To see the other types of publications on this topic, follow the link: Malware Generation.
Journal articles on the topic 'Malware Generation'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 journal articles for your research on the topic 'Malware Generation.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Alireza, Khalilian, Nourazar Amir, Vahidi-Asl Mojtaba, and Haghighi Hassan. "G3MD: Mining frequent opcode sub-graphs for metamorphic malware detection of existing families." Expert Systems with Applications 112 (December 7, 2019): 15–33. https://doi.org/10.5281/zenodo.3566150.
Full textAbstract:
Attackers leverage various obfuscation techniques to create a metamorphic malware that can evade from detection by anti-malwares. To defeat, we propose Graph Mining for Metamorphic Malware Detection (G3MD), an intelligent system for static detection of metamorphic malwares. G3MD demonstrates one of the many aspects of what the current generation of machine-learning techniques and expert systems can do. It extends what is known about practical application of machine-learning techniques in the field of information security. It is intended to alleviate the burden of human experts and underlying costs. The novelty of G3MD is to apply graph mining on the opcode graphs of a metamorphic family of malwares to extract the frequent sub-graphs, so called <em>micro-signatures</em>. Based on these sub-graphs, a classifier is trained to distinguish between a benign file and a metamorphic malware. We conducted experiments on four families of metamorphic malwares common in previous studies, namely Next Generation Virus Generation Kit (NGVCK), Second Generation Virus Generator (G2), and Mass Produced Code Generation Kit (MPCGEN) viruses and Metamorphic Worm (MWOR) worms. The precision (over 99% in most cases) of metamorphic malware detection by the proposed approach corroborates its effectiveness over other existing approaches.
2
Liang, Guanghui, Jianmin Pang, Zheng Shan, Runqing Yang, and Yihang Chen. "Automatic Benchmark Generation Framework for Malware Detection." Security and Communication Networks 2018 (September 6, 2018): 1–8. http://dx.doi.org/10.1155/2018/4947695.
Full textAbstract:
To address emerging security threats, various malware detection methods have been proposed every year. Therefore, a small but representative set of malware samples are usually needed for detection model, especially for machine-learning-based malware detection models. However, current manual selection of representative samples from large unknown file collection is labor intensive and not scalable. In this paper, we firstly propose a framework that can automatically generate a small data set for malware detection. With this framework, we extract behavior features from a large initial data set and then use a hierarchical clustering technique to identify different types of malware. An improved genetic algorithm based on roulette wheel sampling is implemented to generate final test data set. The final data set is only one-eighteenth the volume of the initial data set, and evaluations show that the data set selected by the proposed framework is much smaller than the original one but does not lose nearly any semantics.
3
Singh, Avinash, Richard Adeyemi Ikuesan, and Hein Venter. "MalFe—Malware Feature Engineering Generation Platform." Computers 12, no. 10 (2023): 201. http://dx.doi.org/10.3390/computers12100201.
Full textAbstract:
The growing sophistication of malware has resulted in diverse challenges, especially among security researchers who are expected to develop mechanisms to thwart these malicious attacks. While security researchers have turned to machine learning to combat this surge in malware attacks and enhance detection and prevention methods, they often encounter limitations when it comes to sourcing malware binaries. This limitation places the burden on malware researchers to create context-specific datasets and detection mechanisms, a time-consuming and intricate process that involves a series of experiments. The lack of accessible analysis reports and a centralized platform for sharing and verifying findings has resulted in many research outputs that can neither be replicated nor validated. To address this critical gap, a malware analysis data curation platform was developed. This platform offers malware researchers a highly customizable feature generation process drawing from analysis data reports, particularly those generated in sandbox-based environments such as Cuckoo Sandbox. To evaluate the effectiveness of the platform, a replication of existing studies was conducted in the form of case studies. These studies revealed that the developed platform offers an effective approach that can aid malware detection research. Moreover, a real-world scenario involving over 3000 ransomware and benign samples for ransomware detection based on PE entropy was explored. This yielded an impressive accuracy score of 98.8% and an AUC of 0.97 when employing the decision tree algorithm, with a low latency of 1.51 ms. These results emphasize the necessity of the proposed platform while demonstrating its capacity to construct a comprehensive detection mechanism. By fostering community-driven interactive databanks, this platform enables the creation of datasets as well as the sharing of reports, both of which can substantially reduce experimentation time and enhance research repeatability.
4
Brezinski, Kenneth, and Ken Ferens. "Metamorphic Malware and Obfuscation: A Survey of Techniques, Variants, and Generation Kits." Security and Communication Networks 2023 (September 2, 2023): 1–41. http://dx.doi.org/10.1155/2023/8227751.
Full textAbstract:
The competing landscape between malware authors and security analysts is an ever-changing battlefield over who can innovate over the other. While security analysts are constantly updating their signatures of known malware, malware variants are changing their signature each time they infect a new host, leading to an endless game of cat and mouse. This survey looks at providing a thorough review of obfuscation and metamorphic techniques commonly used by malware authors. The main topics covered in this work are (1) to provide an overview of string-scanning techniques used by antivirus vendors and to explore the impact malware has had from a security and monetary perspective; (2) to provide an overview of the methods of obfuscation during disassembly, as well as methods of concealment using a combination of encryption and compression; (3) to provide a comprehensive list of the datasets we have available to us in malware research, including tools to obfuscate malware samples, and to finally (4) discuss the various ways Windows APIs are categorized and vectorized to identify malicious binaries, especially in the context of identifying obfuscated malware variants. This survey provides security practitioners a better understanding of the nature and makeup of the obfuscation employed by malware. It also provides a review of what are the main barriers to reverse-engineering malware for the purposes of uncovering their complexity and purpose.
5
Dugyala, Raman, N. Hanuman Reddy, V. Uma Maheswari, Gouse Baig Mohammad, Fayadh Alenezi, and Kemal Polat. "Analysis of Malware Detection and Signature Generation Using a Novel Hybrid Approach." Mathematical Problems in Engineering 2022 (January 19, 2022): 1–13. http://dx.doi.org/10.1155/2022/5852412.
Full textAbstract:
In recent years, malware detection has become necessary to improve system performance and prevent programs from infecting your computer. Signature-based malware failed to detect most new organisms. This article presents the hybrid technique to automatically generate and classify malicious signatures. The hybrid method is called the ANFIS-SSA approach. The hybrid system includes the Adaptive Neuro Fuzzy Interference System (ANFIS) and the Salp Swarm Optimization (SSA). Based on this observation, we propose a hybrid approach to detect malware using malware terminology and its API calls to each other. We create the master signature for the entire malware category, not the malicious template. This signature can also identify unknown extended variants of this class. We show our approach in some common malware classes, which show that each extended version of the malware class is recognized by its original signature. The proposed method is integrated into the Matlab/Simulink operating system and is comparable to existing secure methods. SAFE creates an abstract model for the malicious code and converts it to an internal representation.
6
Panduri, Bharathi, Madhurika Vummenthala, Spoorthi Jonnalagadda, Garwandha Ashwini, Naruvadi Nagamani, and Amanagati Akhila. "Dynamics and an efficient malware detection system using opcode sequence graph generation and ml algorithm." E3S Web of Conferences 184 (2020): 01009. http://dx.doi.org/10.1051/e3sconf/202018401009.
