically identifies potentially contaminated samples in HPC-based time series data and utilizes them to accurately recognize the trace of stealthy malware. Our analysis demonstrates that using state-of-the-art ML-based malware detection methods is not effective in detecting stealthy malware samples since the captured HPC data not only represents malware but also carries benign applications’ microarchitectural data. The experimental results demonstrate that with the aid of our novel intelligent approach, stealthy malware can be detected at run-time with 94% detection performance on average with only one HPC feature, outperforming the detection performance of state-of-the-art HMD and general time series classification methods by up to 42% and 36%, respectively.

Mathew Ashik,A. Jyothish,S. Anandaram,P. Vinod,Francesco Mercaldo,Fabio Martinelli,Antonella Santone

DOI: https://doi.org/10.3390/electronics10141694

IF: 2.9

2021-07-15

Electronics

Abstract:Malware is one of the most significant threats in today’s computing world since the number of websites distributing malware is increasing at a rapid rate. Malware analysis and prevention methods are increasingly becoming necessary for computer systems connected to the Internet. This software exploits the system’s vulnerabilities to steal valuable information without the user’s knowledge, and stealthily send it to remote servers controlled by attackers. Traditionally, anti-malware products use signatures for detecting known malware. However, the signature-based method does not scale in detecting obfuscated and packed malware. Considering that the cause of a problem is often best understood by studying the structural aspects of a program like the mnemonics, instruction opcode, API Call, etc. In this paper, we investigate the relevance of the features of unpacked malicious and benign executables like mnemonics, instruction opcodes, and API to identify a feature that classifies the executable. Prominent features are extracted using Minimum Redundancy and Maximum Relevance (mRMR) and Analysis of Variance (ANOVA). Experiments were conducted on four datasets using machine learning and deep learning approaches such as Support Vector Machine (SVM), Naïve Bayes, J48, Random Forest (RF), and XGBoost. In addition, we also evaluate the performance of the collection of deep neural networks like Deep Dense network, One-Dimensional Convolutional Neural Network (1D-CNN), and CNN-LSTM in classifying unknown samples, and we observed promising results using APIs and system calls. On combining APIs/system calls with static features, a marginal performance improvement was attained comparing models trained only on dynamic features. Moreover, to improve accuracy, we implemented our solution using distinct deep learning methods and demonstrated a fine-tuned deep neural network that resulted in an F1-score of 99.1% and 98.48% on Dataset-2 and Dataset-3, respectively.

engineering, electrical & electronic,computer science, information systems,physics, applied

Hadis Ghanei,Farnoush Manavi,Ali Hamzeh

DOI: https://doi.org/10.1007/s11416-021-00386-y

2021-05-08

Journal of Computer Virology and Hacking Techniques

Abstract:With the increasing availability of internet access, the number of malware is growing dramatically. So, defence against malware is an important issue in the security of computers and networks. Hence, malware detection systems are important. The most common method for malware detection is a signature-based technique. Nowadays, malware attempt to deceive all kinds of anti-malware, using obfuscation mechanisms and polymorphic behaviours, thus this method is not able to detect such malware and is not very effective. One way to deal with these types of malware is through dynamic malware analysis that requires executing the malware and monitoring its behaviour. In this paper, a novel dynamic malware detection method is presented which utilizes hardware events during file execution such as hardware port status, CPU internal status, main memory status, etc., as features of the classification model. Then, two Deep Neural Network (DNN) based algorithms, Convolutional Neural Network (CNN) and Long Short-Term Memory (LSTM), are used to construct the machine learning model. Finally, the voting network is used between the outputs of CNNs and the LSTM network, and the label of the suspicious sample is determined. The results show that the combination of hardware events as feature inputs, with LSTM and voting network can be effective in detecting new malware.

