Um die anderen Arten von Veröffentlichungen zu diesem Thema anzuzeigen, folgen Sie diesem Link: Identify malware.
Zeitschriftenartikel zum Thema „Identify malware“
Geben Sie eine Quelle nach APA, MLA, Chicago, Harvard und anderen Zitierweisen an
Machen Sie sich mit Top-50 Zeitschriftenartikel für die Forschung zum Thema "Identify malware" bekannt.
Neben jedem Werk im Literaturverzeichnis ist die Option "Zur Bibliographie hinzufügen" verfügbar. Nutzen Sie sie, wird Ihre bibliographische Angabe des gewählten Werkes nach der nötigen Zitierweise (APA, MLA, Harvard, Chicago, Vancouver usw.) automatisch gestaltet.
Sie können auch den vollen Text der wissenschaftlichen Publikation im PDF-Format herunterladen und eine Online-Annotation der Arbeit lesen, wenn die relevanten Parameter in den Metadaten verfügbar sind.
Sehen Sie die Zeitschriftenartikel für verschiedene Spezialgebieten durch und erstellen Sie Ihre Bibliographie auf korrekte Weise.
1
Suryati, One Tika, und Avon Budiono. „Impact Analysis of Malware Based on Call Network API With Heuristic Detection Method“. International Journal of Advances in Data and Information Systems 1, Nr. 1 (01.04.2020): 1–8. http://dx.doi.org/10.25008/ijadis.v1i1.176.
Der volle Inhalt der QuelleAnnotation:
Malware is a program that has a negative influence on computer systems that don't have user permissions. The purpose of making malware by hackers is to get profits in an illegal way. Therefore, we need a malware analysis. Malware analysis aims to determine the specifics of malware so that security can be built to protect computer devices. One method for analyzing malware is heuristic detection. Heuristic detection is an analytical method that allows finding new types of malware in a file or application. Many malwares are made to attack through the internet because of technological advancements. Based on these conditions, the malware analysis is carried out using the API call network with the heuristic detection method. This aims to identify the behavior of malware that attacks the network. The results of the analysis carried out are that most malware is spyware, which is lurking user activity and retrieving user data without the user's knowledge. In addition, there is also malware that is adware, which displays advertisements through pop-up windows on computer devices that interfaces with user activity. So that with these results, it can also be identified actions that can be taken by the user to protect his computer device, such as by installing antivirus or antimalware, not downloading unauthorized applications and not accessing unsafe websites.
2
Yuswanto, Andrie, und Budi Wibowo. „A SYSTEMATIC REVIEW METHOD FOR SECURITY ANALYSIS OF INTERNET OF THINGS ON HONEYPOT DETECTION“. TEKNOKOM 4, Nr. 1 (24.05.2021): 16–20. http://dx.doi.org/10.31943/teknokom.v4i1.54.
Der volle Inhalt der QuelleAnnotation:
A very significant increase in the spread of malware has resulted in malware analysis. A recent approach to using the internet of things has been put forward by many researchers. Iot tool learning approaches as a more effective and efficient approach to dealing with malware compared to conventional approaches. At the same time, the researchers transformed the honeypot as a device capable of gathering malware information. The honeypot is designed as a malware trap and is stored on the provided system. Then log the managed events and gather information about the activity and identity of the attacker. This paper aims to use a honeypot in machine learning to deal with malware The Systematic Literature Review (SLR) method was used to identify 207. Then 10 papers were selected to be investigated based on inclusion and exclusion criteria. . The technique used by most researchers is to utilize the available honeypot dataset. Meanwhile, based on the type of malware being analyzed, honeypot in machine learning is mostly used to collect IoT-based malware.
3
Bai, Jinrong, Qibin Shi und Shiguang Mu. „A Malware and Variant Detection Method Using Function Call Graph Isomorphism“. Security and Communication Networks 2019 (22.09.2019): 1–12. http://dx.doi.org/10.1155/2019/1043794.
Der volle Inhalt der QuelleAnnotation:
The huge influx of malware variants are generated using packing and obfuscating techniques. Current antivirus software use byte signature to identify known malware, and this method is easy to be deceived and generally ineffective for identifying malware variants. Antivirus experts use hash signature to verify if captured sample is one of the malware databases, and this method cannot recognize malware variants whose hash signatures have changed completely. Function call graph is a high-level abstraction representation of a program and more stable and resilient than byte or hash signature. In this paper, function call graph is used as signature of a program, and two kinds of graph isomorphism algorithms are employed to identify known malware and its variants. Four experiments are designed to evaluate the performance of the proposed method. Experimental results indicate that the proposed method is effective and efficient for identifying known malware and a portion of their variants. The proposed method can also be used to index and locate a large-scale malware database and group malware to the corresponding family.
4
Bai, Jin Rong, Shi Guang Mu und Guo Zhong Zou. „The Application of Machine Learning to Study Malware Evolution“. Applied Mechanics and Materials 530-531 (Februar 2014): 875–78. http://dx.doi.org/10.4028/www.scientific.net/amm.530-531.875.
Der volle Inhalt der QuelleAnnotation:
Malware evolves for the same reasons that ordinary software evolves. Like any other software product, the standard genetic operators selection, crossover and mutation are applied to evolve new malware. Recognizing and modeling how these malware evolve and are related is an important problem in the area of malware analysis. Grouping individual malware samples into malware families is not a new idea, and content-based comparison approaches have been proposed. Content-based approaches are hard to identify the real behavior of malware and it is inherently susceptible to inaccuracies due to polymorphic and metamorphic techniques. In this paper, we leveraged dynamic analysis approach to classify malware variants. The results demonstrate that our technique is able to recognize and group malware programs that behave similarly, achieving a better precision than previous approaches. The major advantage of our approach is that it can precisely tracks the sensitive information of malware behavior and is immune to obfuscation attempts. Our research is conducive to study the problem of malware classification, malware naming, and the phylogeny of malware.
5
Et. al., Balal Sohail. „Macro Based Malware Detection System“. Turkish Journal of Computer and Mathematics Education (TURCOMAT) 12, Nr. 3 (10.04.2021): 5776–87. http://dx.doi.org/10.17762/turcomat.v12i3.2254.
Der volle Inhalt der QuelleAnnotation:
Macro based Malware has taken a great rise is these recent years, Attackers are now using this malware for hacking purposes. This virus is embedded inside the macro of a word document and can be used to infect the victim’s machine. These infected files are usually sent through emails and all antivirus software are unable to detect the virus due to the format of the file. Due to the format being a rich text file and not an executable file, the infected file is able to bypass all security. Hence it is necessary to develop a detection system for such attacks to help reduce the threat.
Technical research is carried out to identify the tools and techniques essential in the completion of this system. Research on methodology is done to finalise which development cycle will be used and how functions will be carried out at each phase of the development cycle. This paper outlines the problems that people face once they are attacked through macro malwares and the way it can be mitigated. Lastly, all information necessary to start the implementation has been gathered and analysed
6
Susanto, Susanto, M. Agus Syamsul Arifin, Deris Stiawan, Mohd Yazid Idris und Rahmat Budiarto. „The trend malware source of IoT network“. Indonesian Journal of Electrical Engineering and Computer Science 22, Nr. 1 (01.04.2021): 450. http://dx.doi.org/10.11591/ijeecs.v22.i1.pp450-459.
Der volle Inhalt der QuelleAnnotation:
<span>Malware may disrupt the internet of thing (IoT) system/network when it resides in the network, or even harm the network operation. Therefore, malware detection in the IoT system/network becomes an important issue. Research works related to the development of IoT malware detection have been carried out with various methods and algorithms to increase detection accuracy. The majority of papers on malware literature studies discuss mobile networks, and very few consider malware on IoT networks. This paper attempts to identify problems and issues in IoT malware detection presents an analysis of each step in the malware detection as well as provides alternative taxonomy of literature related to IoT malware detection. The focuses of the discussions include malware repository dataset, feature extraction methods, the detection method itself, and the output of each conducted research. Furthermore, a comparison of malware classification approaches accuracy used by researchers in detecting malware in IoT is presented.</span>
7
Muhtadi, Adib Fakhri, und Ahmad Almaarif. „Analysis of Malware Impact on Network Traffic using Behavior-based Detection Technique“. International Journal of Advances in Data and Information Systems 1, Nr. 1 (01.04.2020): 17–25. http://dx.doi.org/10.25008/ijadis.v1i1.14.