Full textAbstract:
IoT(Internet of things), for the most part, comprises of the various scope of Internet-associated gadgets and hubs. In the context of military and defence systems (called as IoBT) these gadgets could be personnel wearable battle outfits, tracking devices, cameras, clinical gadgets etc., The integrity and safety of these devices are critical in mission success and it is of utmost importance to keep them secure. One of the typical ways of the attack on these gadgets is through the use of malware, whose aim could be to compromise the device and or breach the communications. Generally, these IoBT gadgets and hubs are a much more significant target for cyber criminals due to the value they pose, more so than IoT devices. In this paper we attempt at creating a significant learning based procedure to distinguish, classify and tracksuch malware in IoBT(Internet of battlefield things) through operational codes progression. This is achieved by transforming the aforementioned OpCodes into a vector space, upon which a Deep Eigen space learning technique is applied to differentiate between harmful and safe applications. For robust classification, Support vector machine and n gram Sequencing algorithms are proposed in this paper. Moreover, we evaluate the quality of our proposed approach in malware recognition and also its maintainability against garbage code injection assault. These results are presented on a web page which has separate components and levels of accessibility for user and admin credentials. For the purpose of tracking the prevalence of various malwares on the network, counts and against garbage code injection assault. These results are presented on a web page which has separate components and levels of accessibility for user and admin credentials. For the purpose of tracking the prevalence of various malwares on the network, counts and trends of different malicious opcodes are displayed for both user and admin. Thereby our proposed approach will be beneficial for the users, especially for those who want to communicate confidential information within the network. It is also beneficial if a user wants to know whether a message is secure or not. This has also been made malware test accessible, which ideally will profit future research endeavors.
7
Binh, Nguyen Thien. "Viral Logical Concept Analysis for Malware Conceptual Hierarchy Generation." International Journal of Machine Learning and Computing 7, no. 4 (2017): 49–54. http://dx.doi.org/10.18178/ijmlc.2017.7.4.619.
Full text
8
Du, Yao, Mengtian Cui, and Xiaochun Cheng. "A Mobile Malware Detection Method Based on Malicious Subgraphs Mining." Security and Communication Networks 2021 (April 17, 2021): 1–11. http://dx.doi.org/10.1155/2021/5593178.
Full textAbstract:
As mobile phone is widely used in social network communication, it attracts numerous malicious attacks, which seriously threaten users’ personal privacy and data security. To improve the resilience to attack technologies, structural information analysis has been widely applied in mobile malware detection. However, the rapid improvement of mobile applications has brought an impressive growth of their internal structure in scale and attack technologies. It makes the timely analysis of structural information and malicious feature generation a heavy burden. In this paper, we propose a new Android malware identification approach based on malicious subgraph mining to improve the detection performance of large-scale graph structure analysis. Firstly, function call graphs (FCGs), sensitive permissions, and application programming interfaces (APIs) are generated from the decompiled files of malware. Secondly, two kinds of malicious subgraphs are generated from malware’s decompiled files and put into the feature set. At last, test applications’ safety can be automatically identified and classified into malware families by matching their FCGs with malicious structural features. To evaluate our approach, a dataset of 11,520 malware and benign applications is established. Experimental results indicate that our approach has better performance than three previous works and Androguard.
9
Bibi, Iram, Adnan Akhunzada, Jahanzaib Malik, Muhammad Khurram Khan, and Muhammad Dawood. "Secure Distributed Mobile Volunteer Computing with Android." ACM Transactions on Internet Technology 22, no. 1 (2022): 1–21. http://dx.doi.org/10.1145/3428151.
Full textAbstract:
Volunteer Computing provision of seamless connectivity that enables convenient and rapid deployment of greener and cheaper computing infrastructure is extremely promising to complement next-generation distributed computing systems. Undoubtedly, without tactile Internet and secure VC ecosystems, harnessing its full potentials and making it an alternative viable and reliable computing infrastructure is next to impossible. Android-enabled smart devices, applications, and services are inevitable for Volunteer computing. Contrarily, the progressive developments of sophisticated Android malware may reduce its exponential growth. Besides, Android malwares are considered the most potential and persistent cyber threat to mobile VC systems. To secure Android-based mobile volunteer computing, the authors proposed MulDroid, an efficient and self-learning autonomous hybrid (Long-Short-Term Memory, Convolutional Neural Network, Deep Neural Network) multi-vector Android malware threat detection framework. The proposed mechanism is highly scalable with well-coordinated infrastructure and self-optimizing capabilities to proficiently tackle fast-growing dynamic variants of sophisticated malware threats and attacks with 99.01% detection accuracy. For a comprehensive evaluation, the authors employed current state-of-the-art malware datasets (Android Malware Dataset, Androzoo) with standard performance evaluation metrics. Moreover, MulDroid is compared with our constructed contemporary hybrid DL-driven architectures and benchmark algorithms. Our proposed mechanism outperforms in terms of detection accuracy with a trivial tradeoff speed efficiency. Additionally, a 10-fold cross-validation is performed to explicitly show unbiased results.
10
Zou, Futai, Linsen Li, Yue Wu, Jianhua Li, Siyu Zhang, and Kaida Jiang. "Detecting Domain-Flux Malware Using DNS Failure Traffic." International Journal of Software Engineering and Knowledge Engineering 28, no. 02 (2018): 151–73. http://dx.doi.org/10.1142/s0218194018400016.
Full textAbstract:
Domain-Flux malware is hard to detect because of the variable C&C (Command and Control) domains which were randomly generated by the technique of domain generation algorithm (DGA). In this paper, we propose a Domain-Flux malware detection approach based on DNS failure traffic. The approach fully leverages the behavior of DNS failure traffic to recognize nine features, and then mines the DGA-generated domains by a clustering algorithm and determinable rules. Theoretical analysis and experimental results verify its efficiency with both test dataset and real-world dataset. On the test dataset, our approach can achieve a true positive rate of 99.82% at false positive rate of 0.39%. On the real-world dataset, the approach can also achieve a relatively high precision of 98.3% and find out 197,026 DGA domains by analyzing DNS traffic in campus network for seven days. We found 1213 hosts of Domain-Flux malware existing on campus network, including the known Conficker, Fosniw and several new Domain-Flux malwares that have never been reported before. We classified 197,026 DGA domains and gave the representative generated patterns for a better understanding of the Domain-Flux mechanism.
11
Karim, Md Enamul, Andrew Walenstein, Arun Lakhotia, and Laxmi Parida. "Malware phylogeny generation using permutations of code." Journal in Computer Virology 1, no. 1-2 (2005): 13–23. http://dx.doi.org/10.1007/s11416-005-0002-9.
Full text
12
Putri, Herika Andini, Nazel Djibran, and Rohmat Tulloh. "Implementation Of Next-Generation Firewalls To Protect Applications From Malware Attacks." Jurnal Indonesia Sosial Teknologi 4, no. 11 (2023): 1961–70. http://dx.doi.org/10.59141/jist.v4i11.797.
Full textAbstract:
Based on the rapid development of technology that has a positive and negative impact; one of the negative impacts is the leakage of data, called cybercrime. To overcome this, in this study, the design of the next-generation firewall (NGFW) protects technology and information systems from threats and malware attacks on technology and information systems. In this study, the Palo Alto firewall is implemented by configuring the firewall and testing the attack using malware. This test's results aim to prevent data loss, material loss, and paralysing of public services. Moreover, it is efficient and effective in scanning for variations of attacks without affecting network performance. The results' implications are expected to solve the problems faced perfectly. NGFW takes precautions by blocking malware access to its network traffic
13
Chandel, Tanmay. "Review of Malware and Phishing in the Current and Next Generation of the Internet." International Journal for Research in Applied Science and Engineering Technology 11, no. 5 (2023): 6499–502. http://dx.doi.org/10.22214/ijraset.2023.52927.