Hadeel A. Almurshid,Iman Almomani,M. A. Khalifa,Walid El-Shafai

DOI: https://doi.org/10.1109/access.2024.3488192

IF: 3.9

2024-11-09

IEEE Access

Abstract:Recent statistics indicate a continuous rise in cryptojacking malware. This malware covertly exploits users' device resources to mine cryptocurrencies, such as Bitcoin, without their knowledge or consent. Cryptocurrency mining involves participants competing to generate a unique hash, with successful miners earning cryptocurrency tokens as rewards. As the difficulty of mining new cryptocurrencies increases, greater computational power and resources are required. Unfortunately, the growing popularity of cryptocurrencies has led to a significant increase in cryptojacking malware. Compounding this issue is the lack of adequate, practical solutions to combat this threat. Current shortcomings include a limited number of related studies, particularly in host-based cryptojacking, a scarcity of recent research, reliance on small or outdated datasets, and a shallow understanding of the behavior and characteristics of cryptojacking malware. This paper aims to address these gaps by introducing a holistic, intelligent cryptojacking malware detection system that: 1) provides a detailed analysis of the lifecycle of both host-based and web-based cryptojacking malware; 2) conducts a critical comparison of existing solutions, highlighting their weaknesses; 3) applies deep static analysis to identify key indicators crucial for cryptojacking analysis; 4) executes thorough dynamic analysis to demonstrate the real-world impact of cryptojacking; 5) utilizes a new, large, and robust cryptojacking dataset (CJDS) with over 100,000 samples, where the details of constructing this dataset are provided, (f) develops vision-based predictive models using 23 convolutional neural network (CNN) algorithms, extensively evaluated with comprehensive metrics; and 6) integrates the best-performing model to bulid a highly efficient cryptojacking detection system with an accuracy of 99%. This research offers valuable insights into the characteristics and consequences of cryptojacking, paving the way for further advancements in cybersecurity. It aims to protect digital environments from unauthorized resource exploitation and enhance the security of cryptocurrency-based systems.

computer science, information systems,telecommunications,engineering, electrical & electronic

Usukhbayar Baldangombo,Nyamjav Jambaljav,Shi-Jinn Horng

DOI: https://doi.org/10.48550/arXiv.1308.2831

2013-08-13

Abstract:A serious threat today is malicious executables. It is designed to damage computer system and some of them spread over network without the knowledge of the owner using the system. Two approaches have been derived for it i.e. Signature Based Detection and Heuristic Based Detection. These approaches performed well against known malicious programs but cannot catch the new malicious programs. Different researchers have proposed methods using data mining and machine learning for detecting new malicious programs. The method based on data mining and machine learning has shown good results compared to other approaches. This work presents a static malware detection system using data mining techniques such as Information Gain, Principal component analysis, and three classifiers: SVM, J48, and Naïve Bayes. For overcoming the lack of usual anti-virus products, we use methods of static analysis to extract valuable features of Windows PE file. We extract raw features of Windows executables which are PE header information, DLLs, and API functions inside each DLL of Windows PE file. Thereafter, Information Gain, calling frequencies of the raw features are calculated to select valuable subset features, and then Principal Component Analysis is used for dimensionality reduction of the selected features. By adopting the concepts of machine learning and data-mining, we construct a static malware detection system which has a detection rate of 99.6%.

Cryptography and Security

Amir Djenna,Ahmed Bouridane,Saddaf Rubab,Ibrahim Moussa Marou

DOI: https://doi.org/10.3390/sym15030677

2023-03-09

Symmetry

Abstract:Malware, a lethal weapon of cyber attackers, is becoming increasingly sophisticated, with rapid deployment and self-propagation. In addition, modern malware is one of the most devastating forms of cybercrime, as it can avoid detection, make digital forensics investigation in near real-time impossible, and the impact of advanced evasion strategies can be severe and far-reaching. This makes it necessary to detect it in a timely and autonomous manner for effective analysis. This work proposes a new systematic approach to identifying modern malware using dynamic deep learning-based methods combined with heuristic approaches to classify and detect five modern malware families: adware, Radware, rootkit, SMS malware, and ransomware. Our symmetry investigation in artificial intelligence and cybersecurity analytics will enhance malware detection, analysis, and mitigation abilities to provide resilient cyber systems against cyber threats. We validated our approach using a dataset that specifically contains recent malicious software to demonstrate that the model achieves its goals and responds to real-world requirements in terms of effectiveness and efficiency. The experimental results indicate that the combination of behavior-based deep learning and heuristic-based approaches for malware detection and classification outperforms the use of static deep learning methods.

