Relevant bibliographies by topics / Malware Generation

Contents

  1. Journal articles
  2. Dissertations / Theses
  3. Books
  4. Book chapters
  5. Conference papers
  6. Reports

Academic literature on the topic 'Malware Generation'

Author: Grafiati
Published: 5 June 2025
Last updated: 25 June 2025

Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles

Select a source type:

Consult the lists of relevant articles, books, theses, conference reports, and other scholarly sources on the topic 'Malware Generation.'

Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.

You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.

Journal articles on the topic "Malware Generation"

1

Alireza, Khalilian, Nourazar Amir, Vahidi-Asl Mojtaba, and Haghighi Hassan. "G3MD: Mining frequent opcode sub-graphs for metamorphic malware detection of existing families." Expert Systems with Applications 112 (December 7, 2019): 15–33. https://doi.org/10.5281/zenodo.3566150.

Full text
Abstract:
Attackers leverage various obfuscation techniques to create a metamorphic malware that can evade from detection by anti-malwares. To defeat, we propose Graph Mining for Metamorphic Malware Detection (G3MD), an intelligent system for static detection of metamorphic malwares. G3MD demonstrates one of the many aspects of what the current generation of machine-learning techniques and expert systems can do. It extends what is known about practical application of machine-learning techniques in the field of information security. It is intended to alleviate the burden of human experts and underlying costs. The novelty of G3MD is to apply graph mining on the opcode graphs of a metamorphic family of malwares to extract the frequent sub-graphs, so called&nbsp;<em>micro-signatures</em>. Based on these sub-graphs, a classifier is trained to distinguish between a benign file and a metamorphic malware. We conducted experiments on four families of metamorphic malwares common in previous studies, namely Next Generation Virus Generation Kit (NGVCK), Second Generation Virus Generator (G2), and Mass Produced Code Generation Kit (MPCGEN) viruses and Metamorphic Worm (MWOR) worms. The precision (over 99% in most cases) of metamorphic malware detection by the proposed approach corroborates its effectiveness over other existing approaches.
APA, Harvard, Vancouver, ISO, and other styles
2

Liang, Guanghui, Jianmin Pang, Zheng Shan, Runqing Yang, and Yihang Chen. "Automatic Benchmark Generation Framework for Malware Detection." Security and Communication Networks 2018 (September 6, 2018): 1–8. http://dx.doi.org/10.1155/2018/4947695.

Full text
Abstract:
To address emerging security threats, various malware detection methods have been proposed every year. Therefore, a small but representative set of malware samples are usually needed for detection model, especially for machine-learning-based malware detection models. However, current manual selection of representative samples from large unknown file collection is labor intensive and not scalable. In this paper, we firstly propose a framework that can automatically generate a small data set for malware detection. With this framework, we extract behavior features from a large initial data set and then use a hierarchical clustering technique to identify different types of malware. An improved genetic algorithm based on roulette wheel sampling is implemented to generate final test data set. The final data set is only one-eighteenth the volume of the initial data set, and evaluations show that the data set selected by the proposed framework is much smaller than the original one but does not lose nearly any semantics.
APA, Harvard, Vancouver, ISO, and other styles
3

Singh, Avinash, Richard Adeyemi Ikuesan, and Hein Venter. "MalFe—Malware Feature Engineering Generation Platform." Computers 12, no. 10 (2023): 201. http://dx.doi.org/10.3390/computers12100201.

Full text
Abstract:
The growing sophistication of malware has resulted in diverse challenges, especially among security researchers who are expected to develop mechanisms to thwart these malicious attacks. While security researchers have turned to machine learning to combat this surge in malware attacks and enhance detection and prevention methods, they often encounter limitations when it comes to sourcing malware binaries. This limitation places the burden on malware researchers to create context-specific datasets and detection mechanisms, a time-consuming and intricate process that involves a series of experiments. The lack of accessible analysis reports and a centralized platform for sharing and verifying findings has resulted in many research outputs that can neither be replicated nor validated. To address this critical gap, a malware analysis data curation platform was developed. This platform offers malware researchers a highly customizable feature generation process drawing from analysis data reports, particularly those generated in sandbox-based environments such as Cuckoo Sandbox. To evaluate the effectiveness of the platform, a replication of existing studies was conducted in the form of case studies. These studies revealed that the developed platform offers an effective approach that can aid malware detection research. Moreover, a real-world scenario involving over 3000 ransomware and benign samples for ransomware detection based on PE entropy was explored. This yielded an impressive accuracy score of 98.8% and an AUC of 0.97 when employing the decision tree algorithm, with a low latency of 1.51 ms. These results emphasize the necessity of the proposed platform while demonstrating its capacity to construct a comprehensive detection mechanism. By fostering community-driven interactive databanks, this platform enables the creation of datasets as well as the sharing of reports, both of which can substantially reduce experimentation time and enhance research repeatability.
APA, Harvard, Vancouver, ISO, and other styles
4

Brezinski, Kenneth, and Ken Ferens. "Metamorphic Malware and Obfuscation: A Survey of Techniques, Variants, and Generation Kits." Security and Communication Networks 2023 (September 2, 2023): 1–41. http://dx.doi.org/10.1155/2023/8227751.