Full textAbstract:
Abstract: The advent of Web 2.0 and Web 3.0 technologies has created new opportunities for cybercriminals to launch malware and phishing attacks. This review paper aims to provide an overview of the current state of these types of attacks in Web 2.0 and Web 3.0 environments, as well as the tools and strategies that can be used to prevent them. The paper begins by defining malware and phishing and describing the basic methods used to execute these attacks. It then delves into the specific characteristics of Web 2.0 and Web 3.0 environments that make them vulnerable to these types of attacks. For example, the ability to share information and collaborate in real time in Web 2.0 environments can create opportunities for cybercriminals to exploit trust relationships and launch phishing attacks. In Web 3.0 environments, the use of blockchain and decentralized technologies introduces new challenges for preventing malware and phishing attacks. The paper discusses the the functioning and the procedures which are followed in the event of a malware attack or phishing attack in unison with social engineering and also takes a look at a case study of a real life phishing attack in web 3.0. The paper concludes by outlining some of the key tools and strategies that can be used to prevent malware and phishing attacks in Web 2.0 and Web 3.0 environments. These include technical measures such as anti-malware software, firewalls, and spam filters, as well as user education and training to recognize and avoid phishing attacks. Overall, the paper provides a comprehensive overview of the current state of malware and phishing attacks in Web 2.0 and Web 3.0 environments, as well as the strategies and tools that can be used to prevent them. As the use of these technologies continues to grow, it is essential that individuals and organizations take steps to protect themselves against these types of cyber attacks.
14
J., Ramya. "A Scalable Solution Partially Supervised Approach for Generation of Family Signatures against Android Malware." Journal of Android and IOS Applications and Testing 3, no. 3 (2018): 25–29. https://doi.org/10.5281/zenodo.1995240.
Full textAbstract:
Reducing the effort people need to combat malware is extremely practical. We portray a versatile, semi-administered structure to look at extensive datasets of Android applications and distinguish new malware families. Until 2010 the industry standard for the detection of pests. The applications are mainly based on signatures. Because every tiny change in malware makes them ineffective, often new signatures are created a task that requires a lot of time and resources from experienced experts. With the framework we suggest, applications can be automatically grouped into families and propose formal rules to identify them with 100% recall and fairly high accuracy. The families are either used to safely expand the expertise of experts on new samples or to reduce the number of applications requires thorough analysis. We have shown the effectiveness and scalability of the current approach Experiments in a database of 1.5 million Android applications. In 2018, the structure was effective sent on Koodous, a community oriented enemy of malware stage.
15
Djufri, Faiz Iman, and Charles Lim. "Revealing and Sharing Malware Profile Using Malware Threat Intelligence Platform." ACMIT Proceedings 6, no. 1 (2021): 72–82. http://dx.doi.org/10.33555/acmit.v6i1.100.
Full textAbstract:
Cyber Security is an interchange between attackers and defenders, a non-static balancing force. The increasing trend of novel security threats and security incidents, which does not seem to be stopping, prompts the need to add another line of security defences. This is because the risk management and risk detection has become virtually impossible due to the limited access towards user data and the variations of modern threat taxonomies. The traditional strategy of self-discovery and signature detection which has a static nature is now obsolete in facing threats of the new generation with a dynamic nature; threats which are resilient, complex, and evasive. Therefore, this thesis discusses the use of MISP and The Triad Investigation approach to share the Indicator of Compromise on Cyber Intelligence Sharing Platform to be able to address the newt threats.
16
Aslan, Ömer, Merve Ozkan-Okay, and Deepti Gupta. "A Review of Cloud-Based Malware Detection System: Opportunities, Advances and Challenges." European Journal of Engineering and Technology Research 6, no. 3 (2021): 1–8. http://dx.doi.org/10.24018/ejers.2021.6.3.2372.
Full textAbstract:
Cloud computing has an important role in all aspects of storing information and providing services online. It brings several advantages over traditional storing and sharing schema such as an easy access, on-request storage, scalability and decreasing cost. Using its rapidly developing technologies can bring many advantages to the protection of Internet of Things (IoT), Cyber-Physical Systems (CPS) from a variety of cyber-attacks, where IoT, CPS provides facilities to humans in their daily lives. Since malicious software (malware) is increasing exponentially and there is no well-known approach to detecting malware, the usage of cloud environments to detect malware can be a promising method. A new generation of malware is using advanced obfuscation and packing techniques to escape from detection systems. This situation makes almost impossible to detect complex malware by using a traditional detection approach. The paper presents an extensive review of cloud-based malware detection approach and provides a vision to understand the benefit of cloud for protection of IoT, CPS from cyber-attack. This research explains advantages and disadvantages of cloud environments in detecting malware and also proposes a cloud-based malware detection framework, which uses a hybrid approach to detect malware.
17
Aslan, Ömer, Merve Ozkan-Okay, and Deepti Gupta. "A Review of Cloud-Based Malware Detection System: Opportunities, Advances and Challenges." European Journal of Engineering and Technology Research 6, no. 3 (2021): 1–8. http://dx.doi.org/10.24018/ejeng.2021.6.3.2372.
Full textAbstract:
Cloud computing has an important role in all aspects of storing information and providing services online. It brings several advantages over traditional storing and sharing schema such as an easy access, on-request storage, scalability and decreasing cost. Using its rapidly developing technologies can bring many advantages to the protection of Internet of Things (IoT), Cyber-Physical Systems (CPS) from a variety of cyber-attacks, where IoT, CPS provides facilities to humans in their daily lives. Since malicious software (malware) is increasing exponentially and there is no well-known approach to detecting malware, the usage of cloud environments to detect malware can be a promising method. A new generation of malware is using advanced obfuscation and packing techniques to escape from detection systems. This situation makes almost impossible to detect complex malware by using a traditional detection approach. The paper presents an extensive review of cloud-based malware detection approach and provides a vision to understand the benefit of cloud for protection of IoT, CPS from cyber-attack. This research explains advantages and disadvantages of cloud environments in detecting malware and also proposes a cloud-based malware detection framework, which uses a hybrid approach to detect malware.
18
Yu, Chii Heng, and Ismahani Ismail. "Obfuscated Computer Malware Classification Based on Significant Opcode." ELEKTRIKA- Journal of Electrical Engineering 23, no. 2 (2024): 157–62. http://dx.doi.org/10.11113/elektrika.v23n2.565.
Full textAbstract:
Computer malware has greatly impacted the computer network securities and even personal computer users. Signature-based detection is incapable to recognize the obfuscated computer malware since it is being covered by the obfuscation techniques. Therefore, machine learning is being explored and equipped in the malware detection to withstand the threaten of malware. In fact, there are many features available, i.e., text string to be implemented for malware classification. Nevertheless, opcode could be one of the features owing to its relative smaller data size compared to the text string. In this research, the significant opcodes of executable malware files which referring to the prevalent content from malware-to-malware generation are extracted as training dataset. Several machine learning classifiers are generated and compared in terms of classification accuracy and speed, as well as the comparison is done with text string-based detection and signature-based detection. From the finding, it is shown that machine learning detection performs more than 2 times better than signature based and machine learning generated based-on significant opcode features is able to detect obfuscated malware over 10 times faster than text string feature and still achieve up to 98% of accuracy.
19
Zhang, Hong, Shigen Shen, Qiying Cao, Xiaojun Wu, and Shaofeng Liu. "Modeling and analyzing malware diffusion in wireless sensor networks based on cellular automaton." International Journal of Distributed Sensor Networks 16, no. 11 (2020): 155014772097294. http://dx.doi.org/10.1177/1550147720972944.
Full textAbstract:
Wireless sensor networks, as a multi-hop self-organized network system formed by wireless communication, are vulnerable to malware diffusion by breaking the data confidentiality and service availability, owing to their low configuration and weak defense mechanism. To reveal the rules of malware diffusion in the really deployed wireless sensor networks, we propose a model called Malware Diffusion Based on Cellular Automaton to describe the dynamics of malware diffusion based on cellular automaton. According to the model, we first analyze and obtain the differential equations, which can reflect the various state dynamics of sensor nodes with cellular automaton. Then, we attain the equilibrium points of the model Malware Diffusion Based on Cellular Automaton to determine the threshold for whether malware will diffuse or die out in wireless sensor networks. Furthermore, we compute the basic regeneration number of the model Malware Diffusion Based on Cellular Automaton using the next-generation matrix and prove the stability of the equilibrium points. Finally, via experimental simulation, we verify the effectiveness of the model Malware Diffusion Based on Cellular Automaton, which can provide administrators with the theoretical guidance on suppressing malware diffusion in wireless sensor networks.