Der volle Inhalt der QuelleAnnotation:
Malware is a software or computer program that is used to carry out malicious activity. Malware is made with the aim of harming user’s device because it can change user’s data, use up bandwidth and other resources without user's permission. Some research has been done before to identify the type of malware and its effects. But previous research only focused on grouping the types of malware that attack via network traffic. This research analyzes the impact of malware on network traffic using behavior-based detection techniques. This technique analyzes malware by running malware samples into an environment and monitoring the activities caused by malware samples. To obtain accurate results, the analysis is carried out by retrieving API call network information and network traffic activities. From the analysis of the malware API call network, information is generated about the order of the API call network used by malware. Using the network traffic, obtained malware activities by analyzing the behavior of network traffic malware, payload, and throughput of infected traffic. Furthermore, the results of the API call network sequence used by malware and the results of network traffic analysis, are analyzed so that the impact of malware on network traffic can be determined.
8
Muhtadi, Adib Fakhri, und Ahmad Almaarif. „Analysis of Malware Impact on Network Traffic using Behavior-based Detection Technique“. International Journal of Advances in Data and Information Systems 1, Nr. 1 (09.03.2020): 17–25. http://dx.doi.org/10.25008/ijadis.v1i1.8.
Der volle Inhalt der QuelleAnnotation:
Malware is a software or computer program that is used to carry out malicious activity. Malware is made with the aim of harming users because it can change users' data, use up bandwidth and other resources without the user's permission. Some research has been done before to identify the type of malware and its effects. But previous research only focused on grouping the types of malware that attack via network traffic. P. This research analyzes the impact of malware on network traffic using behavior-based detection techniques. This technique analyzes malware by running malware samples into an environment and monitoring the activities caused by malware samples. To obtain accurate results, the analysis is carried out by retrieving API call network information and network traffic activities. From the analysis of the malware call network API , information is generated about the order of the call network API used by malware . Then from the network traffic, obtained malware activities by analyzing the behavior of network traffic malware, payload, and bandwidth of infected traffic. Furthermore, the results of the call network API sequence used by malware and the results of network traffic analysis, are analyzed so that the impact of malware can be determined on network traffic.
9
Martín, Ignacio, José Alberto Hernández, Alfonso Muñoz und Antonio Guzmán. „Android Malware Characterization Using Metadata and Machine Learning Techniques“. Security and Communication Networks 2018 (08.07.2018): 1–11. http://dx.doi.org/10.1155/2018/5749481.
Der volle Inhalt der QuelleAnnotation:
Android malware has emerged as a consequence of the increasing popularity of smartphones and tablets. While most previous work focuses on inherent characteristics of Android apps to detect malware, this study analyses indirect features and metadata to identify patterns in malware applications. Our experiments show the following: (1) the permissions used by an application offer only moderate performance results; (2) other features publicly available at Android markets are more relevant in detecting malware, such as the application developer and certificate issuer; and (3) compact and efficient classifiers can be constructed for the early detection of malware applications prior to code inspection or sandboxing.
10
Kalash, Mahmoud, Mrigank Rochan, Noman Mohammed, Neil Bruce, Yang Wang und Farkhund Iqbal. „A Deep Learning Framework for Malware Classification“. International Journal of Digital Crime and Forensics 12, Nr. 1 (Januar 2020): 90–108. http://dx.doi.org/10.4018/ijdcf.2020010105.
Der volle Inhalt der QuelleAnnotation:
In this article, the authors propose a deep learning framework for malware classification. There has been a huge increase in the volume of malware in recent years which poses serious security threats to financial institutions, businesses, and individuals. In order to combat the proliferation of malware, new strategies are essential to quickly identify and classify malware samples. Nowadays, machine learning approaches are becoming popular for malware classification. However, most of these approaches are based on shallow learning algorithms (e.g. SVM). Recently, convolutional neural networks (CNNs), a deep learning approach, have shown superior performance compared to traditional learning algorithms, especially in tasks such as image classification. Inspired by this, the authors propose a CNN-based architecture to classify malware samples. They convert malware binaries to grayscale images and subsequently train a CNN for classification. Experiments on two challenging malware classification datasets, namely Malimg and Microsoft, demonstrate that their method outperforms competing state-of-the-art algorithms.
11
Hama Saeed, Mariwan Ahmed. „Malware in Computer Systems: Problems and Solutions“. IJID (International Journal on Informatics for Development) 9, Nr. 1 (19.04.2020): 1. http://dx.doi.org/10.14421/ijid.2020.09101.
Der volle Inhalt der QuelleAnnotation:
Malware is a harmful programme, which infects computer systems, deletes data files and steals valuable information. Malware can attack personal and organization computer systems. In this paper, the most recent and dangerous types of malware, including CovidLock Ransomware, have been analysed and the most suitable countermeasures of malware have been provided. The purpose of this paper is to suggest manually removing malware through a range of tools. It investigates whether the University of Halabja employees are protected against malware or not and it hypothesizes that the university of Halabja employees are not protected in a great level against malware attacks. A questionnaire has been conducted and analysed. The results of the questionnaire confirmed that the university of Halabja employees are not crucially protected. Therefore, it works to propose a sufficient way to make the whole organization protected. This research can be extended to include public and private universities across Kurdistan region in order to identify the most secure university in this region against malware attacks.
12
Christiana, Abikoye Oluwakemi, Benjamin Aruwa Gyunka und Akande Noah. „Android Malware Detection through Machine Learning Techniques: A Review“. International Journal of Online and Biomedical Engineering (iJOE) 16, Nr. 02 (12.02.2020): 14. http://dx.doi.org/10.3991/ijoe.v16i02.11549.
Der volle Inhalt der QuelleAnnotation:
<p class="0abstract">The open source nature of Android Operating System has attracted wider adoption of the system by multiple types of developers. This phenomenon has further fostered an exponential proliferation of devices running the Android OS into different sectors of the economy. Although this development has brought about great technological advancements and ease of doing businesses (e-commerce) and social interactions, they have however become strong mediums for the uncontrolled rising cyberattacks and espionage against business infrastructures and the individual users of these mobile devices. Different cyberattacks techniques exist but attacks through malicious applications have taken the lead aside other attack methods like social engineering. Android malware have evolved in sophistications and intelligence that they have become highly resistant to existing detection systems especially those that are signature-based. Machine learning techniques have risen to become a more competent choice for combating the kind of sophistications and novelty deployed by emerging Android malwares. The models created via machine learning methods work by first learning the existing patterns of malware behaviour and then use this knowledge to separate or identify any such similar behaviour from unknown attacks. This paper provided a comprehensive review of machine learning techniques and their applications in Android malware detection as found in contemporary literature.</p>
13
Rinaldi, Aditia. „Implementasi Fuzzy Hashing untuk Signature Malware“. Jurnal ULTIMA Computing 6, Nr. 1 (01.06.2014): 33–38. http://dx.doi.org/10.31937/sk.v6i1.293.
Der volle Inhalt der QuelleAnnotation:
Cryptographic hash value has long been used as a database of signatures to identify malware. The most widely used is the MD5 and/or SHA256. In addition, there are fuzzy hashing that slightly different from the traditional hash: length hash value is not fixed and hash value can be used to calculate the degree of similarity of some malware that may still be a variant. This research use ssdeep tool to calculate fuzzy hash. Database signature with fuzzy hash is smaller than SHA256 and larger than MD5. The level of accuracy for the detection of script-based malware variants is greater than the executable-based malware variants.