Full text
Abstract:
The competing landscape between malware authors and security analysts is an ever-changing battlefield over who can innovate over the other. While security analysts are constantly updating their signatures of known malware, malware variants are changing their signature each time they infect a new host, leading to an endless game of cat and mouse. This survey looks at providing a thorough review of obfuscation and metamorphic techniques commonly used by malware authors. The main topics covered in this work are (1) to provide an overview of string-scanning techniques used by antivirus vendors and to explore the impact malware has had from a security and monetary perspective; (2) to provide an overview of the methods of obfuscation during disassembly, as well as methods of concealment using a combination of encryption and compression; (3) to provide a comprehensive list of the datasets we have available to us in malware research, including tools to obfuscate malware samples, and to finally (4) discuss the various ways Windows APIs are categorized and vectorized to identify malicious binaries, especially in the context of identifying obfuscated malware variants. This survey provides security practitioners a better understanding of the nature and makeup of the obfuscation employed by malware. It also provides a review of what are the main barriers to reverse-engineering malware for the purposes of uncovering their complexity and purpose.
APA, Harvard, Vancouver, ISO, and other styles
5

Dugyala, Raman, N. Hanuman Reddy, V. Uma Maheswari, Gouse Baig Mohammad, Fayadh Alenezi, and Kemal Polat. "Analysis of Malware Detection and Signature Generation Using a Novel Hybrid Approach." Mathematical Problems in Engineering 2022 (January 19, 2022): 1–13. http://dx.doi.org/10.1155/2022/5852412.

Full text
Abstract:
In recent years, malware detection has become necessary to improve system performance and prevent programs from infecting your computer. Signature-based malware failed to detect most new organisms. This article presents the hybrid technique to automatically generate and classify malicious signatures. The hybrid method is called the ANFIS-SSA approach. The hybrid system includes the Adaptive Neuro Fuzzy Interference System (ANFIS) and the Salp Swarm Optimization (SSA). Based on this observation, we propose a hybrid approach to detect malware using malware terminology and its API calls to each other. We create the master signature for the entire malware category, not the malicious template. This signature can also identify unknown extended variants of this class. We show our approach in some common malware classes, which show that each extended version of the malware class is recognized by its original signature. The proposed method is integrated into the Matlab/Simulink operating system and is comparable to existing secure methods. SAFE creates an abstract model for the malicious code and converts it to an internal representation.
APA, Harvard, Vancouver, ISO, and other styles
6

Panduri, Bharathi, Madhurika Vummenthala, Spoorthi Jonnalagadda, Garwandha Ashwini, Naruvadi Nagamani, and Amanagati Akhila. "Dynamics and an efficient malware detection system using opcode sequence graph generation and ml algorithm." E3S Web of Conferences 184 (2020): 01009. http://dx.doi.org/10.1051/e3sconf/202018401009.

Full text
Abstract:
IoT(Internet of things), for the most part, comprises of the various scope of Internet-associated gadgets and hubs. In the context of military and defence systems (called as IoBT) these gadgets could be personnel wearable battle outfits, tracking devices, cameras, clinical gadgets etc., The integrity and safety of these devices are critical in mission success and it is of utmost importance to keep them secure. One of the typical ways of the attack on these gadgets is through the use of malware, whose aim could be to compromise the device and or breach the communications. Generally, these IoBT gadgets and hubs are a much more significant target for cyber criminals due to the value they pose, more so than IoT devices. In this paper we attempt at creating a significant learning based procedure to distinguish, classify and tracksuch malware in IoBT(Internet of battlefield things) through operational codes progression. This is achieved by transforming the aforementioned OpCodes into a vector space, upon which a Deep Eigen space learning technique is applied to differentiate between harmful and safe applications. For robust classification, Support vector machine and n gram Sequencing algorithms are proposed in this paper. Moreover, we evaluate the quality of our proposed approach in malware recognition and also its maintainability against garbage code injection assault. These results are presented on a web page which has separate components and levels of accessibility for user and admin credentials. For the purpose of tracking the prevalence of various malwares on the network, counts and against garbage code injection assault. These results are presented on a web page which has separate components and levels of accessibility for user and admin credentials. For the purpose of tracking the prevalence of various malwares on the network, counts and trends of different malicious opcodes are displayed for both user and admin. Thereby our proposed approach will be beneficial for the users, especially for those who want to communicate confidential information within the network. It is also beneficial if a user wants to know whether a message is secure or not. This has also been made malware test accessible, which ideally will profit future research endeavors.
APA, Harvard, Vancouver, ISO, and other styles
7

Binh, Nguyen Thien. "Viral Logical Concept Analysis for Malware Conceptual Hierarchy Generation." International Journal of Machine Learning and Computing 7, no. 4 (2017): 49–54. http://dx.doi.org/10.18178/ijmlc.2017.7.4.619.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Du, Yao, Mengtian Cui, and Xiaochun Cheng. "A Mobile Malware Detection Method Based on Malicious Subgraphs Mining." Security and Communication Networks 2021 (April 17, 2021): 1–11. http://dx.doi.org/10.1155/2021/5593178.