20
Putri, Herika Andini, Rohmat Tulloh, and Nazel Djibran. "Implementasi Perangkat Next Generation Firewall untuk Melindungi Aplikasi dari Serangan Malware." Jurnal Informatika Universitas Pamulang 8, no. 2 (2023): 322–29. http://dx.doi.org/10.32493/informatika.v8i2.33656.
Full textAbstract:
Based on the rapid development of technology, which has positive and negative impacts, one of the negative impacts is data leakage, called cybercrime. This is very dangerous and causes huge losses. In addition, the most commonly found cybercrimes are malware threats, phishing, DDoS, and others. In this study, the implementation of the Paloalto firewall is carried out by configuring the firewall, as is the attack testing stage using malware such as Eicar, ransomware, Trojans, Dos, and web filtering. The results of this test aim to prevent the risk of data loss, material loss, and the paralysis of public services. And to be efficient and effective in scanning for a variety of attacks without affecting network performance. The implications of the results found are expected to solve the problem at hand perfectly. NGFW performs prevention by blocking access to malware that enters its network traffic. This research also implements NGFW, where firewall configuration is carried out, namely by creating a rule policy on the firewall. In this study, an evaluation of network performance was carried out after the implementation of NGFW and firewall configuration. The results show that the use of NGFW and rule policies on firewalls can improve network security efficiently and effectively. It is hoped that these results can overcome the paralysis of public services due to malware attacks and improve network performance.
21
Tong, Yu, Hao Liang, Hailong Ma, Shuai Zhang, and Xiaohan Yang. "A Survey on Reinforcement Learning-Driven Adversarial Sample Generation for PE Malware." Electronics 14, no. 12 (2025): 2422. https://doi.org/10.3390/electronics14122422.
Full textAbstract:
Malware remains a central tool in cyberattacks, and systematic research into adversarial attack techniques targeting malware is crucial in advancing detection and defense systems that can evolve over time. Although numerous review articles already exist in this area, there is still a lack of comprehensive exploration into emerging artificial intelligence technologies such as reinforcement learning from the attacker’s perspective. To address this gap, we propose a foundational reinforcement learning (RL)-based framework for adversarial malware generation and develop a systematic evaluation methodology to dissect the internal mechanisms of generative models across multiple key dimensions, including action space design, state space representation, and reward function construction. Drawing from a comprehensive review and synthesis of the existing literature, we identify several core findings. (1) The scale of the action space directly affects the model training efficiency. Meanwhile, factors such as the action diversity, operation determinism, execution order, and modification ratio indirectly influence the quality of the generated adversarial samples. (2) Comprehensive and sensitive state feature representations can compensate for the information loss caused by binary feedback from real-world detection engines, thereby enhancing both the effectiveness and stability of attacks. (3) A multi-dimensional reward signal effectively mitigates the policy fragility associated with single-metric rewards, improving the agent’s adaptability in complex environments. (4) While the current RL frameworks applied to malware generation exhibit diverse architectures, they share a common core: the modeling of discrete action spaces and continuous state spaces. In addition, this work explores future research directions in the area of adversarial malware generation and outlines the open challenges and critical issues faced by defenders in responding to such threats. Our goal is to provide both a theoretical foundation and practical guidance for building more robust and adaptive security detection mechanisms.
22
Thanh, Cong Truong, and Ivan Zelinka. "A Survey on Artificial Intelligence in Malware as Next-Generation Threats." MENDEL 25, no. 2 (2019): 27–34. http://dx.doi.org/10.13164/mendel.2019.2.027.
Full textAbstract:
Recent developments in Artificial intelligence (AI) have a vast transformative potential for both cybersecurity defenders and cybercriminals. Anti-malware solutions adopt intelligent techniques to detect and prevent threats to the digital space. In contrast, cybercriminals are aware of the new prospects too and will probably try to use it in their activities. This survey aims at providing an overview on the way artificial intelligence can be used to power a malicious program that is: intelligent evasion techniques, autonomous malware, AI against itself, and applying bio-inspired computation and swarm intelligence.
23
Kamarudin, Nur Khairani, Ahmad Firdaus, Mohd Zamri Osman, et al. "The Rise of Deep Learning in Cyber Security: Bibliometric Analysis of Deep Learning and Malware." JOIV : International Journal on Informatics Visualization 8, no. 3 (2024): 1398. http://dx.doi.org/10.62527/joiv.8.3.1535.
Full textAbstract:
Deep learning is a machine learning technology that allows computational models to learn via experience, mimicking human cognitive processes. This method is critical in the development of identifying certain objects, and provides the computational intelligence required to identify multiple objects and distinguish it between object A or Object B. On the other hand, malware is defined as malicious software that seeks to harm or disrupt computers and systems. Its main categories include viruses, worms, Trojan horses, spyware, adware, and ransomware. Hence, many deep learning researchers apply deep learning in their malware studies. However, few articles still investigate deep learning and malware in a bibliometric approach (productivity, research area, institutions, authors, impact journals, and keyword analysis). Hence, this paper reports bibliometric analysis used to discover current and future trends and gain new insights into the relationship between deep learning and malware. This paper’s discoveries include: Deployment of deep learning to detect domain generation algorithm (DGA) attacks; Deployment of deep learning to detect malware in Internet of Things (IoT); The rise of adversarial learning and adversarial attack using deep learning; The emergence of Android malware in deep learning; The deployment of transfer learning in malware research; and active authors on deep learning and malware research, including Soman KP, Vinayakumar R, and Zhang Y.
24
Satoh, Akihiro, Yutaka Fukuda, Gen Kitagata, and Yutaka Nakamura. "A Word-Level Analytical Approach for Identifying Malicious Domain Names Caused by Dictionary-Based DGA Malware." Electronics 10, no. 9 (2021): 1039. http://dx.doi.org/10.3390/electronics10091039.
Full textAbstract:
Computer networks are facing serious threats from the emergence of malware with sophisticated DGAs (Domain Generation Algorithms). This type of DGA malware dynamically generates domain names by concatenating words from dictionaries for evading detection. In this paper, we propose an approach for identifying the callback communications of such dictionary-based DGA malware by analyzing their domain names at the word level. This approach is based on the following observations: These malware families use their own dictionaries and algorithms to generate domain names, and accordingly, the word usages of malware-generated domains are distinctly different from those of human-generated domains. Our evaluation indicates that the proposed approach is capable of achieving accuracy, recall, and precision as high as 0.9989, 0.9977, and 0.9869, respectively, when used with labeled datasets. We also clarify the functional differences between our approach and other published methods via qualitative comparisons. Taken together, these results suggest that malware-infected machines can be identified and removed from networks using DNS queries for detected malicious domain names as triggers. Our approach contributes to dramatically improving network security by providing a technique to address various types of malware encroachment.
25
Mester, Attila. "Malware Analysis and Static Call Graph Generation with Radare2." Studia Universitatis Babeș-Bolyai Informatica 68, no. 1 (2023): 5–20. http://dx.doi.org/10.24193/subbi.2023.1.01.
Full textAbstract:
"A powerful feature used in automated malware analysis is the static call graph of the executable file. Elimination of sandbox environment, fast scan, function call patterns beyond instruction level information – all of these motivate the prevalence of the feature. Processing and storing the static call graph of malicious samples in a scaled manner facilitates the application of complex network analysis in malware research. IDA Pro is one of the leading disassembler tools in the industry and can generate the call graph via GenCallGdl and GenFuncGdl APIs – a tool which was used in our previous works. In this paper an alternative analysis method is presented using another disassembler tool, Radare2, an open-source Unixbased software, which is also frequently used in this domain. Radare2 has Python support (among other languages), via the r2pipe package, thus enabling full scalability on Linux-based servers using containerized solutions. This paper offers a detailed technical description on how to use Radare2 to generate the static call graph of a PE file and a thorough comparison with the output of IDA Pro, as well as a public dataset on which the experiments were carried out. 2010 Mathematics Subject Classification. 68P25, 68P30. 1998 CR Categories and Descriptors. D.4.6 [Security and Protection]: Subtopic – Invasive software. Key words and phrases. malware analysis, static call graph, radare2, IDA Pro."