multidisciplinary sciences

Ankit Gangwal,Samuele Giuliano Piazzetta,Gianluca Lain,Mauro Conti

DOI: https://doi.org/10.48550/arXiv.1909.00268

2020-12-15

Abstract:Cybercriminals have been exploiting cryptocurrencies to commit various unique financial frauds. Covert cryptomining - which is defined as an unauthorized harnessing of victims' computational resources to mine cryptocurrencies - is one of the prevalent ways nowadays used by cybercriminals to earn financial benefits. Such exploitation of resources causes financial losses to the victims. In this paper, we present our novel and efficient approach to detect covert cryptomining. Our solution is a generic solution that, unlike currently available solutions to detect covert cryptomining, is not tailored to a specific cryptocurrency or a particular form of cryptomining. In particular, we focus on the core mining algorithms and utilize Hardware Performance Counters (HPC) to create clean signatures that grasp the execution pattern of these algorithms on a processor. We built a complete implementation of our solution employing advanced machine learning techniques. We evaluated our methodology on two different processors through an exhaustive set of experiments. In our experiments, we considered all the cryptocurrencies mined by the top-10 mining pools, which collectively represent the largest share (84% during Q3 2018) of the cryptomining market. Our results show that our classifier can achieve a near-perfect classification with samples of length as low as five seconds. Due to its robust and practical design, our solution can even adapt to zero-day cryptocurrencies. Finally, we believe our solution is scalable and can be deployed to tackle the uprising problem of covert cryptomining.

Cryptography and Security

Shuhui Zhang,Changdong Hu,Lianhai Wang,Miodrag J. Mihaljevic,Shujiang Xu,Tian Lan

DOI: https://doi.org/10.3390/sym15030758

2023-03-20

Symmetry

Abstract:As cyber attacks grow more complex and sophisticated, new types of malware become more dangerous and challenging to detect. In particular, fileless malware injects malicious code into the physical memory directly without leaving attack traces on disk files. This type of attack is well concealed, and it is difficult to find the malicious code in the static files. For malicious processes in memory, signature-based detection methods are becoming increasingly ineffective. Facing these challenges, this paper proposes a malware detection approach based on convolutional neural network and memory forensics. As the malware has many symmetric features, the saved training model can detect malicious code with symmetric features. The method includes collecting executable static malicious and benign samples, running the collected samples in a sandbox, and building a dataset of portable executables in memory through memory forensics. When a process is running, not all the program content is loaded into memory, so binary fragments are utilized for malware analysis instead of the entire portable executable (PE) files. PE file fragments are selected with different lengths and locations. We conducted several experiments on the produced dataset to test our model. The PE file with 4096 bytes of header fragment has the highest accuracy. We achieved a prediction accuracy of up to 97.48%. Moreover, an example of fileless attack is illustrated at the end of the paper. The results show that the proposed method can detect malicious codes effectively, especially the fileless attack. Its accuracy is better than that of common machine learning methods.

multidisciplinary sciences

Peiran Wang,Yuqiang Sun,Cheng Huang,Yutong Du,Genpei Liang,Gang Long

DOI: https://doi.org/10.1109/cse53436.2021.00022

2021-01-01

Abstract:Because of the rise of the Monroe coin, many JavaScript files with embedded malicious code are used to mine cryptocurrency using the computing power of the browser client. This kind of script does not have any obvious behaviors when it is running, so it is difficult for common users to witness them easily. This feature could lead the browser side cryptocurrency mining abused without the user’s permission. Traditional browser security strategies focus on information disclosure and malicious code execution, but not suitable for such scenes. Thus, we present a novel detection method named MineDetector using a machine learning algorithm and static features for automatically detecting browser-side cryptojacking scripts on the websites. MineDetector extracts five static feature groups available from the abstract syntax tree and text of codes and combines them using the machine learning method to build a powerful cryptojacking classifier. In the real experiment, MineDetector achieves the accuracy of 99.41% and the recall of 93.55% and has better performance in time comparing with present dynamic methods. We also made our work user-friendly by developing a browser extension that is click-to-run on the Chrome browser.

BAI Jin-rong,WANG Jun-feng,ZHAO Zong-qu

DOI: https://doi.org/10.3969/j.issn.1002-137X.2013.01.029

2013-01-01

Computer Science

Abstract:In order to solve the problems existing in malware detection,we proposed a novel malware detection approach by mining structural features of PE(Portable Executable) files and conducted the against recent Win32 malwares.Experimental results indicate that the accuracy of our method is 99.1% and the value of the AUC is 0.998 which is close to 1(The AUC value of the best possible classifier) and better than that of other static approaches.Compared with other static approaches,our method achieves higher detection accuracy with less detection time,is hard to evade by malware which applies the obfuscation and packing technique,and is real-time deployable.Most malware detection approaches using data mining may overfit experimental data in feature selection,but our experiments show that our method overcomes this problem.