Index Terms—file signature, fuzzy hashing, malware signature, rolling hashing, sha
14
Alswaina, Fahad, und Khaled Elleithy. „Android Malware Family Classification and Analysis: Current Status and Future Directions“. Electronics 9, Nr. 6 (05.06.2020): 942. http://dx.doi.org/10.3390/electronics9060942.
Der volle Inhalt der QuelleAnnotation:
Android receives major attention from security practitioners and researchers due to the influx number of malicious applications. For the past twelve years, Android malicious applications have been grouped into families. In the research community, detecting new malware families is a challenge. As we investigate, most of the literature reviews focus on surveying malware detection. Characterizing the malware families can improve the detection process and understand the malware patterns. For this reason, we conduct a comprehensive survey on the state-of-the-art Android malware familial detection, identification, and categorization techniques. We categorize the literature based on three dimensions: type of analysis, features, and methodologies and techniques. Furthermore, we report the datasets that are commonly used. Finally, we highlight the limitations that we identify in the literature, challenges, and future research directions regarding the Android malware family.
15
Suryati, One Tika, und Avon Budiono. „Impact Analysis of Malware Based on Call Network API With Heuristic Detection Method“. International Journal of Advances in Data and Information Systems 1, Nr. 1 (10.03.2020): 8. http://dx.doi.org/10.25008/ijadis.v1i1.2.
Der volle Inhalt der QuelleAnnotation:
Malware is a program that has a negative influence on computer systems that do not have user permission. The purpose of malware by hackers is to gain profit in an illegal way. Therefore we need a malware analysis that aims to find out the specifics of malware so that security can be built to protect computer devices. One method for analyzing malware is heuristic detection. Heuristic detection is an analytical method that allows to find new types of malware in a file or application. A lot of malware is created to attack through the internet because of technological advances. Under these conditions, a malware analysis is performed using the call network API with the heuristic detection method. This aims to identify the behavior of malware that attacks the network. The results of the analysis carried out is that most malware is spyware, which is lurking for user activity and retrieving user data without the user's knowledge. In addition, there is also malware that is as adware, which displays advertisements through pop-up windows on computer devices that interfere with user activity. So with these results, it can also be identified actions that can be taken by users to protect their computer devices, such as by installing antivirus or antimalware, not downloading unauthorized applications and not accessing insecure websites.
16
Singh, Jaiteg, Deepak Thakur, Farman Ali, Tanya Gera und Kyung Sup Kwak. „Deep Feature Extraction and Classification of Android Malware Images“. Sensors 20, Nr. 24 (08.12.2020): 7013. http://dx.doi.org/10.3390/s20247013.
Der volle Inhalt der QuelleAnnotation:
The Android operating system has gained popularity and evolved rapidly since the previous decade. Traditional approaches such as static and dynamic malware identification techniques require a lot of human intervention and resources to design the malware classification model. The real challenge lies with the fact that inspecting all files of the application structure leads to high processing time, more storage, and manual effort. To solve these problems, optimization algorithms and deep learning has been recently tested for mitigating malware attacks. This manuscript proposes Summing of neurAl aRchitecture and VisualizatiOn Technology for Android Malware identification (SARVOTAM). The system converts the malware non-intuitive features into fingerprint images to extract the quality information. A fine-tuned Convolutional Neural Network (CNN) is used to automatically extract rich features from visualized malware thus eliminating the feature engineering and domain expert cost. The experiments were done using the DREBIN dataset. A total of fifteen different combinations of the Android malware image sections were used to identify and classify Android malware. The softmax layer of CNN was substituted with machine learning algorithms like K-Nearest Neighbor (KNN), Support Vector Machine (SVM), and Random Forest (RF) to analyze the grayscale malware images. It observed that CNN-SVM model outperformed original CNN as well as CNN-KNN, and CNN-RF. The classification results showed that our method is able to achieve an accuracy of 92.59% using Android certificates and manifest malware images. This paper reveals the lightweight solution and much precise option for malware identification.
17
Vassallo, Evan W., und Kevin Manaugh. „Spatially Clustered Autonomous Vehicle Malware: Producing New Urban Geographies of Inequity“. Transportation Research Record: Journal of the Transportation Research Board 2672, Nr. 1 (23.08.2018): 66–75. http://dx.doi.org/10.1177/0361198118794057.
Der volle Inhalt der QuelleAnnotation:
Malicious software (malware) is both a hurdle to autonomous vehicle (AV) adoption and a serious threat to AV occupant safety. Yet, to date, the topic of how subnational transportation decision makers should handle this cybersecurity threat has been underexplored. This paper describes how malware can spread through vehicle-to-X networks and infect AVs to a non-technical planning audience. It then explains how AV malware can cluster spatially in linguistic, socioeconomic, and political enclaves of American cities. Since AVs can identify new indicators of safety imperceptible to humans, malware clusters can produce new geographies of accessibility, mobility, economic, and environmental inequity across a city. In provisioning the inherently localized technical malware prevention tools available to them, subnational transportation planners have the capacity to reproduce or overcome historical and current transportation system inequities.
18
Bai, Jinrong, Junfeng Wang und Guozhong Zou. „A Malware Detection Scheme Based on Mining Format Information“. Scientific World Journal 2014 (2014): 1–11. http://dx.doi.org/10.1155/2014/260905.
Der volle Inhalt der QuelleAnnotation:
Malware has become one of the most serious threats to computer information system and the current malware detection technology still has very significant limitations. In this paper, we proposed a malware detection approach by mining format information of PE (portable executable) files. Based on in-depth analysis of the static format information of the PE files, we extracted 197 features from format information of PE files and applied feature selection methods to reduce the dimensionality of the features and achieve acceptable high performance. When the selected features were trained using classification algorithms, the results of our experiments indicate that the accuracy of the top classification algorithm is 99.1% and the value of the AUC is 0.998. We designed three experiments to evaluate the performance of our detection scheme and the ability of detecting unknown and new malware. Although the experimental results of identifying new malware are not perfect, our method is still able to identify 97.6% of new malware with 1.3% false positive rates.
19
T, Sai Tejeshwar Reddy. „An Enhanced Novel GA-based Malware Detection in End Systems Using Structured and Unstructured Data by Comparing Support Vector Machine and Neural Network“. Revista Gestão Inovação e Tecnologias 11, Nr. 2 (05.06.2021): 1514–25. http://dx.doi.org/10.47059/revistageintec.v11i2.1777.
Der volle Inhalt der QuelleAnnotation:
Aim: The aim of the work is to perform android malware detection using Structured and Unstructured data by comparing Neural Network algorithms and SVM. Materials and Methods: consider two groups such as Support Vector Machine and Neural Network. For each algorithm take N=10 samples from the dataset collected and perform two iterations on each algorithm to identify the Malware Detection. Result: The accuracy results of the Neural Network model has potential up to (82.91%) and the Support Vector Machine algorithm has an accuracy of (79.67%) for Android malware detection with the significance value of (p=0.007). Conclusion: classification of android malware detection using Neural Network algorithm shows better accuracy than SVM.
20
Garg, Gourav, Ashutosh Sharma* und Anshul Arora. „SFDroid: Android Malware Detection using Ranked Static Features“. International Journal of Recent Technology and Engineering 10, Nr. 1 (30.05.2021): 142–52. http://dx.doi.org/10.35940/ijrte.a5804.0510121.
Der volle Inhalt der QuelleAnnotation:
Over the past few years, malware attacks have risen in huge numbers on the Android platform. Significant threats are posed by these attacks which may cause financial loss, information leakage, and damage to the system. Around 25 million smartphones were infected with malware within the first half of 2019 that depicts the seriousness of these attacks. Taking into account the danger posed by the Android malware to the users' community, we aim to develop a static Android malware detector named SFDroid that analyzes manifest file components for malware detection. In this work, first, the proposed model ranks the manifest features according to their frequency in normal and malicious apps. This helps us to identify the significant features present in normal and malware datasets. Additionally, we apply support thresholds to remove the unnecessary and redundant features from the rankings. Further, we propose a novel algorithm that uses the ranked features, and several machine learning classifiers to detect Android malware. The experimental results demonstrate that by using the Random Forest classifier at 10% support threshold, the proposed model gives a detection accuracy of 95.90% with 36 manifest components.