26
Hou, Ronghao, Dongjie Liu, Xiaobo Jin, Jian Weng, and Guanggang Geng. "A malware detection method with function parameters encoding and function dependency modeling." PeerJ Computer Science 11 (June 13, 2025): e2946. https://doi.org/10.7717/peerj-cs.2946.
Full textAbstract:
As computers are widely used in people’s work and daily lives, malware has become an increasing threat to network security. Although researchers have introduced traditional machine learning and deep learning methods to conduct extensive research on functions in malware detection, these methods have largely ignored the analysis of function parameters and functional dependencies. To address these limitations, we propose a new malware detection method. Specifically, we first design a parameter encoder to convert various types of function parameters into feature vectors, and then discretize various parameter features through clustering methods to enhance the representation of API encoding. Additionally, we design a deep neural network to capture functional dependencies, enabling the generation of robust semantic representations of function sequences. Experiments on a large-scale malware detection dataset demonstrate that our method outperforms other techniques, achieving 98.62% accuracy and a 98.40% F1-score. Furthermore, the results of ablation experiments show the important role of function parameters and functional dependencies in malware detection.
27
Aslan, Ömer, Refik Samet, and Ömer Özgür Tanrıöver. "Using a Subtractive Center Behavioral Model to Detect Malware." Security and Communication Networks 2020 (February 27, 2020): 1–17. http://dx.doi.org/10.1155/2020/7501894.
Full textAbstract:
In recent years, malware has evolved by using different obfuscation techniques; due to this evolution, the detection of malware has become problematic. Signature-based and traditional behavior-based malware detectors cannot effectively detect this new generation of malware. This paper proposes a subtractive center behavior model (SCBM) to create a malware dataset that captures semantically related behaviors from sample programs. In the proposed model, system paths, where malware behaviors are performed, and malware behaviors themselves are taken into consideration. This way malicious behavior patterns are differentiated from benign behavior patterns. Features that could not exceed the specified score are removed from the dataset. The datasets created using the proposed model contain far fewer features than the datasets created by n-gram and other models that have been used in other studies. The proposed model can handle both known and unknown malware, and the obtained detection rate and accuracy of the proposed model are higher than those of the known models. To show the effectiveness of the proposed model, 2 datasets with score and without score are created by using SCBM. In total, 6700 malware samples and 3000 benign samples are tested. The results are compared with those derived from n-gram and models from other studies in the literature. The test results show that, by combining the proposed model with an appropriate machine learning algorithm, the detection rate, false positive rate, and accuracy are measured as 99.9%, 0.2%, and 99.8%, respectively.
28
Xuan, Bona, Jin Li, and Yafei Song. "SFCWGAN-BiTCN with Sequential Features for Malware Detection." Applied Sciences 13, no. 4 (2023): 2079. http://dx.doi.org/10.3390/app13042079.
Full textAbstract:
In the field of adversarial attacks, the generative adversarial network (GAN) has shown better performance. There have been few studies applying it to malware sample supplementation, due to the complexity of handling discrete data. More importantly, unbalanced malware family samples interfere with the analytical power of malware detection models and mislead malware classification. To address the problem of the impact of malware family imbalance on accuracy, a selection feature conditional Wasserstein generative adversarial network (SFCWGAN) and bidirectional temporal convolutional network (BiTCN) are proposed. First, we extract the features of malware Opcode and API sequences and use Word2Vec to represent features, emphasizing the semantic logic between API tuning and Opcode calling sequences. Second, the Spearman correlation coefficient and the whale optimization algorithm extreme gradient boosting (WOA-XGBoost) algorithm are combined to select features, filter out invalid features, and simplify structure. Finally, we propose a GAN-based sequence feature generation algorithm. Samples were generated using the conditional Wasserstein generative adversarial network (CWGAN) on the imbalanced malware family dataset, added to the trainset to supplement the samples, and trained on BiTCN. In comparison, in tests on the Kaggle and DataCon datasets, the model achieved detection accuracies of 99.56% and 96.93%, respectively, which were 0.18% and 2.98% higher than the models of other methods.
29
Abdullahi, S. M., A. Mohammed, R. Y. Ibrahim, and A. S. Shamsuddeen. "Detection of Algorithmically Generated Domain Names using Ensemble Machine Learning Technique." Advances in Multidisciplinary and scientific Research Journal Publication 2, no. 2 (2023): 27–34. http://dx.doi.org/10.22624/aims/csean-smart2023p4.
Full textAbstract:
Prior to now, cyber attackers use malwares with hard-coded domain names stored in the malware binaries that communicate with a command and control (C&C) servers to launch cyber-attacks on their victim computers. Malware attacks such as botnets and ransomwares are some of the most prevalent forms of these attacks. As soon as a system is infected with a malware (either a botnet or a ransomware), one of the most essential components is to establish a secured communication with the botmaster (i.e., the malware author), through a C&C server. However, with a simple reverse engineering technique, cyber security experts could detect and block these domain names, hence, denying them the ability to communicate with the C&C servers and from receiving further instructions from the botmaster. This led to cyber criminals developing the Domain Generation Algorithm (DGA) technique, which algorithmically generate thousands or more candidate’s domain names for communication with the C&C server, thereby obfuscating the domain names of these malwares and making it difficult for cyber security experts to detect or block these domain names. This paper therefore proposes an ensemble machine learning technique for the detection and classification of algorithmically generated domain names (AGDNs) leveraging the combined strength of 4 different machine learning algorithms: Naïve Bayes, SVM, Random Forest and CART. The models were trained twice, first with 4 features and thereafter with 10 features. In order to effectively utilise the result of the predictions, we used a voting-based ensemble approach, where the final classification is decided by the majority vote of the algorithms. Result of the research shows that the Naïve Bayes model performed better than all the other models with an accuracy of 97.54% when trained with 10 features and 95.99% when trained with 4 features. Keywords: WSN, DDoS, Intrusion Detection System, Random Forest, Machine Learning. Proceedings Citation Format Abdullahi, S.M., Mohammed, A., Ibrahim, R.Y. & Shamsuddeen, A. (2023): Detection of Algorithmically Generated Domain Names using Ensemble Machine Learning Technique. Proceedings of the Cyber Secure Nigeria Conference. Nigerian Army Resource Centre (NARC) Abuja, Nigeria. 11-12th July, 2023. Pp 27-34. https://cybersecurenigeria.org/conference-proceedings/volume-2-2023/ dx.doi.org/10.22624/AIMS/CSEAN-SMART2023P2.
30
De Donno, Michele, Nicola Dragoni, Alberto Giaretta, and Angelo Spognardi. "DDoS-Capable IoT Malwares: Comparative Analysis and Mirai Investigation." Security and Communication Networks 2018 (2018): 1–30. http://dx.doi.org/10.1155/2018/7178164.
Full textAbstract:
The Internet of Things (IoT) revolution has not only carried the astonishing promise to interconnect a whole generation of traditionally “dumb” devices, but also brought to the Internet the menace of billions of badly protected and easily hackable objects. Not surprisingly, this sudden flooding of fresh and insecure devices fueled older threats, such as Distributed Denial of Service (DDoS) attacks. In this paper, we first propose an updated and comprehensive taxonomy of DDoS attacks, together with a number of examples on how this classification maps to real-world attacks. Then, we outline the current situation of DDoS-enabled malwares in IoT networks, highlighting how recent data support our concerns about the growing in popularity of these malwares. Finally, we give a detailed analysis of the general framework and the operating principles of Mirai, the most disruptive DDoS-capable IoT malware seen so far.