Mesut GUVEN

DOI: https://doi.org/10.3934/math.2024739

2024-01-01

AIMS Mathematics

Abstract:The escalating sophistication of malware poses a formidable security challenge, as it evades traditional protective measures. Static analysis, an initial step in malware investigation, involves code scrutiny without actual execution. One static analysis approach employs the conversion of executable files into image representations, harnessing the potency of deep learning models. Convolutional neural networks (CNNs), particularly adept at image classification, have potential for malware detection. However, their inclination towards structured data requires a preprocessing phase to convert software into image-like formats. This paper outlines a methodology for malware detection that involves applying deep learning models to image-converted executable files. Experimental evaluations have been performed by using CNN models, autoencoder-based models, and pre-trained counterparts, all of which have exhibited commendable performance. Consequently, employing deep learning for image-converted executable analysis emerges as a fitting strategy for the static analysis of software. This research is significant because it utilized the largest dataset to date and encompassed a wide range of deep learning models, many of which have not previously been tested together.

mathematics, applied

Jeyaprakash Hemalatha,Subbiah Geetha,Seifedine Kadry,Robertas Damaševičius,S. Roseline

DOI: https://doi.org/10.3390/e23030344

IF: 2.738

2021-03-15

Entropy

Abstract:Recently, there has been a huge rise in malware growth, which creates a significant security threat to organizations and individuals. Despite the incessant efforts of cybersecurity research to defend against malware threats, malware developers discover new ways to evade these defense techniques. Traditional static and dynamic analysis methods are ineffective in identifying new malware and pose high overhead in terms of memory and time. Typical machine learning approaches that train a classifier based on handcrafted features are also not sufficiently potent against these evasive techniques and require more efforts due to feature-engineering. Recent malware detectors indicate performance degradation due to class imbalance in malware datasets. To resolve these challenges, this work adopts a visualization-based method, where malware binaries are depicted as two-dimensional images and classified by a deep learning model. We propose an efficient malware detection system based on deep learning. The system uses a reweighted class-balanced loss function in the final classification layer of the DenseNet model to achieve significant performance improvements in classifying malware by handling imbalanced data issues. Comprehensive experiments performed on four benchmark malware datasets show that the proposed approach can detect new malware samples with higher accuracy (98.23% for the Malimg dataset, 98.46% for the BIG 2015 dataset, 98.21% for the MaleVis dataset, and 89.48% for the unseen Malicia dataset) and reduced false-positive rates when compared with conventional malware mitigation techniques while maintaining low computational time. The proposed malware detection solution is also reliable and effective against obfuscation attacks.

physics, multidisciplinary

Jinrong Bai,Junfeng Wang,Guozhong Zou

DOI: https://doi.org/10.1155/2014/260905

Abstract:Malware has become one of the most serious threats to computer information system and the current malware detection technology still has very significant limitations. In this paper, we proposed a malware detection approach by mining format information of PE (portable executable) files. Based on in-depth analysis of the static format information of the PE files, we extracted 197 features from format information of PE files and applied feature selection methods to reduce the dimensionality of the features and achieve acceptable high performance. When the selected features were trained using classification algorithms, the results of our experiments indicate that the accuracy of the top classification algorithm is 99.1% and the value of the AUC is 0.998. We designed three experiments to evaluate the performance of our detection scheme and the ability of detecting unknown and new malware. Although the experimental results of identifying new malware are not perfect, our method is still able to identify 97.6% of new malware with 1.3% false positive rates.

Huhua Li,Dongyang Zhan,Tianrui Liu,Lin Ye

DOI: https://doi.org/10.1109/massw.2019.00008

2019-01-01

Abstract:Malware is one of the biggest threats in cloud computing. Malware running inside virtual machines or containers could steal critical information or continue to attack other cloud nodes. To detect malware in cloud, especially zero-day malware, signature-and machine-learning-based approaches are proposed to analyze the execution binary. However, malicious binary files may not permanently be stored in the file system of virtual machine or container, periodically scanner may not find the target files. Dynamic analysis approach usually introduce run-time overhead to virtual machines, which is not widely used in cloud. To solve these problems, we propose a memory analysis approach to detect malware, employing the deep learning technology. The system analyzes the memory image periodically during malware execution, which will not introduce run-time overhead. We first extract the memory snapshot from running virtual machines or containers. Then, the snapshot is converted to a grayscale image. Finally, we employ CNN to detect malware. In the learning phase, malicious and benign software are trained. In the testing phase, we test our system with real-world malwares.