21
Narayanan, Ajit, Yi Chen, Shaoning Pang und Ban Tao. „The Effects of Different Representations on Static Structure Analysis of Computer Malware Signatures“. Scientific World Journal 2013 (2013): 1–8. http://dx.doi.org/10.1155/2013/671096.
Der volle Inhalt der QuelleAnnotation:
The continuous growth of malware presents a problem for internet computing due to increasingly sophisticated techniques for disguising malicious code through mutation and the time required to identify signatures for use by antiviral software systems (AVS). Malware modelling has focused primarily on semantics due to the intended actions and behaviours of viral and worm code. The aim of this paper is to evaluate a static structure approach to malware modelling using the growing malware signature databases now available. We show that, if malware signatures are represented as artificial protein sequences, it is possible to apply standard sequence alignment techniques in bioinformatics to improve accuracy of distinguishing between worm and virus signatures. Moreover, aligned signature sequences can be mined through traditional data mining techniques to extract metasignatures that help to distinguish between viral and worm signatures. All bioinformatics and data mining analysis were performed on publicly available tools and Weka.
22
Bai, Jin Rong, Zhen Zhou An, Guo Zhong Zou und Shi Guang Mu. „A Dynamic Malware Detection Approach by Mining the Frequency of API Calls“. Applied Mechanics and Materials 519-520 (Februar 2014): 309–12. http://dx.doi.org/10.4028/www.scientific.net/amm.519-520.309.
Der volle Inhalt der QuelleAnnotation:
Dynamic detection method based on software behavior is an efficient and effective way for anti-virus technology. Malware and benign executable differ mainly in the implementation of some special behavior to propagation and destruction. A program's execution flow is essentially equivalent to the stream of API calls. Analyzing the API calls frequency from six kinds of behaviors in the same time has the very well differentiate between malicious and benign executables. This paper proposed a dynamic malware detection approach by mining the frequency of sensitive native API calls and described experiments conducted against recent Win32 malware. Experimental results indicate that the detection rate of proposed method is 98% and the value of the AUC is 0.981. Furthermore, proposed method can identify known and unknown malware.
23
Wang, Huanran, Hui He und Weizhe Zhang. „Demadroid: Object Reference Graph-Based Malware Detection in Android“. Security and Communication Networks 2018 (31.05.2018): 1–16. http://dx.doi.org/10.1155/2018/7064131.
Der volle Inhalt der QuelleAnnotation:
Smartphone usage has been continuously increasing in recent years. In addition, Android devices are widely used in our daily life, becoming the most attractive target for hackers. Therefore, malware analysis of Android platform is in urgent demand. Static analysis and dynamic analysis methods are two classical approaches. However, they also have some drawbacks. Motivated by this, we present Demadroid, a framework to implement the detection of Android malware. We obtain the dynamic information to build Object Reference Graph and propose λ-VF2 algorithm for graph matching. Extensive experiments show that Demadroid can efficiently identify the malicious features of malware. Furthermore, the system can effectively resist obfuscated attacks and the variants of known malware to meet the demand for actual use.
24
Białczak, Piotr, und Wojciech Mazurczyk. „Hfinger: Malware HTTP Request Fingerprinting“. Entropy 23, Nr. 5 (23.04.2021): 507. http://dx.doi.org/10.3390/e23050507.
Der volle Inhalt der QuelleAnnotation:
Malicious software utilizes HTTP protocol for communication purposes, creating network traffic that is hard to identify as it blends into the traffic generated by benign applications. To this aim, fingerprinting tools have been developed to help track and identify such traffic by providing a short representation of malicious HTTP requests. However, currently existing tools do not analyze all information included in the HTTP message or analyze it insufficiently. To address these issues, we propose Hfinger, a novel malware HTTP request fingerprinting tool. It extracts information from the parts of the request such as URI, protocol information, headers, and payload, providing a concise request representation that preserves the extracted information in a form interpretable by a human analyst. For the developed solution, we have performed an extensive experimental evaluation using real-world data sets and we also compared Hfinger with the most related and popular existing tools such as FATT, Mercury, and p0f. The conducted effectiveness analysis reveals that on average only 1.85% of requests fingerprinted by Hfinger collide between malware families, what is 8–34 times lower than existing tools. Moreover, unlike these tools, in default mode, Hfinger does not introduce collisions between malware and benign applications and achieves it by increasing the number of fingerprints by at most 3 times. As a result, Hfinger can effectively track and hunt malware by providing more unique fingerprints than other standard tools.
25
Liang, Guanghui, Jianmin Pang, Zheng Shan, Runqing Yang und Yihang Chen. „Automatic Benchmark Generation Framework for Malware Detection“. Security and Communication Networks 2018 (06.09.2018): 1–8. http://dx.doi.org/10.1155/2018/4947695.
Der volle Inhalt der QuelleAnnotation:
To address emerging security threats, various malware detection methods have been proposed every year. Therefore, a small but representative set of malware samples are usually needed for detection model, especially for machine-learning-based malware detection models. However, current manual selection of representative samples from large unknown file collection is labor intensive and not scalable. In this paper, we firstly propose a framework that can automatically generate a small data set for malware detection. With this framework, we extract behavior features from a large initial data set and then use a hierarchical clustering technique to identify different types of malware. An improved genetic algorithm based on roulette wheel sampling is implemented to generate final test data set. The final data set is only one-eighteenth the volume of the initial data set, and evaluations show that the data set selected by the proposed framework is much smaller than the original one but does not lose nearly any semantics.
26
Kumar, Rajesh, Xiaosong Zhang, Riaz Khan und Abubakar Sharif. „Research on Data Mining of Permission-Induced Risk for Android IoT Devices“. Applied Sciences 9, Nr. 2 (14.01.2019): 277. http://dx.doi.org/10.3390/app9020277.
Der volle Inhalt der QuelleAnnotation:
With the growing era of the Internet of Things (IoT), more and more devices are connecting with the Internet using android applications to provide various services. The IoT devices are used for sensing, controlling and monitoring of different processes. Most of IoT devices use Android applications for communication and data exchange. Therefore, a secure Android permission privileged mechanism is required to increase the security of apps. According to a recent study, a malicious Android application is developed almost every 10 s. To resist this serious malware campaign, we need effective malware detection approaches to identify malware applications effectively and efficiently. Most of the studies focused on detecting malware based on static and dynamic analysis of the applications. However, to analyse the risky permission at runtime is a challenging task. In this study, first, we proposed a novel approach to distinguish between malware and benign applications based on permission ranking, similarity-based permission feature selection, and association rule for permission mining. Secondly, the proposed methodology also includes the enhancement of the random forest algorithm to improve the accuracy for malware detection. The experimental outcomes demonstrate high proficiency of the accuracy for malware detection, which is pivotal for android apps aiming for secure data exchange between IoT devices.
27
Venkatraman, Sitalakshmi, und Mamoun Alazab. „Use of Data Visualisation for Zero-Day Malware Detection“. Security and Communication Networks 2018 (02.12.2018): 1–13. http://dx.doi.org/10.1155/2018/1728303.