Full text
Abstract:
As mobile phone is widely used in social network communication, it attracts numerous malicious attacks, which seriously threaten users’ personal privacy and data security. To improve the resilience to attack technologies, structural information analysis has been widely applied in mobile malware detection. However, the rapid improvement of mobile applications has brought an impressive growth of their internal structure in scale and attack technologies. It makes the timely analysis of structural information and malicious feature generation a heavy burden. In this paper, we propose a new Android malware identification approach based on malicious subgraph mining to improve the detection performance of large-scale graph structure analysis. Firstly, function call graphs (FCGs), sensitive permissions, and application programming interfaces (APIs) are generated from the decompiled files of malware. Secondly, two kinds of malicious subgraphs are generated from malware’s decompiled files and put into the feature set. At last, test applications’ safety can be automatically identified and classified into malware families by matching their FCGs with malicious structural features. To evaluate our approach, a dataset of 11,520 malware and benign applications is established. Experimental results indicate that our approach has better performance than three previous works and Androguard.
APA, Harvard, Vancouver, ISO, and other styles
9

Bibi, Iram, Adnan Akhunzada, Jahanzaib Malik, Muhammad Khurram Khan, and Muhammad Dawood. "Secure Distributed Mobile Volunteer Computing with Android." ACM Transactions on Internet Technology 22, no. 1 (2022): 1–21. http://dx.doi.org/10.1145/3428151.

Full text
Abstract:
Volunteer Computing provision of seamless connectivity that enables convenient and rapid deployment of greener and cheaper computing infrastructure is extremely promising to complement next-generation distributed computing systems. Undoubtedly, without tactile Internet and secure VC ecosystems, harnessing its full potentials and making it an alternative viable and reliable computing infrastructure is next to impossible. Android-enabled smart devices, applications, and services are inevitable for Volunteer computing. Contrarily, the progressive developments of sophisticated Android malware may reduce its exponential growth. Besides, Android malwares are considered the most potential and persistent cyber threat to mobile VC systems. To secure Android-based mobile volunteer computing, the authors proposed MulDroid, an efficient and self-learning autonomous hybrid (Long-Short-Term Memory, Convolutional Neural Network, Deep Neural Network) multi-vector Android malware threat detection framework. The proposed mechanism is highly scalable with well-coordinated infrastructure and self-optimizing capabilities to proficiently tackle fast-growing dynamic variants of sophisticated malware threats and attacks with 99.01% detection accuracy. For a comprehensive evaluation, the authors employed current state-of-the-art malware datasets (Android Malware Dataset, Androzoo) with standard performance evaluation metrics. Moreover, MulDroid is compared with our constructed contemporary hybrid DL-driven architectures and benchmark algorithms. Our proposed mechanism outperforms in terms of detection accuracy with a trivial tradeoff speed efficiency. Additionally, a 10-fold cross-validation is performed to explicitly show unbiased results.
APA, Harvard, Vancouver, ISO, and other styles
10

Zou, Futai, Linsen Li, Yue Wu, Jianhua Li, Siyu Zhang, and Kaida Jiang. "Detecting Domain-Flux Malware Using DNS Failure Traffic." International Journal of Software Engineering and Knowledge Engineering 28, no. 02 (2018): 151–73. http://dx.doi.org/10.1142/s0218194018400016.

Full text
Abstract:
Domain-Flux malware is hard to detect because of the variable C&amp;C (Command and Control) domains which were randomly generated by the technique of domain generation algorithm (DGA). In this paper, we propose a Domain-Flux malware detection approach based on DNS failure traffic. The approach fully leverages the behavior of DNS failure traffic to recognize nine features, and then mines the DGA-generated domains by a clustering algorithm and determinable rules. Theoretical analysis and experimental results verify its efficiency with both test dataset and real-world dataset. On the test dataset, our approach can achieve a true positive rate of 99.82% at false positive rate of 0.39%. On the real-world dataset, the approach can also achieve a relatively high precision of 98.3% and find out 197,026 DGA domains by analyzing DNS traffic in campus network for seven days. We found 1213 hosts of Domain-Flux malware existing on campus network, including the known Conficker, Fosniw and several new Domain-Flux malwares that have never been reported before. We classified 197,026 DGA domains and gave the representative generated patterns for a better understanding of the Domain-Flux mechanism.
APA, Harvard, Vancouver, ISO, and other styles
More sources

Dissertations / Theses on the topic "Malware Generation"

1

Paleari, R. "DEALING WITH NEXT-GENERATION MALWARE." Doctoral thesis, Università degli Studi di Milano, 2011. http://hdl.handle.net/2434/155496.