Enes Sinan Parildi,Dimitrios Hatzinakos,Yuri Lawryshyn

DOI: https://doi.org/10.1007/s00521-021-05861-7

2021-03-21

Neural Computing and Applications

Abstract:Thousands of new malware codes are developed every day. Signature-based methods, which are employed by common malware detectors, are susceptible to code obfuscation and novel malware. In this paper, we present an alternative method for malware detection, which makes use of assembly opcode sequences obtained during runtime. First, for sequential opcode data, we utilize natural language processing and deep learning techniques to facilitate the extraction of deeper behavioral features. Due to these features, this method can be impervious to code obfuscation and effective against novel malware. Finally, these features are fed to various machine learning algorithms for classification. The experiments on a more class balanced dataset of 26869 samples demonstrated that MCC (Matthew’s correlation coefficient) score as high as 0.95 is achievable with this approach. The MCC score results for the experiments conducted on imbalanced and artificially balanced datasets are 0.81 and 0.83, respectively.

computer science, artificial intelligence

Pascal Maniriho,Abdun Naser Mahmood,Mohammad Jabed Morshed Chowdhury

2024-01-29

Abstract:Malware is one of the most common and severe cyber-attack today. Malware infects millions of devices and can perform several malicious activities including mining sensitive data, encrypting data, crippling system performance, and many more. Hence, malware detection is crucial to protect our computers and mobile devices from malware attacks. Deep learning (DL) is one of the emerging and promising technologies for detecting malware. The recent high production of malware variants against desktop and mobile platforms makes DL algorithms powerful approaches for building scalable and advanced malware detection models as they can handle big datasets. This work explores current deep learning technologies for detecting malware attacks on the Windows, Linux, and Android platforms. Specifically, we present different categories of DL algorithms, network optimizers, and regularization methods. Different loss functions, activation functions, and frameworks for implementing DL models are presented. We also present feature extraction approaches and a review of recent DL-based models for detecting malware attacks on the above platforms. Furthermore, this work presents major research issues on malware detection including future directions to further advance knowledge and research in this field.

Cryptography and Security

Qianjin Ying,Yulei Yu,Donghai Tian,Xiaoqi Jia,Rui Ma,Changzhen Hu

DOI: https://doi.org/10.1007/s10723-022-09621-2

2022-01-01

Journal of Grid Computing

Abstract:With the increasing value of digital cryptocurrency in recent years, the digital cryptocurrency mining industry is becoming prosperous. However, this industry has also gained attention from adversaries who exploit users’ computers to mine cryptocurrency covertly. To detect cryptojacking attacks, many static and dynamic methods are proposed. However, the existing solutions still have some limitations in terms of effectiveness, performance, and transparency. To address these issues, we present CJSpector, a novel hardware-based approach for cryptojacking detection. This method first leverages the Intel Processor Trace mechanism to collect the run-time control flow information of a web browser. Next, CJSpector makes use of two optimization approaches based on the library functionality and information gain to preprocess the control flow information. Finally, it leverages Recurrent Neural Network (RNN) for cryptojacking detection. The evaluation shows that our method can detect in-browser covert cryptocurrency mining effectively and transparently with a small performance cost.

Umm-e-Hani Tayyab,Faiza Babar Khan,Muhammad Hanif Durad,Asifullah Khan,Yeon Soo Lee

DOI: https://doi.org/10.3390/jcp2040041

2022-09-28

Journal of Cybersecurity and Privacy

Abstract:Monitoring Indicators of Compromise (IOC) leads to malware detection for identifying malicious activity. Malicious activities potentially lead to a system breach or data compromise. Various tools and anti-malware products exist for the detection of malware and cyberattacks utilizing IOCs, but all have several shortcomings. For instance, anti-malware systems make use of malware signatures, requiring a database containing such signatures to be constantly updated. Additionally, this technique does not work for zero-day attacks or variants of existing malware. In the quest to fight zero-day attacks, the research paradigm shifted from primitive methods to classical machine learning-based methods. Primitive methods are limited in catering to anti-analysis techniques against zero-day attacks. Hence, the direction of research moved towards methods utilizing classic machine learning, however, machine learning methods also come with certain limitations. They may include but not limited to the latency/lag introduced by feature-engineering phase on the entire training dataset as opposed to the real-time analysis requirement. Likewise, additional layers of data engineering to cater to the increasing volume of data introduces further delays. It led to the use of deep learning-based methods for malware detection. With the speedy occurrence of zero-day malware, researchers chose to experiment with few shot learning so that reliable solutions can be produced for malware detection with even a small amount of data at hand for training. In this paper, we surveyed several possible strategies to support the real-time detection of malware and propose a hierarchical model to discover security events or threats in real-time. A key focus in this survey is on the use of Deep Learning-based methods. Deep Learning based methods dominate this research area by providing automatic feature engineering, the capability of dealing with large datasets, enabling the mining of features from limited data samples, and supporting one-shot learning. We compare Deep Learning-based approaches with conventional machine learning based approaches and primitive (statistical analysis based) methods commonly reported in the literature.

computer science, information systems, interdisciplinary applications, software engineering