Der volle Inhalt der QuelleAnnotation:
With the explosion of Internet of Things (IoT) worldwide, there is an increasing threat from malicious software (malware) attackers that calls for efficient monitoring of vulnerable systems. Large amounts of data collected from computer networks, servers, and mobile devices need to be analysed for malware proliferation. Effective analysis methods are needed to match with the scale and complexity of such a data-intensive environment. In today’s Big Data contexts, visualisation techniques can support malware analysts going through the time-consuming process of analysing suspicious activities thoroughly. This paper takes a step further in contributing to the evolving realm of visualisation techniques used in the information security field. The aim of the paper is twofold: (1) to provide a comprehensive overview of the existing visualisation techniques for detecting suspicious behaviour of systems and (2) to design a novel visualisation using similarity matrix method for establishing malware classification accurately. The prime motivation of our proposal is to identify obfuscated malware using visualisation of the extended x86 IA-32 (opcode) similarity patterns, which are hard to detect with the existing approaches. Our approach uses hybrid models wherein static and dynamic malware analysis techniques are combined effectively along with visualisation of similarity matrices in order to detect and classify zero-day malware efficiently. Overall, the high accuracy of classification achieved with our proposed method can be visually observed since different malware families exhibit significantly dissimilar behaviour patterns.
28
Du, Bo, Haiyan Wang und Maoxing Liu. „An information diffusion model in social networks with carrier compartment and delay“. Nonlinear Analysis: Modelling and Control 23, Nr. 4 (10.08.2018): 568–82. http://dx.doi.org/10.15388/na.2018.4.7.
Der volle Inhalt der QuelleAnnotation:
With the wide applications of the communication networks, the topic of information networks security is getting more and more attention from governments and individuals. This paper is devoted to investigating a malware propagation model with carrier compartment and delay to describe the process of malware propagation in mobile wireless sensor networks. Based on matrix theory for characteristic values, the local stability criterion of equilibrium points is established. Applying the linear approximation method of nonlinear systems, we study the existence of Hopf bifurcation at the equilibrium points. At the same time, we identify some sensitive parameters in the process of malware propagation. Finally, numerical simulations are performed to illustrate the theoretical results.
29
Chen, Hongyi, Jinshu Su, Linbo Qiao und Qin Xin. „Malware Collusion Attack against SVM: Issues and Countermeasures“. Applied Sciences 8, Nr. 10 (21.09.2018): 1718. http://dx.doi.org/10.3390/app8101718.
Der volle Inhalt der QuelleAnnotation:
Android has become the most popular mobile platform, and a hot target for malware developers. At the same time, researchers have come up with numerous ways to deal with malware. Among them, machine learning based methods are quite effective in Android malware detection, the accuracy of which can be as high as 98%. Thus, malware developers have the incentives to develop more advanced malware to evade detection. This paper presents an adversary attack scenario (Collusion Attack) that will compromise current machine learning based malware detection methods, especially Support Vector Machines (SVM). The malware developers can perform this attack easily by splitting malicious payload into two or more apps. Meanwhile, attackers may hide their malicious behavior by using advanced techniques (Evasion Attack), such as obfuscation, etc. According to our simulation, 87.4% of apps can evade Linear SVM by Collusion Attack. When performing Collusion and Evasion Attack simultaneously, the evasion rate can reach 100% at a low cost. Thus, we proposed a method to deal with this issue. This approach, realized in a tool, called ColluDroid, can identify the collusion apps by analyzing the communication between apps. In addition, it can integrate secure learning methods (e.g., Sec-SVM) to fight against Evasion Attack. The evaluation results show that ColluDroid is effective in finding out the collusion apps and ColluDroid-Sec-SVM has the best performance in the presence of both Collusion and Evasion Attack.
30
Hwang, Chanwoong, Junho Hwang, Jin Kwak und Taejin Lee. „Platform-Independent Malware Analysis Applicable to Windows and Linux Environments“. Electronics 9, Nr. 5 (12.05.2020): 793. http://dx.doi.org/10.3390/electronics9050793.
Der volle Inhalt der QuelleAnnotation:
Most cyberattacks use malicious codes, and according to AV-TEST, more than 1 billion malicious codes are expected to emerge in 2020. Although such malicious codes have been widely seen around the PC environment, they have been on the rise recently, focusing on IoT devices such as smartphones, refrigerators, irons, and various sensors. As is known, Linux/embedded environments support various architectures, so it is difficult to identify the architecture in which malware operates when analyzing malware. This paper proposes an AI-based malware analysis technology that is not affected by the operating system or architecture platform. The proposed technology works intuitively. It uses platform-independent binary data rather than features based on the structured format of the executable files. We analyzed the strings from binary data to classify malware. The experimental results achieved 94% accuracy on Windows and Linux datasets. Based on this, we expect the proposed technology to work effectively on other platforms and improve through continuous operation/verification.
31
Zou, Deqing, Yueming Wu, Siru Yang, Anki Chauhan, Wei Yang, Jiangying Zhong, Shihan Dou und Hai Jin. „IntDroid“. ACM Transactions on Software Engineering and Methodology 30, Nr. 3 (Mai 2021): 1–32. http://dx.doi.org/10.1145/3442588.
Der volle Inhalt der QuelleAnnotation:
Android, the most popular mobile operating system, has attracted millions of users around the world. Meanwhile, the number of new Android malware instances has grown exponentially in recent years. On the one hand, existing Android malware detection systems have shown that distilling the program semantics into a graph representation and detecting malicious programs by conducting graph matching are able to achieve high accuracy on detecting Android malware. However, these traditional graph-based approaches always perform expensive program analysis and suffer from low scalability on malware detection. On the other hand, because of the high scalability of social network analysis, it has been applied to complete large-scale malware detection. However, the social-network-analysis-based method only considers simple semantic information (i.e., centrality) for achieving market-wide mobile malware scanning, which may limit the detection effectiveness when benign apps show some similar behaviors as malware. In this article, we aim to combine the high accuracy of traditional graph-based method with the high scalability of social-network-analysis--based method for Android malware detection. Instead of using traditional heavyweight static analysis, we treat function call graphs of apps as complex social networks and apply social-network--based centrality analysis to unearth the central nodes within call graphs. After obtaining the central nodes, the average intimacies between sensitive API calls and central nodes are computed to represent the semantic features of the graphs. We implement our approach in a tool called IntDroid and evaluate it on a dataset of 3,988 benign samples and 4,265 malicious samples. Experimental results show that IntDroid is capable of detecting Android malware with an F-measure of 97.1% while maintaining a True-positive Rate of 99.1%. Although the scalability is not as fast as a social-network-analysis--based method (i.e., MalScan ), compared to a traditional graph-based method, IntDroid is more than six times faster than MaMaDroid . Moreover, in a corpus of apps collected from GooglePlay market, IntDroid is able to identify 28 zero-day malware that can evade detection of existing tools, one of which has been downloaded and installed by more than ten million users. This app has also been flagged as malware by six anti-virus scanners in VirusTotal, one of which is Symantec Mobile Insight .
32
Sharma, Kavita, und B. B. Gupta. „Towards Privacy Risk Analysis in Android Applications Using Machine Learning Approaches“. International Journal of E-Services and Mobile Applications 11, Nr. 2 (April 2019): 1–21. http://dx.doi.org/10.4018/ijesma.2019040101.
Der volle Inhalt der QuelleAnnotation:
Android-based devices easily fall prey to an attack due to its free availability in the android market. These Android applications are not certified by the legitimate organization. If the user cannot distinguish between the set of permissions requested by an application and its risk, then an attacker can easily exploit the permissions to propagate malware. In this article, the authors present an approach for privacy risk analysis in Android applications using machine learning. The proposed approach can analyse and identify the malware application permissions. Here, the authors achieved high accuracy and improved F-measure through analyzing the proposed method on the M0Droid dataset and completed testing on an extensive test set with malware from the Androzoo dataset and benign applications from the Drebin dataset.
33
Ali, Muhammad, Stavros Shiaeles, Gueltoum Bendiab und Bogdan Ghita. „MALGRA: Machine Learning and N-Gram Malware Feature Extraction and Detection System“. Electronics 9, Nr. 11 (26.10.2020): 1777. http://dx.doi.org/10.3390/electronics9111777.