Full text
Abstract:
Malicious programs are a serious problem that threatens the security of billions of Internet users. Today's malware authors are motivated by the easy financial gain they can obtain by selling on the underground market the information stolen from the infected hosts. To maximize their profit, miscreants continuously improve their creations to make them more and more resilient against anti-malware solutions. This increasing sophistication in malicious code led to next-generation malware, a new class of threats that exploit the limitations of state-of-the-art anti-malware products to bypass security protections and eventually evade detection. Unfortunately, current anti-malware technologies are inadequate to face next-generation malware. For this reason, in this dissertation we propose novel techniques to address the shortcomings of defensive technologies and to enhance current state-of-the-art security solutions. Dynamic behavior-based analysis is a very promising approach to automatically understand the behaviors a malicious program may exhibit at run-time. However, behavior-based solutions still present several limitations. First of all, these techniques may give incomplete results because the execution environments in which they are applied are synthetic and do not faithfully resemble the environments of end-users, the intended targets of the malicious activities. To overcome this problem, we present a new framework for improving behavior-based analysis of suspicious programs, that allows an end-user to delegate security labs the execution and the analysis of a program and to force the program to behave as if it were executed directly in the environment of the former. Our evaluation demonstrated that the proposed framework allows security labs to improve the completeness of the analysis, by analyzing a piece of malware on behalf of multiple end-users simultaneously, while performing a fine-grained analysis of the behavior of the program with no computational cost for the end-users. Another drawback of state-of-the-art defensive solutions is non-transparency: malicious programs are often able to determine that their execution is being monitored, and thus they can tamper with the analysis to avoid detection, or simply behave innocuously to mislead the anti-malware tool. At this aim, we propose a generic framework to perform complex dynamic system-level analyses of deployed production systems. By leveraging hardware support for virtualization available nowadays on all commodity machines, our framework is completely transparent to the system under analysis and it guarantees isolation of the analysis tools running on top of it. The internals of the kernel of the running system need not to be modified and the whole platform runs unaware of the framework. Once the framework has been installed, even kernel-level malware cannot detect it or affect its execution. This is accomplished by installing a minimalistic virtual machine monitor and migrating the system, as it runs, into a virtual machine. To demonstrate the potentials of our framework we developed an interactive kernel debugger, named HyperDbg. As HyperDbg can be used to monitor any critical system component, it is suitable to analyze even malicious programs that include kernel-level modules. Despite all the progress anti-malware technologies can make, perfect malware detection remains an undecidable problem. When it is not possible to prevent a malicious threat from infecting a system, post-infection remediation remains the only viable possibility. However, if the machine has already been compromised, the execution of the remediation tool could be tampered by the malware that is running on the system. To address this problem we present Conqueror, a software-based attestation scheme for tamper-proof code execution on untrusted legacy systems. Besides providing load-time attestation of a piece of code, Conqueror also ensures run-time integrity. Conqueror constitutes a valid alternative to trusted computing platforms, for systems lacking specialized hardware for attestation. We implemented a prototype, specific for the Intel x86 architecture, and evaluated the proposed scheme. Our evaluation showed that, compared to competitors, Conqueror is resistant to both static and dynamic attacks. We believe Conqueror and our transparent dynamic analysis framework constitute important building blocks for creating new security applications. To demonstrate this claim, we leverage the aforementioned solutions to realize HyperSleuth, an infrastructure to securely perform live forensic analysis of potentially compromised production systems. HyperSleuth provides a trusted execution environment that guarantees an attacker controlling the system cannot interfere with the analysis and cannot tamper with the results. The framework can be installed as the system runs, without a reboot and without loosing any volatile data. Moreover, the analysis can be periodically and safely interrupted to resume normal execution of the system. On top of HyperSleuth we implemented three forensic analysis tools: a lazy physical memory dumper, a lie detector, and a system call tracer. The experimental evaluation we conducted demonstrated that even time consuming analyses, such as the dump of the content of the physical memory, can be securely performed without interrupting the services offered by the system.
APA, Harvard, Vancouver, ISO, and other styles
2

Berni, Simone. "Dragonfly: next generation sandbox." Master's thesis, Alma Mater Studiorum - Università di Bologna, 2020. http://amslaurea.unibo.it/20894/.

Full text
Abstract:
An endless battle between malwares and malware analysts is fought every day. Many techniques of analysis are deployed, allowing the study of targets in a clean environment. Isolation is commonly provided by sandboxes, but it is not the only way: a new paradigm is emerging, emulation, that allows the study of targets without having to fear that its own infrastructure can be infected. Malwares are detected and categorized using rules, simple regex queries that describe their behaviours and are matched against the static sample, but thanks to the emulation we can move this process a step further: Dragonfly allows deeper and more precise rules that are matched during the emulation of the target, allowing even the execution of custom user functions when a rule is matched to bring the analysis to its next step
APA, Harvard, Vancouver, ISO, and other styles
3

Rudman, Lauren Lynne. "NetwIOC: a framework for the automated generation of network-based IOCS for malware information sharing and defence." Thesis, Rhodes University, 2018. http://hdl.handle.net/10962/60639.

Full text
Abstract:
With the substantial number of new malware variants found each day, it is useful to have an efficient way to retrieve Indicators of Compromise (IOCs) from the malware in a format suitable for sharing and detection. In the past, these indicators were manually created after inspection of binary samples and network traffic. The Cuckoo Sandbox, is an existing dynamic malware analysis system which meets the requirements for the proposed framework and was extended by adding a few custom modules. This research explored a way to automate the generation of detailed network-based IOCs in a popular format which can be used for sharing. This was done through careful filtering and analysis of the PCAP hie generated by the sandbox, and placing these values into the correct type of STIX objects using Python, Through several evaluations, analysis of what type of network traffic can be expected for the creation of IOCs was conducted, including a brief ease study that examined the effect of analysis time on the number of IOCs created. Using the automatically generated IOCs to create defence and detection mechanisms for the network was evaluated and proved successful, A proof of concept sharing platform developed for the STIX IOCs is showcased at the end of the research.
APA, Harvard, Vancouver, ISO, and other styles
4

Park, Sean. "Neural malware detection." Thesis, Federation University Australia, 2019. http://researchonline.federation.edu.au/vital/access/HandleResolver/1959.17/173759.

