Thematische Bibliographien / Malware family / Zeitschriftenartikel
Um die anderen Arten von Veröffentlichungen zu diesem Thema anzuzeigen, folgen Sie diesem Link: Malware family.

Zeitschriftenartikel zum Thema „Malware family“

Autor: Grafiati
Veröffentlicht am 28. Juni 2021
Zuletzt aktualisiert am 17. Februar 2022

Geben Sie eine Quelle nach APA, MLA, Chicago, Harvard und anderen Zitierweisen an

Wählen Sie eine Art der Quelle aus:

Machen Sie sich mit Top-50 Zeitschriftenartikel für die Forschung zum Thema "Malware family" bekannt.

Neben jedem Werk im Literaturverzeichnis ist die Option "Zur Bibliographie hinzufügen" verfügbar. Nutzen Sie sie, wird Ihre bibliographische Angabe des gewählten Werkes nach der nötigen Zitierweise (APA, MLA, Harvard, Chicago, Vancouver usw.) automatisch gestaltet.

Sie können auch den vollen Text der wissenschaftlichen Publikation im PDF-Format herunterladen und eine Online-Annotation der Arbeit lesen, wenn die relevanten Parameter in den Metadaten verfügbar sind.

Sehen Sie die Zeitschriftenartikel für verschiedene Spezialgebieten durch und erstellen Sie Ihre Bibliographie auf korrekte Weise.

1

Yan, Jinpei, Yong Qi und Qifan Rao. „Detecting Malware with an Ensemble Method Based on Deep Neural Network“. Security and Communication Networks 2018 (2018): 1–16. http://dx.doi.org/10.1155/2018/7247095.

Der volle Inhalt der Quelle
Annotation:
Malware detection plays a crucial role in computer security. Recent researches mainly use machine learning based methods heavily relying on domain knowledge for manually extracting malicious features. In this paper, we propose MalNet, a novel malware detection method that learns features automatically from the raw data. Concretely, we first generate a grayscale image from malware file, meanwhile extracting its opcode sequences with the decompilation tool IDA. Then MalNet uses CNN and LSTM networks to learn from grayscale image and opcode sequence, respectively, and takes a stacking ensemble for malware classification. We perform experiments on more than 40,000 samples including 20,650 benign files collected from online software providers and 21,736 malwares provided by Microsoft. The evaluation result shows that MalNet achieves 99.88% validation accuracy for malware detection. In addition, we also take malware family classification experiment on 9 malware families to compare MalNet with other related works, in which MalNet outperforms most of related works with 99.36% detection accuracy and achieves a considerable speed-up on detecting efficiency comparing with two state-of-the-art results on Microsoft malware dataset.
APA, Harvard, Vancouver, ISO und andere Zitierweisen
2

Jiao, Jian, Qiyuan Liu, Xin Chen und Hongsheng Cao. „Behavior Intention Derivation of Android Malware Using Ontology Inference“. Journal of Electrical and Computer Engineering 2018 (2018): 1–13. http://dx.doi.org/10.1155/2018/9250297.

Der volle Inhalt der Quelle
Annotation:
Previous researches on Android malware mainly focus on malware detection, and malware’s evolution makes the process face certain hysteresis. The information presented by these detected results (malice judgment, family classification, and behavior characterization) is limited for analysts. Therefore, a method is needed to restore the intention of malware, which reflects the relation between multiple behaviors of complex malware and its ultimate purpose. This paper proposes a novel description and derivation model of Android malware intention based on the theory of intention and malware reverse engineering. This approach creates ontology for malware intention to model the semantic relation between behaviors and its objects and automates the process of intention derivation by using SWRL rules transformed from intention model and Jess inference engine. Experiments on 75 typical samples show that the inference system can perform derivation of malware intention effectively, and 89.3% of the inference results are consistent with artificial analysis, which proves the feasibility and effectiveness of our theory and inference system.
APA, Harvard, Vancouver, ISO und andere Zitierweisen
3

Prima, B., und M. Bouhorma. „USING TRANSFER LEARNING FOR MALWARE CLASSIFICATION“. ISPRS - International Archives of the Photogrammetry, Remote Sensing and Spatial Information Sciences XLIV-4/W3-2020 (23.11.2020): 343–49. http://dx.doi.org/10.5194/isprs-archives-xliv-4-w3-2020-343-2020.