31
Sohrabi, Shirin, Octavian Udrea, and Anton Riabov. "Hypothesis Exploration for Malware Detection Using Planning." Proceedings of the AAAI Conference on Artificial Intelligence 27, no. 1 (2013): 883–89. http://dx.doi.org/10.1609/aaai.v27i1.8552.
Full textAbstract:
In this paper we apply AI planning to address the hypothesis exploration problem and provide assistance to network administrators in detecting malware based on unreliable observations derived from network traffic.Building on the already established characterization and use of AI planning for similar problems, we propose a formulation of the hypothesis generation problem for malware detection as an AI planning problem with temporally extended goals and actions costs. Furthermore, we propose a notion of hypothesis ``plausibility'' under unreliable observations, which we model as plan quality. We then show that in the presence of unreliable observations, simply finding one most ``plausible'' hypothesis, although challenging, is not sufficient for effective malware detection. To that end, we propose a method for applying a state-of-the-art planner within a principled exploration process, to generate multiple distinct high-quality plans. We experimentally evaluate this approach by generating random problems of varying hardness both with respect to the number of observations, as well as the degree of unreliability. Based on these experiments, we argue that our approach presents a significant improvement over prior work that are focused on finding a single optimal plan, and that our hypothesis exploration application can motivate the development of new planners capable of generating the top high-quality plans.
32
Botacin, Marcus, Hojjat Aghakhani, Stefano Ortolani, et al. "One Size Does Not Fit All." ACM Transactions on Privacy and Security 24, no. 2 (2021): 1–31. http://dx.doi.org/10.1145/3429741.
Full textAbstract:
Malware analysis is an essential task to understand infection campaigns, the behavior of malicious codes, and possible ways to mitigate threats. Malware analysis also allows better assessment of attackers’ capabilities, techniques, and processes. Although a substantial amount of previous work provided a comprehensive analysis of the international malware ecosystem, research on regionalized, country-, and population-specific malware campaigns have been scarce. Moving towards addressing this gap, we conducted a longitudinal (2012-2020) and comprehensive (encompassing an entire population of online banking users) study of MS Windows desktop malware that actually infected Brazilian banks’ users. We found that the Brazilian financial desktop malware has been evolving quickly: it started to make use of a variety of file formats instead of typical PE binaries, relied on native system resources, and abused obfuscation techniques to bypass detection mechanisms. Our study on the threats targeting a significant population on the ecosystem of the largest and most populous country in Latin America can provide invaluable insights that may be applied to other countries’ user populations, especially those in the developing world that might face cultural peculiarities similar to Brazil’s. With this evaluation, we expect to motivate the security community/industry to seriously consider a deeper level of customization during the development of next-generation anti-malware solutions, as well as to raise awareness towards regionalized and targeted Internet threats.
33
Niu, Weina, Ting Li, Xiaosong Zhang, Teng Hu, Tianyu Jiang, and Heng Wu. "Using XGBoost to Discover Infected Hosts Based on HTTP Traffic." Security and Communication Networks 2019 (November 6, 2019): 1–11. http://dx.doi.org/10.1155/2019/2182615.
Full textAbstract:
In recent years, the number of malware and infected hosts has increased exponentially, which causes great losses to governments, enterprises, and individuals. However, traditional technologies are difficult to timely detect malware that has been deformed, confused, or modified since they usually detect hosts before being infected by malware. Host detection during malware infection can make up for their deficiency. Moreover, the infected host usually sends a connection request to the command and control (C&C) server using the HTTP protocol, which generates malicious external traffic. Thus, if the host is found to have malicious external traffic, the host may be a host infected by malware. Based on the background, this paper uses HTTP traffic combined with eXtreme Gradient Boosting (XGBoost) algorithm to detect infected hosts in order to improve detection efficiency and accuracy. The proposed approach uses a template automatic generation algorithm to generate feature templates for HTTP headers and uses XGBoost algorithm to distinguish between malicious traffic and normal traffic. We conduct a performance analysis to demonstrate that our approach is efficient using dataset, which includes malware traffic from MALWARE-TRAFFIC-ANALYSIS.NET and normal traffic from UNSW-NB 15. Experimental results show that the detection speed is about 1859 HTTP traffic per second, and the detection accuracy reaches 98.72%, and the false positive rate is less than 1%.
34
Shabtai, Asaf, Eitan Menahem, and Yuval Elovici. "F-Sign: Automatic, Function-Based Signature Generation for Malware." IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews) 41, no. 4 (2011): 494–508. http://dx.doi.org/10.1109/tsmcc.2010.2068544.
Full text
35
Arbore, Andrea, and Vincenzo Antonio Fioriti. "Topological protection from the next generation malware: a survey." International Journal of Critical Infrastructures 9, no. 1/2 (2013): 52. http://dx.doi.org/10.1504/ijcis.2013.051603.
Full text
36
Salehi, Zahra, Ashkan Sami, and Mahboobe Ghiasi. "Using feature generation from API calls for malware detection." Computer Fraud & Security 2014, no. 9 (2014): 9–18. http://dx.doi.org/10.1016/s1361-3723(14)70531-7.
Full text
37
Abdurrachman, Fauzi, Bambang Suharjo, and Yudhi Biantoro. "Optimization of Malware Code Insertion Using MD5 Collision." Journal on Education 7, no. 2 (2025): 10124–34. https://doi.org/10.31004/joe.v7i2.7594.
Full textAbstract:
The contemporary digital landscape relies heavily on the MD5 hash algorithm for ensuring data integrity, yet its susceptibility to collision attacks raises concerns about its security in modern cybersecurity practices. This study delves into the weaknesses of MD5 collisions, particularly focusing on the Unicoll technique. By embedding malicious code into files while preserving their original MD5 hash values, the research aims to demonstrate the potential security risks associated with MD5 collisions. The experiment successfully generates collisions between modified files containing malware and their unaltered counterparts, showcasing MD5's vulnerability to collision attacks. Moving forward, future research could explore methods for embedding malware that evades detection by anti-malware solutions, expand embedding techniques to encompass various file formats, and investigate alternative collision generation methods for improved efficiency and effectiveness. These endeavors offer promising directions for advancing cybersecurity measures and mitigating malware threats in the digital landscape.
38
Awan, Mazhar Javed, Osama Ahmed Masood, Mazin Abed Mohammed, et al. "Image-Based Malware Classification Using VGG19 Network and Spatial Convolutional Attention." Electronics 10, no. 19 (2021): 2444. http://dx.doi.org/10.3390/electronics10192444.
Full textAbstract:
In recent years the amount of malware spreading through the internet and infecting computers and other communication devices has tremendously increased. To date, countless techniques and methodologies have been proposed to detect and neutralize these malicious agents. However, as new and automated malware generation techniques emerge, a lot of malware continues to be produced, which can bypass some state-of-the-art malware detection methods. Therefore, there is a need for the classification and detection of these adversarial agents that can compromise the security of people, organizations, and countless other forms of digital assets. In this paper, we propose a spatial attention and convolutional neural network (SACNN) based on deep learning framework for image-based classification of 25 well-known malware families with and without class balancing. Performance was evaluated on the Malimg benchmark dataset using precision, recall, specificity, precision, and F1 score on which our proposed model with class balancing reached 97.42%, 97.95%, 97.33%, 97.11%, and 97.32%. We also conducted experiments on SACNN with class balancing on benign class, also produced above 97%. The results indicate that our proposed model can be used for image-based malware detection with high performance, despite being simpler as compared to other available solutions.
39
Cara, Fabrizio, Michele Scalas, Giorgio Giacinto, and Davide Maiorca. "On the Feasibility of Adversarial Sample Creation Using the Android System API." Information 11, no. 9 (2020): 433. http://dx.doi.org/10.3390/info11090433.