Full text
Abstract:
At the heart of today’s malware problem lies theoretically infinite diversity created by metamorphism. The majority of conventional machine learning techniques tackle the problem with the assumptions that a sufficiently large number of training samples exist and that the training set is independent and identically distributed. However, the lack of semantic features combined with the models under these wrong assumptions result largely in overfitting with many false positives against real world samples, resulting in systems being left vulnerable to various adversarial attacks. A key observation is that modern malware authors write a script that automatically generates an arbitrarily large number of diverse samples that share similar characteristics in program logic, which is a very cost-effective way to evade detection with minimum effort. Given that many malware campaigns follow this paradigm of economic malware manufacturing model, the samples within a campaign are likely to share coherent semantic characteristics. This opens up a possibility of one-to-many detection. Therefore, it is crucial to capture this non-linear metamorphic pattern unique to the campaign in order to detect these seemingly diverse but identically rooted variants. To address these issues, this dissertation proposes novel deep learning models, including generative static malware outbreak detection model, generative dynamic malware detection model using spatio-temporal isomorphic dynamic features, and instruction cognitive malware detection. A comparative study on metamorphic threats is also conducted as part of the thesis. Generative adversarial autoencoder (AAE) over convolutional network with global average pooling is introduced as a fundamental deep learning framework for malware detection, which captures highly complex non-linear metamorphism through translation invariancy and local variation insensitivity. Generative Adversarial Network (GAN) used as a part of the framework enables oneshot training where semantically isomorphic malware campaigns are identified by a single malware instance sampled from the very initial outbreak. This is a major innovation because, to the best of our knowledge, no approach has been found to this challenging training objective against the malware distribution that consists of a large number of very sparse groups artificially driven by arms race between attackers and defenders. In addition, we propose a novel method that extracts instruction cognitive representation from uninterpreted raw binary executables, which can be used for oneto- many malware detection via one-shot training against frequency spectrum of the Transformer’s encoded latent representation. The method works regardless of the presence of diverse malware variations while remaining resilient to adversarial attacks that mostly use random perturbation against raw binaries. Comprehensive performance analyses including mathematical formulations and experimental evaluations are provided, with the proposed deep learning framework for malware detection exhibiting a superior performance over conventional machine learning methods. The methods proposed in this thesis are applicable to a variety of threat environments here artificially formed sparse distributions arise at the cyber battle fronts.<br>Doctor of Philosophy
APA, Harvard, Vancouver, ISO, and other styles
5

Bláha, Lukáš. "Analýza automatizovaného generování signatur s využitím Honeypotu." Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2012. http://www.nusl.cz/ntk/nusl-236430.

Full text
Abstract:
In this paper, system of automatic processing of attacks using honeypots is discussed. The first goal of the thesis is to become familiar with the issue of signatures to detect malware on the network, especially the analysis and description of existing methods for automatic generation of signatures using honeypots. The main goal is to use the acquired knowledge to the design and implementation of tool which will perform the detection of new malicious software on the network or end user's workstation.
APA, Harvard, Vancouver, ISO, and other styles
6

Chen, Wei-Chih, and 陳威志. "Signature Generation for DLL-based Malware." Thesis, 2013. http://ndltd.ncl.edu.tw/handle/69676859215084166694.

Full text
Abstract:
碩士<br>國立交通大學<br>資訊科學與工程研究所<br>101<br>In the field of malware detection research, DLL (Dynamic-Link Library) type malware are often overlooked since EXE type malware take major percentage of the whole malware. Despite the fact that there are differences between DLL malware and EXE malware, EXE malware analysis tools are used for DLL malware detection. To enhance DLL malware detection accuracy, a different analysis methodology is proposed based on the trait that differentiates a DLL file and an EXE file, namely the export functions of a DLL file entry point. A single DLL can contain multiple export functions. In the recent researches, signatures are generated from a group of malware by finding their common context like analysis with CFG(Control Flow Graph). With the feature of DLL, a single DLL malware can be viewed as a collection of malware which start from different entry points. In this paper, we first construct relation between the DLL attack methods and the export function. Second, we present the phenomenon of common instruction in DLL malware. Third, we propose a detection method based on the common instructions.
APA, Harvard, Vancouver, ISO, and other styles
7

Chiu, Wei-Jhih, and 邱偉志. "Automated Malware Family Signature Generation based on Runtime API Call Sequence." Thesis, 2018. http://ndltd.ncl.edu.tw/handle/etw684.

Full text
Abstract:
碩士<br>國立臺灣大學<br>資訊管理學研究所<br>106<br>Recent years, the threats from malware are increasing in the world. It is important if we analyze the malwares and extract their signatures. The malware threat detection and defense will benefit from that.This research collected the malware family labels from anti-virus vendors and analyzed the behavior intents of malware family. We designed a API Call Sequence-based clustering algorithm – RasMMA, which could extract the common signature of a group of malwares. If we input some malware profiles, RasMMA algorithm could cluster the malware samples and output the common behavior of each cluster. The cluster common behavior is semantic-based which human experts could analyze the intent that malwares done. We could see the common behavior as the signature of malware family. Besides, we also found that malware family is pluralistic. The behavior clusters might different to each other in one family. Even though some clusters are cross-family clusters which behavior is similar to other families’ behavior.In the research, we also apply the behavior cluster to family sample detection. We found that our method had a better performance than other traditional data mining method in the time series malware data classification.
APA, Harvard, Vancouver, ISO, and other styles
8

Ahluwalia, Aashna. "Impact study of length in detecting algorithmically generated domains." Thesis, 2018. https://dspace.library.uvic.ca//handle/1828/9299.