Der volle Inhalt der QuelleAnnotation:
Detection and mitigation of modern malware are critical for the normal operation of an organisation. Traditional defence mechanisms are becoming increasingly ineffective due to the techniques used by attackers such as code obfuscation, metamorphism, and polymorphism, which strengthen the resilience of malware. In this context, the development of adaptive, more effective malware detection methods has been identified as an urgent requirement for protecting the IT infrastructure against such threats, and for ensuring security. In this paper, we investigate an alternative method for malware detection that is based on N-grams and machine learning. We use a dynamic analysis technique to extract an Indicator of Compromise (IOC) for malicious files, which are represented using N-grams. The paper also proposes TF-IDF as a novel alternative used to identify the most significant N-grams features for training a machine learning algorithm. Finally, the paper evaluates the proposed technique using various supervised machine-learning algorithms. The results show that Logistic Regression, with a score of 98.4%, provides the best classification accuracy when compared to the other classifiers used.
34
Alwaghid, Alhanoof, und Nurul Sarkar. „Exploring Malware Behavior of Webpages Using Machine Learning Technique: An Empirical Study“. Electronics 9, Nr. 6 (23.06.2020): 1033. http://dx.doi.org/10.3390/electronics9061033.
Der volle Inhalt der QuelleAnnotation:
Malware is one of the most common security threats experienced by a user when browsing webpages. A good understanding of the features of webpages (e.g., internet protocol, port, URL, Google index, and page rank) is required to analyze and mitigate the behavior of malware in webpages. This main objective of this paper is to analyze the key features of webpages and to mitigate the behavior of malware in webpages. To this end, we conducted an empirical study to identify the features that are most vulnerable to malware attacks and its results are reported. To improve the feature selection accuracy, a machine learning technique called bagging is employed using the Weka program. To analyze these behaviors, phishing and botnet data were obtained from the University of California Irvine machine learning repository. We validate our research findings by applying honeypot infrastructure using the Modern Honeypot Network (MHN) setup in a Linode Server. As the data suffer from high variance in terms of the type of data in each row, bagging is chosen because it can classify binary classes, date classes, missing values, nominal classes, numeric classes, unary classes and empty classes. As a base classifier of bagging, random tree was applied because it can handle similar types of data such as bagging, but better than other classifiers because it is faster and more accurate. Random tree had 88.22% test accuracy with the lowest run time (0.2 sec) and a receiver operating characteristic curve of 0.946. Results show that all features in the botnet dataset are equally important to identify the malicious behavior, as all scored more than 97%, with the exception of TCP and UDP. The accuracy of phishing and botnet datasets is more than 89% on average in both cross validation and test analysis. Recommendations are made for the best practice that can assist in future malware identification.
35
Ceron, João, Klaus Steding-Jessen, Cristine Hoepers, Lisandro Granville und Cíntia Margi. „Improving IoT Botnet Investigation Using an Adaptive Network Layer“. Sensors 19, Nr. 3 (11.02.2019): 727. http://dx.doi.org/10.3390/s19030727.
Der volle Inhalt der QuelleAnnotation:
IoT botnets have been used to launch Distributed Denial-of-Service (DDoS) attacks affecting the Internet infrastructure. To protect the Internet from such threats and improve security mechanisms, it is critical to understand the botnets’ intents and characterize their behavior. Current malware analysis solutions, when faced with IoT, present limitations in regard to the network access containment and network traffic manipulation. In this paper, we present an approach for handling the network traffic generated by the IoT malware in an analysis environment. The proposed solution can modify the traffic at the network layer based on the actions performed by the malware. In our study case, we investigated the Mirai and Bashlite botnet families, where it was possible to block attacks to other systems, identify attacks targets, and rewrite botnets commands sent by the botnet controller to the infected devices.
36
Sapalo Sicato, Jose Costa, Pradip Kumar Sharma, Vincenzo Loia und Jong Hyuk Park. „VPNFilter Malware Analysis on Cyber Threat in Smart Home Network“. Applied Sciences 9, Nr. 13 (09.07.2019): 2763. http://dx.doi.org/10.3390/app9132763.
Der volle Inhalt der QuelleAnnotation:
Recently, the development of smart home technologies has played a crucial role in enhancing several real-life smart applications. They help improve the quality of life through systems designed to enhance convenience, comfort, entertainment, health of the householders, and security. Note, however, that malware attacks on smart home devices are increasing in frequency and volume. As people seek to improve and optimize comfort in their home and minimize their daily home responsibilities at the same time, this makes them attractive targets for a malware attack. Thus, attacks on smart home-based devices have emerged. The goals of this paper are to analyze the different aspects of cyber-physical threats on the smart home from a security perspective, discuss the types of attacks including advanced cyber-attacks and cyber-physical system attacks, and evaluate the impact on a smart home system in daily life. We have come up with a taxonomy focusing on cyber threat attacks that can also have potential impact on a smart home system and identify some key issues about VPNFilter malware that constitutes large-scale Internet of Things (IoT)-based botnet malware infection. We also discuss the defense mechanism against this threat and mention the most infected routers. The specific objective of this paper is to provide efficient task management and knowledge related to VPNFilter malware attack.
37
Hwang, Seonbin, Hogyeong Kim, Junho Hwang und Taejin Lee. „A Study on Two-dimensional Array-based Technology to Identify Obfuscatied Malware“. Journal of KIISE 45, Nr. 8 (31.08.2018): 769–77. http://dx.doi.org/10.5626/jok.2018.45.8.769.
Der volle Inhalt der Quelle
38
Choi, Sunoh, Jangseong Bae, Changki Lee, Youngsoo Kim und Jonghyun Kim. „Attention-Based Automated Feature Extraction for Malware Analysis“. Sensors 20, Nr. 10 (20.05.2020): 2893. http://dx.doi.org/10.3390/s20102893.
Der volle Inhalt der QuelleAnnotation:
Every day, hundreds of thousands of malicious files are created to exploit zero-day vulnerabilities. Existing pattern-based antivirus solutions face difficulties in coping with such a large number of new malicious files. To solve this problem, artificial intelligence (AI)-based malicious file detection methods have been proposed. However, even if we can detect malicious files with high accuracy using deep learning, it is difficult to identify why files are malicious. In this study, we propose a malicious file feature extraction method based on attention mechanism. First, by adapting the attention mechanism, we can identify application program interface (API) system calls that are more important than others for determining whether a file is malicious. Second, we confirm that this approach yields an accuracy that is approximately 12% and 5% higher than a conventional AI-based detection model using convolutional neural networks and skip-connected long short-term memory-based detection model, respectively.
39
Imamgayazova, D. I. „LEXICAL AND DERIVATIONAL MEANINGS OF “MALWARE” FRAME IN RUSSIAN AND ENGISH-LANGUAGE MEDIA TEXTS“. Review of Omsk State Pedagogical University. Humanitarian research, Nr. 31 (2021): 101–6. http://dx.doi.org/10.36809/2309-9380-2021-31-101-106.
Der volle Inhalt der QuelleAnnotation:
The article examines the structure of the “malware” frame based on the texts of the Russian and English-language media. In order to identify the relationship between the deep and external levels of the frame, an analysis of lexical and derivational meanings and propositional schemes is carried out, through which stereotyped knowledge about the nature and action of malicious programs is actualized. The research results demonstrate that in English-language media the malware frame is comparable in structure to the “disease” frame: slots “symptoms”, “methods of infection”, “affected organs/systems”, etc. are filled with specific lexical units, neologisms are actively used to refer to conventional knowledge. At the same time, in the Russian-language media, the main lexical and derivational meanings are grouped around the “computer virus” subframe, borrowing and calquing are widely used, which leads to a confusion of concepts in the concept sphere of “malware”.
40
Li, Shudong, Qianqing Zhang, Xiaobo Wu, Weihong Han und Zhihong Tian. „Attribution Classification Method of APT Malware in IoT Using Machine Learning Techniques“. Security and Communication Networks 2021 (06.09.2021): 1–12. http://dx.doi.org/10.1155/2021/9396141.