Der volle Inhalt der Quelle
Annotation:
Abstract. In this paper, we propose a malware classification framework using transfer learning based on existing Deep Learning models that have been pre-trained on massive image datasets. In recent years there has been a significant increase in the number and variety of malwares, which amplifies the need to improve automatic detection and classification of the malwares. Nowadays, neural network methodology has reached a level that may exceed the limits of previous machine learning methods, such as Hidden Markov Models and Support Vector Machines (SVM). As a result, convolutional neural networks (CNNs) have shown superior performance compared to traditional learning techniques, specifically in tasks such as image classification. Motivated by this success, we propose a CNN-based architecture for malware classification. The malicious binary files are represented as grayscale images and a deep neural network is trained by freezing the pre-trained VGG16 layers on the ImageNet dataset and adapting the last fully connected layer to the malware family classification. Our evaluation results show that our approach is able to achieve an average of 98% accuracy for the MALIMG dataset.
APA, Harvard, Vancouver, ISO und andere Zitierweisen
4

Jang, Jae-wook, und Huy Kang Kim. „Function-Oriented Mobile Malware Analysis as First Aid“. Mobile Information Systems 2016 (2016): 1–11. http://dx.doi.org/10.1155/2016/6707524.

Der volle Inhalt der Quelle
Annotation:
Recently, highly well-crafted mobile malware has arisen as mobile devices manage highly valuable and sensitive information. Currently, it is impossible to detect and prevent all malware because the amount of new malware continues to increase exponentially; malware detection methods need to improve in order to respond quickly and effectively to malware. For the quick response, revealing the main purpose or functions of captured malware is important; however, only few recent works have attempted to find malware’s main purpose. Our approach is designed to help with efficient and effective incident responses or countermeasure development by analyzing the main functions of malicious behavior. In this paper, we propose a novel method for function-oriented malware analysis approach based on analysis of suspicious API call patterns. Instead of extracting API call patterns for malware in each family, we focus on extracting such patterns for certain malicious functionalities. Our proposed method dumps memory sections where an application is allocated and extracts suspicious API sequences from bytecode by comparing with predefined suspicious API lists. By matching API call patterns with our functionality database, our method determines whether they are malicious. The experiment results demonstrate that our method performs well in detecting malware with high accuracy.
APA, Harvard, Vancouver, ISO und andere Zitierweisen
5

Wang, Changguang, Ziqiu Zhao, Fangwei Wang und Qingru Li. „A Novel Malware Detection and Family Classification Scheme for IoT Based on DEAM and DenseNet“. Security and Communication Networks 2021 (05.01.2021): 1–16. http://dx.doi.org/10.1155/2021/6658842.

Der volle Inhalt der Quelle
Annotation:
With the rapid increase in the amount and type of malware, traditional methods of malware detection and family classification for IoT applications through static and dynamic analysis have been greatly challenged. In this paper, a new simple and effective attention module of Convolutional Neural Networks (CNNs), named as Depthwise Efficient Attention Module (DEAM), is proposed and combined with a DenseNet to propose a new malware detection and family classification model. Based on the good effect of the DenseNet in the field of image classification and the visual similarity of the malware family on images, the gray-scale image transformed from malware is input into the model combined with the DEAM and DenseNet for malware detection, and then the family classification is carried out. The DEAM is a general lightweight attention module improved based on the Convolutional Block Attention Module (CBAM), which can strengthen the attention to the characteristics of malware and improve the model effect. We use the MalImg dataset, Microsoft malware classification challenge dataset (BIG 2015), and our dataset constructed by the two above-mentioned datasets to verify the effectiveness of the proposed model in family classification and malware detection. Experimental results show that the proposed model achieves 99.3% in terms of accuracy for malware detection on our dataset and achieves 98.5% and 97.3% in terms of accuracy for family classification on the MalImg dataset and BIG 2015 dataset, respectively. The model can reliably detect IoT malware and classify its families.
APA, Harvard, Vancouver, ISO und andere Zitierweisen
6

Abuthawabeh, Mohammad, und Khaled Mahmoud. „Enhanced Android Malware Detection and Family Classification, using Conversation-level Network Traffic Features“. International Arab Journal of Information Technology 17, Nr. 4A (31.07.2020): 607–14. http://dx.doi.org/10.34028/iajit/17/4a/4.

Der volle Inhalt der Quelle
Annotation:
Signature-based malware detection algorithms are facing challenges to cope with the massive number of threats in the Android environment. In this paper, conversation-level network traffic features are extracted and used in a supervised-based model. This model was used to enhance the process of Android malware detection, categorization, and family classification. The model employs the ensemble learning technique in order to select the most useful features among the extracted features. A real-world dataset called CICAndMal2017 was used in this paper. The results show that Extra-trees classifier had achieved the highest weighted accuracy percentage among the other classifiers by 87.75%, 79.97%, and 66.71%for malware detection, malware categorization, and malware family classification respectively. A comparison with another study that uses the same dataset was made. This study has achieved a significant enhancement in malware family classification and malware categorization. For malware family classification, the enhancement was 39.71% for precision and 41.09% for recall. The rate of enhancement for the Android malware categorization was 30.2% and 31.14‬% for precision and recall, respectively
APA, Harvard, Vancouver, ISO und andere Zitierweisen
7

Cheng, Binlin, Jinjun Liu, Jiejie Chen, Shudong Shi, Xufu Peng, Xingwen Zhang und Haiqing Hai. „MoG: Behavior-Obfuscation Resistance Malware Detection“. Computer Journal 62, Nr. 12 (04.06.2019): 1734–47. http://dx.doi.org/10.1093/comjnl/bxz033.