Full text
Abstract:
Domain generation algorithm (DGA) is a popular technique for evading detection used by many sophisticated malware families. Since the DGA domains are randomly generated, they tend to exhibit properties that are different from legitimate domain names. It is observed that shorter DGA domains used in emerging malware are more difficult to detect, in contrast to regular DGA domains that are unusually long. While length was considered as a contributing feature in earlier approaches, there has not been a systematic focus on how to leverage its impact on DGA domains detection accuracy. Through our study, we present a new detection model based on semantic and information theory features. The research applies concept of domain length threshold to detect DGA domains regardless of their lengths. The experimental evaluation of the proposed approach, using public datasets, yield a detection rate (DR) of 98.96% and a false positive rate (FPR) of 2.1%, when using random forests classification technique<br>Graduate
APA, Harvard, Vancouver, ISO, and other styles
9

Hsueh, Chu-Yun, and 薛筑允. "Automated Generation and Semantic Analysis of System-state-change Activity Lifecycle of Malware Family." Thesis, 2018. http://ndltd.ncl.edu.tw/handle/5676wn.

Full text
Abstract:
碩士<br>國立臺灣大學<br>資訊管理學研究所<br>106<br>In this work, we aim to visualize the common behavior of malware family that cause system state changes. First of all, we conduct a malware classification based on proposed family classification algorithm. Secondly, we use the high-level semantics profiling system to profile different variants of malware family, generating the time-ordered sequences of each variant, called execution traces. Then, in order to differentiate behavior diversity between different variants in same malware family, we input execution trace of each variant to Runtime API call sequence-based motif mining algorithm to conduct behavior sequence clustering, producing behavior forest of a malware family. For each behavior tree in behavior forest, we collect execution trace belong to behavior tree and input to Global Sequence Alignment module to gather longest alignment result. For each behavior tree in behavior forest, we input all execution traces belong to the behavior tree to Global Sequence Alignment module to acquire longest alignment combination. Finally, we obtain the 100% common behavior sequence from GSA result, then extract sequence that will causing system state change from 100% common behavior sequence, visualize the behavior using trajectory graph, called system-state-change resource manipulation trajectory We also make semantic explanation toward produced trajectory graph, expound malicious intent of malware family, provide in-depth and clear malicious activity illustration, and verify behavior of malware family with illustration of antivirus software company.
APA, Harvard, Vancouver, ISO, and other styles
10

Tung, Wen-Shuo, and 董文碩. "An Android Malware Signature Generator Based on Control Flow Graphs." Thesis, 2013. http://ndltd.ncl.edu.tw/handle/51984935564266523221.

Full text
Abstract:
碩士<br>國立臺灣海洋大學<br>資訊工程學系<br>101<br>The majority of anti-virus software makes use of signatures to judge whether something is malware or not, so how the signature is generated is a basic requirement. However, we usually collect and compare data manually. To reduces the cost of artificial selection and speeds up the time to create the signature. Our research tries to develop an automatic malware signature generator based on the character string as shown on a control flow graph and uses our collected signatures to detect malware. First we collected numerous known species of malware and normal applications. These had been scanned by the anti-virus program to be our test sample and then used Androguard to get all of the applications character strings for the control flow graph. Finally, we used the Levershtein Distance Algorithm to compare and analyze the similar character strings. In the end, the signature generator that we designed was able to distinguish malware from normal applications effectively. Our experiment shows that 94% of malware can be correctly detected and the false positive rate was 6%. In the future, we will change our comparison program and revise the algorithim to decrease the false positive rate. We hope that the signature generator can find the malware efficiently thus creating a safe environment that the mobile device application can use.
APA, Harvard, Vancouver, ISO, and other styles

Books on the topic "Malware Generation"

1

Sychev, Yuriy. Information protection and information security. INFRA-M Academic Publishing LLC., 2020. http://dx.doi.org/10.12737/1013711.

Full text
Abstract:
The textbook is developed in accordance with current standards at a high methodological level and can be used to study the following subjects: "Fundamentals of information security", "Information security", "information Protection", "threats to information security", "Malware", "Antivirus programs", "Technology for building secure automated systems".&#x0D; Meets the requirements of Federal state educational standards of higher education of the latest generation.&#x0D; The material presented in the textbook is tested in the classroom and is intended for students studying in the direction of training 10.03.01 "Information security" (bachelor's level). It can also be used in preparation for admission to the master's program.
APA, Harvard, Vancouver, ISO, and other styles
2

Matrosov, Alex, Eugene Rodionov, and Sergey Bratus. Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats. No Starch Press, 2019.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
3

Santos, Omar, Aaron Woland, and Panos Kampanakis. Cisco Next-Generation Security Solutions: All-In-one Cisco ASA Firepower Services, NGIPS, and AMP. Pearson Education, Limited, 2016.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
4