Der volle Inhalt der QuelleAnnotation:
In recent years, the popularity of IoT (Internet of Things) applications and services has brought great convenience to people's lives, but ubiquitous IoT has also brought many security problems. Among them, advanced persistent threat (APT) is one of the most representative attacks, and its continuous outbreak has brought unprecedented security challenges for the large-scale deployment of the IoT. However, important research on analyzing the attribution of APT malware samples is still relatively few. Therefore, we propose a classification method for attribution organizations with APT malware in IoT using machine learning. It aims to mark the real attacking organization entities to better identify APT attack activity and protect the security of IoT. This method performs feature representation and feature selection based on APT behavior data obtained from devices in the Internet of Things and selects the features with a high degree of differentiation among organizations. Then, it trains a multiclass model named SMOTE-RF that can better deal with imbalance and multiclassification problems. Our experiments on real dynamic behavior data are combined to verify the effectiveness of the method proposed in this paper for attribution analysis of APT malware samples and achieve good performance. Our method could identify the organization behind complex APT attacks in IoT devices and services.
41
Vafaei-Zadeh, Ali, Ramayah Thurasamy und Haniruzila Hanifah. „Modeling anti-malware use intention of university students in a developing country using the theory of planned behavior“. Kybernetes 48, Nr. 8 (02.09.2019): 1565–85. http://dx.doi.org/10.1108/k-05-2018-0226.
Der volle Inhalt der QuelleAnnotation:
Purpose This paper aims to investigate the impact of perceived price level and information security awareness on computer users’ attitude. Moreover, this study aims to investigate the effect of attitude, subjective norms and perceived behavioral control (PBC) on intention to use anti-malware software. Design/methodology/approach Data were collected using a structured questionnaire from 225 students of five public universities in Malaysia. Purposive sampling technique was used in this study. AMOS 24 was used to test the research framework using a two-step approach. Findings Findings give support to some of the hypotheses developed with R2 values of 0.521 for attitude and 0.740 for intention. Perceived price level had a negative effect on attitude while information security awareness had a positive effect on attitude and intention. Attitude, subjective norms and PBC were all positively related to intention, but perceived price level did not affect intention. This suggests that benefits of using anti-malware are more than its price value. Therefore, the price has no direct effect on intention to use. Research limitations/implications University computer networks are as open and inviting as their campuses. Therefore, this research can be helpful to the universities to safeguard their networks and encourage the students to use anti-malware. However, using anti-malware software will enable an individual to identify and prioritize security risks, quickly detect and mitigate security breaches, improve the understanding of security gaps and safeguard the sensitive data by minimizing the risks related to malware. Originality/value This study ventured to model the information security behavior of anti-malware usage by individual users by using the theory of planned behavior with the addition of two new variables, perceived price level and information security awareness to explain the behavior better.
42
Ashik, Mathew, A. Jyothish, S. Anandaram, P. Vinod, Francesco Mercaldo, Fabio Martinelli und Antonella Santone. „Detection of Malicious Software by Analyzing Distinct Artifacts Using Machine Learning and Deep Learning Algorithms“. Electronics 10, Nr. 14 (15.07.2021): 1694. http://dx.doi.org/10.3390/electronics10141694.
Der volle Inhalt der QuelleAnnotation:
Malware is one of the most significant threats in today’s computing world since the number of websites distributing malware is increasing at a rapid rate. Malware analysis and prevention methods are increasingly becoming necessary for computer systems connected to the Internet. This software exploits the system’s vulnerabilities to steal valuable information without the user’s knowledge, and stealthily send it to remote servers controlled by attackers. Traditionally, anti-malware products use signatures for detecting known malware. However, the signature-based method does not scale in detecting obfuscated and packed malware. Considering that the cause of a problem is often best understood by studying the structural aspects of a program like the mnemonics, instruction opcode, API Call, etc. In this paper, we investigate the relevance of the features of unpacked malicious and benign executables like mnemonics, instruction opcodes, and API to identify a feature that classifies the executable. Prominent features are extracted using Minimum Redundancy and Maximum Relevance (mRMR) and Analysis of Variance (ANOVA). Experiments were conducted on four datasets using machine learning and deep learning approaches such as Support Vector Machine (SVM), Naïve Bayes, J48, Random Forest (RF), and XGBoost. In addition, we also evaluate the performance of the collection of deep neural networks like Deep Dense network, One-Dimensional Convolutional Neural Network (1D-CNN), and CNN-LSTM in classifying unknown samples, and we observed promising results using APIs and system calls. On combining APIs/system calls with static features, a marginal performance improvement was attained comparing models trained only on dynamic features. Moreover, to improve accuracy, we implemented our solution using distinct deep learning methods and demonstrated a fine-tuned deep neural network that resulted in an F1-score of 99.1% and 98.48% on Dataset-2 and Dataset-3, respectively.
43
Thanh Vu, Simon Nam, Mads Stege, Peter Issam El-Habr, Jesper Bang und Nicola Dragoni. „A Survey on Botnets: Incentives, Evolution, Detection and Current Trends“. Future Internet 13, Nr. 8 (31.07.2021): 198. http://dx.doi.org/10.3390/fi13080198.
Der volle Inhalt der QuelleAnnotation:
Botnets, groups of malware-infected hosts controlled by malicious actors, have gained prominence in an era of pervasive computing and the Internet of Things. Botnets have shown a capacity to perform substantial damage through distributed denial-of-service attacks, information theft, spam and malware propagation. In this paper, a systematic literature review on botnets is presented to the reader in order to obtain an understanding of the incentives, evolution, detection, mitigation and current trends within the field of botnet research in pervasive computing. The literature review focuses particularly on the topic of botnet detection and the proposed solutions to mitigate the threat of botnets in system security. Botnet detection and mitigation mechanisms are categorised and briefly described to allow for an easy overview of the many proposed solutions. The paper also summarises the findings to identify current challenges and trends within research to help identify improvements for further botnet mitigation research.
44
Alazab, Moutaz. „Automated Malware Detection in Mobile App Stores Based on Robust Feature Generation“. Electronics 9, Nr. 3 (05.03.2020): 435. http://dx.doi.org/10.3390/electronics9030435.
Der volle Inhalt der QuelleAnnotation:
Many Internet of Things (IoT) services are currently tracked and regulated via mobile devices, making them vulnerable to privacy attacks and exploitation by various malicious applications. Current solutions are unable to keep pace with the rapid growth of malware and are limited by low detection accuracy, long discovery time, complex implementation, and high computational costs associated with the processor speed, power, and memory. Therefore, an automated intelligence technique is necessary for detecting apps containing malware and effectively predicting cyberattacks in mobile marketplaces. In this study, a system for classifying mobile marketplaces applications using real-world datasets is proposed, which analyzes the source code to identify malicious apps. A rich feature set of application programming interface (API) calls is proposed to capture the regularities in apps containing malicious content. Two feature-selection methods—Chi-Square and ANOVA—were examined in conjunction with ten supervised machine-learning algorithms. The detection accuracy of each classifier was evaluated to identify the most reliable classifier for malware detection using various feature sets. Chi-Square was found to have a higher detection accuracy as compared to ANOVA. The proposed system achieved a detection accuracy of 98.1% with a classification time of 1.22 s. Furthermore, the proposed system required a reduced number of API calls (500 instead of 9000) to be incorporated as features.
45
Senanayake, Janaka, Harsha Kalutarage und Mhd Omar Al-Kadri. „Android Mobile Malware Detection Using Machine Learning: A Systematic Review“. Electronics 10, Nr. 13 (05.07.2021): 1606. http://dx.doi.org/10.3390/electronics10131606.
Der volle Inhalt der QuelleAnnotation:
With the increasing use of mobile devices, malware attacks are rising, especially on Android phones, which account for 72.2% of the total market share. Hackers try to attack smartphones with various methods such as credential theft, surveillance, and malicious advertising. Among numerous countermeasures, machine learning (ML)-based methods have proven to be an effective means of detecting these attacks, as they are able to derive a classifier from a set of training examples, thus eliminating the need for an explicit definition of the signatures when developing malware detectors. This paper provides a systematic review of ML-based Android malware detection techniques. It critically evaluates 106 carefully selected articles and highlights their strengths and weaknesses as well as potential improvements. Finally, the ML-based methods for detecting source code vulnerabilities are discussed, because it might be more difficult to add security after the app is deployed. Therefore, this paper aims to enable researchers to acquire in-depth knowledge in the field and to identify potential future research and development directions.