Der volle Inhalt der Quelle
Annotation:
Abstract Malware brings a big security threat on the Internet today. With the great increasing malware attacks. Behavior-based detection approaches are one of the major method to detect zero-day malware. Such approaches often use API calls to represent the behavior of malware. Unfortunately, behavior-based approaches suffer from behavior obfuscation attacks. In this paper, we propose a novel malware detection approach that is both effective and efficient. First, we abstract the API call to object operation. And then we generate the object operation dependency graph based on these object operations. Finally, we construct the family dependency graph for a malware family. Our approach use family dependency graph to represent the behavior of malware family. The evaluation results show that our approach can provide a complete resistance to all types of behavior obfuscation attacks, and outperforms existing behavior-based approaches in terms of better effectiveness and efficiency.
APA, Harvard, Vancouver, ISO und andere Zitierweisen
8

Shao, Ke, Qiang Xiong und Zhiming Cai. „FB2Droid: A Novel Malware Family-Based Bagging Algorithm for Android Malware Detection“. Security and Communication Networks 2021 (19.06.2021): 1–13. http://dx.doi.org/10.1155/2021/6642252.

Der volle Inhalt der Quelle
Annotation:
As the number of Android malware applications continues to grow at a high rate, detecting malware to protect the system security and user privacy is becoming increasingly urgent. Each malware application belongs to a specific family, and there is a gap in the number of malware families. The accuracy of detection can be improved if malware family information is well utilized and certain strategies are adopted to balance the variability among samples. In addition, the performance of a base classifier is limited. If an ensemble classifier or an ensemble method can be adopted, the detection effect can be further improved. Therefore, this paper proposes a novel malware family-based bagging algorithm for Android malware detection, called FB2Droid, to perform malware detection. First, five features are extracted from the Android application package. Then, the relief feature selection algorithm is used for feature selection. Next, we designed two different sampling strategies based on different families of malware to alleviate the sample imbalance in the dataset. Combined with the two sampling strategies, the traditional bagging algorithm is improved to integrate the classifier. In the experiment, several classifiers were used to evaluate the proposed scheme. The experimental results show that the proposed sampling strategy and the improved bagging algorithm can effectively improve the detection accuracy of these classifiers.
APA, Harvard, Vancouver, ISO und andere Zitierweisen
9

Alswaina, Fahad, und Khaled Elleithy. „Android Malware Family Classification and Analysis: Current Status and Future Directions“. Electronics 9, Nr. 6 (05.06.2020): 942. http://dx.doi.org/10.3390/electronics9060942.

Der volle Inhalt der Quelle
Annotation:
Android receives major attention from security practitioners and researchers due to the influx number of malicious applications. For the past twelve years, Android malicious applications have been grouped into families. In the research community, detecting new malware families is a challenge. As we investigate, most of the literature reviews focus on surveying malware detection. Characterizing the malware families can improve the detection process and understand the malware patterns. For this reason, we conduct a comprehensive survey on the state-of-the-art Android malware familial detection, identification, and categorization techniques. We categorize the literature based on three dimensions: type of analysis, features, and methodologies and techniques. Furthermore, we report the datasets that are commonly used. Finally, we highlight the limitations that we identify in the literature, challenges, and future research directions regarding the Android malware family.
APA, Harvard, Vancouver, ISO und andere Zitierweisen
10

Cheng, Binlin, Qiang Tong, Jianhong Wang und Wenhui Tian. „Malware Clustering Using Family Dependency Graph“. IEEE Access 7 (2019): 72267–72. http://dx.doi.org/10.1109/access.2019.2914031.

Der volle Inhalt der Quelle
APA, Harvard, Vancouver, ISO und andere Zitierweisen
11

Zhu, Xuejin, Jie Huang, Bin Wang und Chunyang Qi. „Malware homology determination using visualized images and feature fusion“. PeerJ Computer Science 7 (15.04.2021): e494. http://dx.doi.org/10.7717/peerj-cs.494.