Howard, Eric, Omar Santos, Andrae Middleton, Neal Humphrey, and Panos Kampanakis. Cisco Next-Generation Security Solutions: All-in-one Cisco ASA FirePOWER Services, NGIPS, and AMP. Pearson Education, Limited, 2016.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
5

Santos, Omar, Aaron Woland, and Panos Kampanakis. Cisco Next-Generation Security Solutions: All-In-one Cisco ASA Firepower Services, NGIPS, and AMP. Pearson Education, Limited, 2016.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
6

Rajib, Nazmul. Cisco Firepower Threat Defense: Configuration and Troubleshooting Best Practices for the Next-Generation Firewall , Next-Generation Intrusion Prevention System , and Advanced Malware Protection. Pearson Education, Limited, 2017.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
7

Rajib, Nazmul. Cisco Firepower Threat Defense: Configuration and Troubleshooting Best Practices for the Next-Generation Firewall , Next-Generation Intrusion Prevention System , and Advanced Malware Protection. Pearson Education, Limited, 2017.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
8

Rajib, Nazmul. Cisco Firepower Threat Defense (FTD): Configuration and troubleshooting best practices for the Next-Generation Firewall (NGFW), Next-Generation Intrusion Prevention System (NGIPS), and Advanced Malware Protection (AMP). 2018.

Find full text
APA, Harvard, Vancouver, ISO, and other styles

Book chapters on the topic "Malware Generation"

1

Tran, Quang Duy, and Fabio Di Troia. "Word Embeddings for Fake Malware Generation." In Silicon Valley Cybersecurity Conference. Springer Nature Switzerland, 2022. http://dx.doi.org/10.1007/978-3-031-24049-2_2.

Full text
Abstract:
AbstractSignature and anomaly-based techniques are the fundamental methods to detect malware. However, in recent years this type of threat has advanced to become more complex and sophisticated, making these techniques less effective. For this reason, researchers have resorted to state-of-the-art machine learning techniques to combat the threat of information security. Nevertheless, despite the integration of the machine learning models, there is still a shortage of data in training that prevents these models from performing at their peak. In the past, generative models have been found to be highly effective at generating image-like data that are similar to the actual data distribution. In this paper, we leverage the knowledge of generative modeling on opcode sequences and aim to generate malware samples by taking advantage of the contextualized embeddings from BERT. We obtained promising results when differentiating between real and generated samples. We observe that generated malware has such similar characteristics to actual malware that the classifiers are having difficulty in distinguishing between the two, in which the classifiers falsely identify the generated malware as actual malware almost $$90\%$$ of the time.
APA, Harvard, Vancouver, ISO, and other styles
2

Trehan, Harshit, and Fabio Di Troia. "Fake Malware Generation Using HMM and GAN." In Silicon Valley Cybersecurity Conference. Springer International Publishing, 2022. http://dx.doi.org/10.1007/978-3-030-96057-5_1.

Full text
Abstract:
AbstractIn the past decade, the number of malware attacks have grown considerably and, more importantly, evolved. Many researchers have successfully integrated state-of-the-art machine learning techniques to combat this ever present and rising threat to information security. However, the lack of enough data to appropriately train these machine learning models is one big challenge that is still present. Generative modelling has proven to be very efficient at generating image-like synthesized data that can match the actual data distribution. In this paper, we aim to generate malware samples as opcode sequences and attempt to differentiate them from the real ones with the goal to build fake malware data that can be used to effectively train the machine learning models. We use and compare different Generative Adversarial Networks (GAN) algorithms and Hidden Markov Models (HMM) to generate such fake samples obtaining promising results.
APA, Harvard, Vancouver, ISO, and other styles
3

Wei, Yuheng, and Futai Zou. "Automatic Generation of Malware Threat Intelligence from Unstructured Malware Traces." In Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering. Springer International Publishing, 2021. http://dx.doi.org/10.1007/978-3-030-90019-9_3.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Naderi, Hassan, P. Vinod, Mauro Conti, Saeed Parsa, and Mohammad Hadi Alaeiyan. "Malware Signature Generation Using Locality Sensitive Hashing." In Communications in Computer and Information Science. Springer Singapore, 2019. http://dx.doi.org/10.1007/978-981-13-7561-3_9.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Shin, Donghwi, Kwangwoo Lee, and Dongho Won. "Advanced Malware Variant Detection Algorithm Using Structural Characteristic of Executable File." In Future Generation Information Technology. Springer Berlin Heidelberg, 2011. http://dx.doi.org/10.1007/978-3-642-27142-7_35.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Griffin, Kent, Scott Schneider, Xin Hu, and Tzi-cker Chiueh. "Automatic Generation of String Signatures for Malware Detection." In Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2009. http://dx.doi.org/10.1007/978-3-642-04342-0_6.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Zhao, Zixuan, Yan Wang, and Xiaorui Gong. "HAEPG: An Automatic Multi-hop Exploitation Generation Framework." In Detection of Intrusions and Malware, and Vulnerability Assessment. Springer International Publishing, 2020. http://dx.doi.org/10.1007/978-3-030-52683-2_5.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Wang, Tielei, Chengyu Song, and Wenke Lee. "Diagnosis and Emergency Patch Generation for Integer Overflow Exploits." In Detection of Intrusions and Malware, and Vulnerability Assessment. Springer International Publishing, 2014. http://dx.doi.org/10.1007/978-3-319-08509-8_14.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Hai, Nguyen Minh, Mizuhito Ogawa, and Quan Thanh Tho. "Obfuscation Code Localization Based on CFG Generation of Malware." In Foundations and Practice of Security. Springer International Publishing, 2016. http://dx.doi.org/10.1007/978-3-319-30303-1_14.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Xu, Zhaoyan, Jialong Zhang, Zhiqiang Lin, and Guofei Gu. "Malware Deception with Automatic Analysis and Generation of HoneyResource." In Autonomous Cyber Deception. Springer International Publishing, 2019. http://dx.doi.org/10.1007/978-3-030-02110-8_11.