Full textAbstract:
Due to its popularity, the Android operating system is a critical target for malware attacks. Multiple security efforts have been made on the design of malware detection systems to identify potentially harmful applications. In this sense, machine learning-based systems, leveraging both static and dynamic analysis, have been increasingly adopted to discriminate between legitimate and malicious samples due to their capability of identifying novel variants of malware samples. At the same time, attackers have been developing several techniques to evade such systems, such as the generation of evasive apps, i.e., carefully-perturbed samples that can be classified as legitimate by the classifiers. Previous work has shown the vulnerability of detection systems to evasion attacks, including those designed for Android malware detection. However, most works neglected to bring the evasive attacks onto the so-called problem space, i.e., by generating concrete Android adversarial samples, which requires preserving the app’s semantics and being realistic for human expert analysis. In this work, we aim to understand the feasibility of generating adversarial samples specifically through the injection of system API calls, which are typical discriminating characteristics for malware detectors. We perform our analysis on a state-of-the-art ransomware detector that employs the occurrence of system API calls as features of its machine learning algorithm. In particular, we discuss the constraints that are necessary to generate real samples, and we use techniques inherited from interpretability to assess the impact of specific API calls to evasion. We assess the vulnerability of such a detector against mimicry and random noise attacks. Finally, we propose a basic implementation to generate concrete and working adversarial samples. The attained results suggest that injecting system API calls could be a viable strategy for attackers to generate concrete adversarial samples. However, we point out the low suitability of mimicry attacks and the necessity to build more sophisticated evasion attacks.
40
Alazab, Moutaz. "Automated Malware Detection in Mobile App Stores Based on Robust Feature Generation." Electronics 9, no. 3 (2020): 435. http://dx.doi.org/10.3390/electronics9030435.
Full textAbstract:
Many Internet of Things (IoT) services are currently tracked and regulated via mobile devices, making them vulnerable to privacy attacks and exploitation by various malicious applications. Current solutions are unable to keep pace with the rapid growth of malware and are limited by low detection accuracy, long discovery time, complex implementation, and high computational costs associated with the processor speed, power, and memory. Therefore, an automated intelligence technique is necessary for detecting apps containing malware and effectively predicting cyberattacks in mobile marketplaces. In this study, a system for classifying mobile marketplaces applications using real-world datasets is proposed, which analyzes the source code to identify malicious apps. A rich feature set of application programming interface (API) calls is proposed to capture the regularities in apps containing malicious content. Two feature-selection methods—Chi-Square and ANOVA—were examined in conjunction with ten supervised machine-learning algorithms. The detection accuracy of each classifier was evaluated to identify the most reliable classifier for malware detection using various feature sets. Chi-Square was found to have a higher detection accuracy as compared to ANOVA. The proposed system achieved a detection accuracy of 98.1% with a classification time of 1.22 s. Furthermore, the proposed system required a reduced number of API calls (500 instead of 9000) to be incorporated as features.
41
Catak, Ferhat Ozgur, Javed Ahmed, Kevser Sahinbas, and Zahid Hussain Khand. "Data augmentation based malware detection using convolutional neural networks." PeerJ Computer Science 7 (January 22, 2021): e346. http://dx.doi.org/10.7717/peerj-cs.346.
Full textAbstract:
Due to advancements in malware competencies, cyber-attacks have been broadly observed in the digital world. Cyber-attacks can hit an organization hard by causing several damages such as data breach, financial loss, and reputation loss. Some of the most prominent examples of ransomware attacks in history are WannaCry and Petya, which impacted companies’ finances throughout the globe. Both WannaCry and Petya caused operational processes inoperable by targeting critical infrastructure. It is quite impossible for anti-virus applications using traditional signature-based methods to detect this type of malware because they have different characteristics on each contaminated computer. The most important feature of this type of malware is that they change their contents using their mutation engines to create another hash representation of the executable file as they propagate from one computer to another. To overcome this method that attackers use to camouflage malware, we have created three-channel image files of malicious software. Attackers make different variants of the same software because they modify the contents of the malware. In the solution to this problem, we created variants of the images by applying data augmentation methods. This article aims to provide an image augmentation enhanced deep convolutional neural network (CNN) models for detecting malware families in a metamorphic malware environment. The main contributions of the article consist of three components, including image generation from malware samples, image augmentation, and the last one is classifying the malware families by using a CNN model. In the first component, the collected malware samples are converted into binary file to 3-channel images using the windowing technique. The second component of the system create the augmented version of the images, and the last part builds a classification model. This study uses five different deep CNN model for malware family detection. The results obtained by the classifier demonstrate accuracy up to 98%, which is quite satisfactory.
42
Ilić, Slaviša, Milan Gnjatović, Brankica Popović, and Nemanja Maček. "A pilot comparative analysis of the Cuckoo and Drakvuf sandboxes: An end-user perspective." Vojnotehnicki glasnik 70, no. 2 (2022): 372–92. http://dx.doi.org/10.5937/vojtehg70-36196.
Full textAbstract:
Introduction/purpose: This paper reports on a pilot comparative analysis of the Cuckoo and Drakvuf sandboxes. These sandboxes are selected as the subjects of the analysis because of their popularity in the professional community and their complementary approaches to analyzing malware behavior. Methods: Both sandboxes were set up with basic configurations and confronted with the same set of malware samples. The evaluation was primarily conducted with respect to the question of to what extent a sandbox is helpful to the human analyst in malware analysis. Thus, only the information available in Web console reports was considered. Results: Drakvuf is expected to perform better when confronted with evasive malware and so-called "file-less" malware. Although still not mature in terms of integration, customization and tools, this sandbox is considered a second generation sandbox because of its agentless design. On the other hand, the Cuckoo sandbox creates a better overall experience: it is supported through good documentation and strong professional community, better integrated with various tools, support more virtualization, operating system and sample types, and generates more informative reports. Even with a smaller capacity to prevent evasive malware, its Python 2 agent script makes it more powerful than Drakvuf. Conclusion: To achieve the optimal open-source sandbox-based protection, it is recommended to apply both the Cuckoo and Drakvuf sandboxes. In circumstances of limited resources, applying the Cuckoo sandbox is preferable, especially if exposure to malware deploying evading techniques is not frequently expected.
43
Rao, Sanaboyina Madhusudhana, Arpit Jain, PVSS Gangadhar, and Vinay Sowpati. "Intellectual Feature Ranking Model with Correlated Feature Set based Malware Detection in Cloud environment using Machine Learning." International Journal on Recent and Innovation Trends in Computing and Communication 11, no. 9 (2023): 187–98. http://dx.doi.org/10.17762/ijritcc.v11i9.8334.
Full textAbstract:
Malware detection for cloud systems has been studied extensively, and many different approaches have been developed and implemented in an effort to stay ahead of this ever-evolving threat. Malware refers to any programme or defect that is designed to duplicate itself or cause damage to the system's hardware or software. These attacks are designed specifically to cause harm to operational systems, but they are invisible to the human eye. One of the most exciting developments in data storage and service delivery today is cloud computing. There are significant benefits to be gained over more conventional protection methods by making use of this fast evolving technology to protect computer-based systems from cyber-related threats. Assets to be secured may reside in any networked computing environment, including but not limited to Cyber Physical Systems (CPS), critical systems, fixed and portable computers, mobile devices, and the Internet of Things (IoT). Malicious software or malware refers to any programme that intentionally compromises a computer system in order to compromise its security, privacy, or availability. A cloud-based intelligent behavior analysis model for malware detection system using feature set is proposed to identify the ever-increasing malware attacks. The suggested system begins by collecting malware samples from several virtual machines, from which unique characteristics can be extracted easily. Then, the malicious and safe samples are separated using the features provided to the learning-based and rule-based detection agents. To generate a relevant feature set for accurate malware detection, this research proposes an Intellectual Feature Ranking Model with Correlated Feature Set (IFR-CFS) model using enhanced logistic regression model for accurate detection of malware in the cloud environment. The proposed model when compared to the traditional feature selection model, performs better in generation of feature set for accurate detection of malware.