46
Białczak, Piotr, und Wojciech Mazurczyk. „Characterizing Anomalies in Malware-Generated HTTP Traffic“. Security and Communication Networks 2020 (01.09.2020): 1–26. http://dx.doi.org/10.1155/2020/8848863.
Der volle Inhalt der QuelleAnnotation:
Currently, we are witnessing a significant rise in various types of malware, which has an impact not only on companies, institutions, and individuals, but also on entire countries and societies. Malicious software developers try to devise increasingly sophisticated ways to perform nefarious actions. In consequence, the security community is under pressure to develop more effective defensive solutions and to continuously improve them. To accomplish this, the defenders must understand and be able to recognize the threat when it appears. That is why, in this paper, a large dataset of recent real-life malware samples was used to identify anomalies in the HTTP traffic produced by the malicious software. The authors analyzed malware-generated HTTP requests, as well as benign traffic of the popular web browsers, using 3 groups of features related to the structure of requests, header field values, and payload characteristics. It was observed that certain attributes of the HTTP traffic can serve as an indicator of malicious actions, including lack of some popular HTTP headers and their values or usage of the protocol features in an uncommon way. The findings of this paper can be conveniently incorporated into the existing detection systems and network traffic forensic tools, making it easier to spot and eliminate potential threats.
47
Cara, Fabrizio, Michele Scalas, Giorgio Giacinto und Davide Maiorca. „On the Feasibility of Adversarial Sample Creation Using the Android System API“. Information 11, Nr. 9 (10.09.2020): 433. http://dx.doi.org/10.3390/info11090433.
Der volle Inhalt der QuelleAnnotation:
Due to its popularity, the Android operating system is a critical target for malware attacks. Multiple security efforts have been made on the design of malware detection systems to identify potentially harmful applications. In this sense, machine learning-based systems, leveraging both static and dynamic analysis, have been increasingly adopted to discriminate between legitimate and malicious samples due to their capability of identifying novel variants of malware samples. At the same time, attackers have been developing several techniques to evade such systems, such as the generation of evasive apps, i.e., carefully-perturbed samples that can be classified as legitimate by the classifiers. Previous work has shown the vulnerability of detection systems to evasion attacks, including those designed for Android malware detection. However, most works neglected to bring the evasive attacks onto the so-called problem space, i.e., by generating concrete Android adversarial samples, which requires preserving the app’s semantics and being realistic for human expert analysis. In this work, we aim to understand the feasibility of generating adversarial samples specifically through the injection of system API calls, which are typical discriminating characteristics for malware detectors. We perform our analysis on a state-of-the-art ransomware detector that employs the occurrence of system API calls as features of its machine learning algorithm. In particular, we discuss the constraints that are necessary to generate real samples, and we use techniques inherited from interpretability to assess the impact of specific API calls to evasion. We assess the vulnerability of such a detector against mimicry and random noise attacks. Finally, we propose a basic implementation to generate concrete and working adversarial samples. The attained results suggest that injecting system API calls could be a viable strategy for attackers to generate concrete adversarial samples. However, we point out the low suitability of mimicry attacks and the necessity to build more sophisticated evasion attacks.
48
Choi, Mi-Jung, Jiwon Bang, Jongwook Kim, Hajin Kim und Yang-Sae Moon. „All-in-One Framework for Detection, Unpacking, and Verification for Malware Analysis“. Security and Communication Networks 2019 (13.10.2019): 1–16. http://dx.doi.org/10.1155/2019/5278137.
Der volle Inhalt der QuelleAnnotation:
Packing is the most common analysis avoidance technique for hiding malware. Also, packing can make it harder for the security researcher to identify the behaviour of malware and increase the analysis time. In order to analyze the packed malware, we need to perform unpacking first to release the packing. In this paper, we focus on unpacking and its related technologies to analyze the packed malware. Through extensive analysis on previous unpacking studies, we pay attention to four important drawbacks: no phase integration, no detection combination, no real-restoration, and no unpacking verification. To resolve these four drawbacks, in this paper, we present an all-in-one structure of the unpacking system that performs packing detection, unpacking (i.e., restoration), and verification phases in an integrated framework. For this, we first greatly increase the packing detection accuracy in the detection phase by combining four existing and new packing detection techniques. We then improve the unpacking phase by using the state-of-the-art static and dynamic unpacking techniques. We also present a verification algorithm evaluating the accuracy of unpacking results. Experimental results show that the proposed all-in-one unpacking system performs all of the three phases well in an integrated framework. In particular, the proposed hybrid detection method is superior to the existing methods, and the system performs unpacking very well up to 100% of restoration accuracy for most of the files except for a few packers.
49
Liu, Lin, Wang Ren, Feng Xie, Shengwei Yi, Junkai Yi und Peng Jia. „Learning-Based Detection for Malicious Android Application Using Code Vectorization“. Security and Communication Networks 2021 (19.08.2021): 1–11. http://dx.doi.org/10.1155/2021/9964224.
Der volle Inhalt der QuelleAnnotation:
The malicious APK (Android Application Package) makers use some techniques such as code obfuscation and code encryption to avoid existing detection methods, which poses new challenges for accurate virus detection and makes it more and more difficult to detect the malicious code. A report indicates that a new malicious app for Android is created every 10 seconds. To combat this serious malware activity, a scalable malware detection approach is needed, which can effectively and efficiently identify the malware apps. Common static detection methods often rely on Hash matching and analysis of viruses, which cannot quickly detect new malicious Android applications and their variants. In this paper, a malicious Android application detection method is proposed, which is implemented by the deep network fusion model. The hybrid model only needs to use the sample training model to achieve high accuracy in the identification of the malicious applications, which is more suitable for the detection of the new malicious Android applications than the existing methods. This method extracts the static features in the core code of the Android application by decompiling APK files, then performs code vectorization processing, and uses the deep learning network for classification and discrimination. Our experiments with a data set containing 10,170 apps show that the decisions from the hybrid model can increase the malware detection rate significantly on a real device, which verifies the superiority of this method in the detection of malicious codes.
50
Liu, Bo, Jinfu Chen, Songling Qin, Zufa Zhang, Yisong Liu, Lingling Zhao und Jingyi Chen. „An Approach Based on the Improved SVM Algorithm for Identifying Malware in Network Traffic“. Security and Communication Networks 2021 (29.04.2021): 1–14. http://dx.doi.org/10.1155/2021/5518909.
Der volle Inhalt der QuelleAnnotation:
Due to the growth and popularity of the internet, cyber security remains, and will continue, to be an important issue. There are many network traffic classification methods or malware identification approaches that have been proposed to solve this problem. However, the existing methods are not well suited to help security experts effectively solve this challenge due to their low accuracy and high false positive rate. To this end, we employ a machine learning-based classification approach to identify malware. The approach extracts features from network traffic and reduces the dimensionality of the features, which can effectively improve the accuracy of identification. Furthermore, we propose an improved SVM algorithm for classifying the network traffic dubbed Optimized Facile Support Vector Machine (OFSVM). The OFSVM algorithm solves the problem that the original SVM algorithm is not satisfactory for classification from two aspects, i.e., parameter optimization and kernel function selection. Therefore, in this paper, we present an approach for identifying malware in network traffic, called Network Traffic Malware Identification (NTMI). To evaluate the effectiveness of the NTMI approach proposed in this paper, we collect four real network traffic datasets and use a publicly available dataset CAIDA for our experiments. Evaluation results suggest that the NTMI approach can lead to higher accuracy while achieving a lower false positive rate compared with other identification methods. On average, the NTMI approach achieves an accuracy of 92.5% and a false positive rate of 5.527%.