Full text
APA, Harvard, Vancouver, ISO, and other styles

Conference papers on the topic "Malware Generation"

1

Shoniwa, Mufaro, Karel Veerabudren, and Mrinal Sharma. "AI-based Malware Threat Prediction through CNN-SVM Ensemble." In 2024 International Conference on Next Generation Computing Applications (NextComp). IEEE, 2024. https://doi.org/10.1109/nextcomp63004.2024.10779683.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

D M, Chandana, Mohan B A, Quitika Reddy P, and N. Murthy M S. "A Study on Next-Generation Malware Reverse Engineering Paradigms." In 2025 International Conference on Computing for Sustainability and Intelligent Future (COMP-SIF). IEEE, 2025. https://doi.org/10.1109/comp-sif65618.2025.10969866.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

D, Raghuraman, Soniya S, and Shivani S. "Automatic Android Malware Detection using CNN and GRU." In 2024 Third International Conference on Smart Technologies and Systems for Next Generation Computing (ICSTSN). IEEE, 2024. http://dx.doi.org/10.1109/icstsn61422.2024.10671270.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Prakash, Surbhi, and Amar Kumar Mohapatra. "AG-CSE Malware Shield: Adversarial Generation and Chaotic Stacked Ensemble Approach for Deep Learning-Based Malware Classification." In 2024 4th International Conference on Ubiquitous Computing and Intelligent Information Systems (ICUIS). IEEE, 2024. https://doi.org/10.1109/icuis64676.2024.10867045.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Obeegadoo, Parlan, and Girish Bekaroo. "Effective Detection of Fileless Malware: A Review and Comparative Analysis of Detection Techniques." In 2024 International Conference on Next Generation Computing Applications (NextComp). IEEE, 2024. https://doi.org/10.1109/nextcomp63004.2024.10779901.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Galantucci, Stefano, Andrea Iannacone, Giuseppe Pirlo, Lucia Sarcinella, and Alessandro Stamerra. "MAGICIAN: Malware classification Approach through Generation Image using a Conditional and wassersteIn generative Adversarial Network variants." In 2025 IEEE 4th International Conference on AI in Cybersecurity (ICAIC). IEEE, 2025. https://doi.org/10.1109/icaic63015.2025.10848615.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

G, Sweety Prasanna Kiruba, Shubha G. Sanu, K. Saranya, Tatiraju V. Rajani Kanth, and Mahesh S. "Dynamic Malware Classification and Signature Generation Using Multi-View Convolutional Neural Networks." In 2024 International Conference on Integrated Intelligence and Communication Systems (ICIICS). IEEE, 2024. https://doi.org/10.1109/iciics63763.2024.10859526.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

G, Shankar, Sridhar S, Srivatsan G, Kishan R, and Pranav Vikraman S S. "Enhancing Android Malware Detection Through Machine Learning: Insights From Permission and Metadata Analysis." In 2024 Third International Conference on Smart Technologies and Systems for Next Generation Computing (ICSTSN). IEEE, 2024. http://dx.doi.org/10.1109/icstsn61422.2024.10670984.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Al Balawi, Mohammad, Mohammad Alnabhan, and Mohammed S. Atoum. "Generative AI for Advanced Malware Detection." In 2024 4th Intelligent Cybersecurity Conference (ICSC). IEEE, 2024. https://doi.org/10.1109/icsc63108.2024.10895965.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Bittla, Srinivasa Rao, Abothar Mahmood, D. Kokila, Ayesha Siddiqua, and Ajitha P R. "Generative Adversarial Network Based Real-Time Malware Detection in Cloud Environments." In 2025 3rd International Conference on Integrated Circuits and Communication Systems (ICICACS). IEEE, 2025. https://doi.org/10.1109/icicacs65178.2025.10967864.

Full text
APA, Harvard, Vancouver, ISO, and other styles

Reports on the topic "Malware Generation"

1

Smith, Michael, Armida Carbajal, Eva Domschot, et al. MalGen: Malware Generation with Specific Behaviors to Improve Machine Learning-based Detectors. Office of Scientific and Technical Information (OSTI), 2022. http://dx.doi.org/10.2172/1893244.

Full text
APA, Harvard, Vancouver, ISO, and other styles
You might also be interested in the extended bibliographies on the topic 'Malware Generation' for particular source types:
Journal articles
We offer discounts on all premium plans for authors whose works are included in thematic literature selections. Contact us to get a unique promo code!

To the bibliography