44
Hu, Zhanhui, Guangzhong Liu, Xinyu Xiang, Yanping Li, and Siqing Zhuang. "GSB: GNGS and SAG-BiGRU network for malware dynamic detection." PLOS ONE 19, no. 4 (2024): e0298809. http://dx.doi.org/10.1371/journal.pone.0298809.
Full textAbstract:
With the rapid development of the Internet, the continuous increase of malware and its variants have brought greatly challenges for cyber security. Due to the imbalance of the data distribution, the research on malware detection focuses on the accuracy of the whole data sample, while ignoring the detection rate of the minority categories’ malware. In the dataset sample, the normal data samples account for the majority, while the attacks’ malware accounts for the minority. However, the minority categories’ attacks will bring great losses to countries, enterprises, or individuals. For solving the problem, this study proposed the GNGS algorithm to construct a new balance dataset for the model algorithm to pay more attention to the feature learning of the minority attacks’ malware to improve the detection rate of attacks’ malware. The traditional malware detection method is highly dependent on professional knowledge and static analysis, so we used the Self-Attention with Gate mechanism (SAG) based on the Transformer to carry out feature extraction between the local and global features and filter irrelevant noise information, then extracted the long-distance dependency temporal sequence features by the BiGRU network, and obtained the classification results through the SoftMax classifier. In the study, we used the Alibaba Cloud dataset for malware multi-classification. Compared the GSB deep learning network model with other current studies, the experimental results showed that the Gaussian noise generation strategy (GNGS) could solve the unbalanced distribution of minority categories’ malware and the SAG-BiGRU algorithm obtained the accuracy rate of 88.7% on the eight-classification, which has better performance than other existing algorithms, and the GSB model also has a good effect on the NSL-KDD dataset, which showed the GSB model is effective for other network intrusion detection.
45
Emmah, Victor T., Chidiebere Ugwu, and Laeticia N. Onyejegbu. "An Enhanced Classification Model for Likelihood of Zero-Day Attack Detection and Estimation." European Journal of Electrical Engineering and Computer Science 5, no. 4 (2021): 69–75. http://dx.doi.org/10.24018/ejece.2021.5.4.350.
Full textAbstract:
The growing threat to sensitive information stored in computer systems and devices is becoming alarming. This is as a result of the proliferation of different malware created on a daily basis to cause zero-day attacks. Most of the malware whose signatures are known can easily be detected and blocked, however, the unknown malwares are the most dangerous. In this paper a zero-day vulnerability model based on deep-reinforcement learning is presented. The technique employs a Monte Carlo Based Pareto Rule (Deep-RL-MCB-PR) approach that exploits a reward learning and training feature with sparse feature generation and adaptive multi-layered recurrent prediction for the detection and subsequent mitigation of zero-day threats. The new model has been applied to the Kyoto benchmark datasets for intrusion detection systems, and compared to an existing system, that uses a multi-layer protection and a rule-based ranking (RBK) approach to detect a zero-day attack likelihood. Experiments were performed using the dataset, and simulation results show that the Deep-RL-MCB-PR technique when measured with the classification accuracy metrics, produced about 67.77%. The dataset was further magnified, and the result of classification accuracy showed about 75.84%. These results account for a better error response when compared to the RBK technique.
46
T, Maheshwaran. "SECURING PDFS: AN INNOVATIVE LSTM ALGORITHM FOR IMAGE-BASED MALWARE DETECTION." INTERANTIONAL JOURNAL OF SCIENTIFIC RESEARCH IN ENGINEERING AND MANAGEMENT 08, no. 05 (2024): 1–5. http://dx.doi.org/10.55041/ijsrem34090.
Full textAbstract:
The proposed system aims to enhance the current approach to combating PDF malware by addressing a key vulnerability in existing systems—specifically, the generation of evasive variants capable of bypassing machine learning based classifiers. Unlike the current system, the proposed solution leverages a hybrid algorithm and Variational Autoencoder (VAE) approach. Notably, it incorporates a pre-trained model to significantly reduce training time without compromising accuracy. This innovative combination of techniques presents an efficient and effective solution for image-based malware detection. In comparative testing, our proposed system outperforms the existing system, demonstrating superior accuracy and faster training times. By integrating hybrid algorithms and VAE, our approach provides an advanced defense against the evolving landscape of PDF based mal- ware threats. Keywords: Variational Autoencoder (VAE), PDF-based malware threats
47
Kiran, Vadduri Uday. "HAVAE – An Advanced Approach for Malware Detection Using Deep Learning." International Journal for Research in Applied Science and Engineering Technology 12, no. 3 (2024): 2740–46. http://dx.doi.org/10.22214/ijraset.2024.59303.
Full textAbstract:
Abstract: The dynamic situation of cybersecurity necessitates continuous adaptation to the evolving and sophisticated nature of malware. This study proposes an innovative approach to enhancing threat detection methodologies by combining Adversarial Autoencoders (AAEs) and Variational Autoencoders (VAEs) for unsupervised malware detection. AAEs, with their EncoderDecoder structure and adversarial techniques, are integrated with VAEs to discern latent representations which are crucial for discriminating between malware and harmless software. This model, referred to as Hybrid Adversarial-Variational Autoencoder (HAVAE), takes advantage of both of their strengths architectures, capturing nuanced features within a latent space through unsupervised learning. The HAVAE model employs the Reparameterization Technique, crucial for sampling latent variables, ensuring the generation of realistic samples while retaining discriminative attributes essential for accurate malware identification. Through comprehensive evaluations across diverse datasets, the efficiency of HAVAE is assessed using metrics encompassing precision, recall, and F1-score. The evaluation underscores the model's robust ability to detect malicious software effectively, emphasizing its potential as a versatile cybersecurity tool. This innovative approach represents a revolution in cybersecurity, utilizing the strength of unsupervised learning techniques, AAEs, and VAEs. The findings signify a significant advancement in adaptive and resilient malware detection systems, illuminating pathways for improved threat identification and mitigation in the ever-evolving cybersecurity landscape
48
Metcalf, Leigh, and Jonathan M. Spring. "The Ecosystem of Detection and Blocklisting of Domain Generation." Digital Threats: Research and Practice 2, no. 3 (2021): 1–22. http://dx.doi.org/10.1145/3423951.
Full textAbstract:
Malware authors use domain generation algorithms to establish more reliable communication methods that can avoid reactive defender blocklisting techniques. Network defense has sought to supplement blocklists with methods for detecting machine-generated domains. We present a repeatable evaluation and comparison of the available open source detection methods. We designed our evaluation with multiple interrelated aspects, to improve both interpretability and realism. In addition to evaluating detection methods, we assess the impact of the domain generation ecosystem on prior results about the nature of blocklists and how they are maintained. The results of the evaluation of open source detection methods finds all methods are inadequate for practical use. The results of the blocklist impact study finds that generated domains decrease the overlap among blocklists; however, while the effect is large in relative terms, the baseline is so small that the core conclusions of the prior work are sustained. Namely, that blocklist construction is very targeted, context-specific, and as a result blocklists do no overlap much. We recommend that Domain Generation Algorithm detection should also be similarly narrowly targeted to specific algorithms and specific malware families, rather than attempting to create general-purpose detection for machine-generated domains.
49
Peng, Xiaowei, Hequn Xian, Qian Lu, and Xiuqing Lu. "Semantics aware adversarial malware examples generation for black-box attacks." Applied Soft Computing 109 (September 2021): 107506. http://dx.doi.org/10.1016/j.asoc.2021.107506.
Full text
50
Tang, Cong, Jiangyong Shi, Yi Yang, and Yuexiang Yang. "Malware Detection Model Based on Deep Convolution Generation Adversarial Network." Journal of Physics: Conference Series 1738 (January 2021): 012110. http://dx.doi.org/10.1088/1742-6596/1738/1/012110.
Full text