Der volle Inhalt der Quelle
Annotation:
The family homology determination of malware has become a research hotspot as the number of malware variants are on the rise. However, existing studies on malware visualization only determines homology based on the global structure features of executable, which leads creators of some malware variants with the same structure intentionally set to misclassify them as the same family. We sought to develop a homology determination method using the fusion of global structure features and local fine-grained features based on malware visualization. Specifically, the global structural information of the malware executable file was converted into a bytecode image, and the opcode semantic information of the code segment was extracted by the n-gram feature model to generate an opcode image. We also propose a dual-branch convolutional neural network, which features the opcode image and bytecode image as the final family classification basis. Our results demonstrate that the accuracy and F-measure of family homology classification based on the proposed scheme are 99.05% and 98.52% accurate, respectively, which is better than the results from a single image feature or other major schemes.
APA, Harvard, Vancouver, ISO und andere Zitierweisen
12

Aguilera, Luis Rojas, Eduardo Souto und Gilbert Breves Martins. „Improving the detection of metamorphic malware through data dependency graphs indexing“. Journal of Information Security and Cryptography (Enigma) 4, Nr. 1 (21.07.2018): 03. http://dx.doi.org/10.17648/enigma.v4i1.65.

Der volle Inhalt der Quelle
Annotation:
Metamorphism have been successfully used in original malicious code to the creation and proliferation of new malware instances, making them harder to detect. This work presents an approach that identifies metamorphic malware through data dependency graphs comparison. Features are extracted on data dependency graphs to build an index that is used to determine which malware family a suspicious code belongs to. Experimental results on 3045 samples of metamorphic malware showed that our proposed approach obtained accuracy rate higher than most commercial anti-malware tools.
APA, Harvard, Vancouver, ISO und andere Zitierweisen
13

Ding, Chao, Nurbol Luktarhan, Bei Lu und Wenhui Zhang. „A Hybrid Analysis-Based Approach to Android Malware Family Classification“. Entropy 23, Nr. 8 (03.08.2021): 1009. http://dx.doi.org/10.3390/e23081009.

Der volle Inhalt der Quelle
Annotation:
With the popularity of Android, malware detection and family classification have also become a research focus. Many excellent methods have been proposed by previous authors, but static and dynamic analyses inevitably require complex processes. A hybrid analysis method for detecting Android malware and classifying malware families is presented in this paper, and is partially optimized for multiple-feature data. For static analysis, we use permissions and intent as static features and use three feature selection methods to form a subset of three candidate features. Compared with various models, including k-nearest neighbors and random forest, random forest is the best, with a detection rate of 95.04%, while the chi-square test is the best feature selection method. After using feature selection to explore the critical static features contained in this dataset, we analyzed a subset of important features to gain more insight into the malware. In a dynamic analysis based on network traffic, unlike those that focus on a one-way flow of traffic and work on HTTP protocols and transport layer protocols, we focused on sessions and retained protocol layers. The Res7LSTM model is then used to further classify the malicious and partially benign samples detected in the static detection. The experimental results show that our approach can not only work with fewer static features and guarantee sufficient accuracy, but also improve the detection rate of Android malware family classification from 71.48% in previous work to 99% when cutting the traffic in terms of the sessions and protocols of all layers.
APA, Harvard, Vancouver, ISO und andere Zitierweisen
14

Cho, In Kyeom, und Eul Gyu Im. „Malware Family Recommendation using Multiple Sequence Alignment“. Journal of KIISE 43, Nr. 3 (15.03.2016): 289–95. http://dx.doi.org/10.5626/jok.2016.43.3.289.

Der volle Inhalt der Quelle
APA, Harvard, Vancouver, ISO und andere Zitierweisen
15

Dayal, Mohit, und Bharti Nagpal. „A compendious investigation of Android malware family“. International Journal of Information Privacy, Security and Integrity 2, Nr. 4 (2016): 330. http://dx.doi.org/10.1504/ijipsi.2016.082127.

Der volle Inhalt der Quelle
APA, Harvard, Vancouver, ISO und andere Zitierweisen
16

Nagpal, Bharti, und Mohit Dayal. „A compendious investigation of Android malware family“. International Journal of Information Privacy, Security and Integrity 2, Nr. 4 (2016): 330. http://dx.doi.org/10.1504/ijipsi.2016.10003026.

Der volle Inhalt der Quelle
APA, Harvard, Vancouver, ISO und andere Zitierweisen
17

Lee, Jehyun, Suyeon Lee und Heejo Lee. „Screening smartphone applications using malware family signatures“. Computers & Security 52 (Juli 2015): 234–49. http://dx.doi.org/10.1016/j.cose.2015.02.003.

Der volle Inhalt der Quelle
APA, Harvard, Vancouver, ISO und andere Zitierweisen
18

O’Shaughnessy, Stephen, und Frank Breitinger. „Malware family classification via efficient Huffman features“. Forensic Science International: Digital Investigation 37 (Juli 2021): 301192. http://dx.doi.org/10.1016/j.fsidi.2021.301192.

Der volle Inhalt der Quelle
APA, Harvard, Vancouver, ISO und andere Zitierweisen
19

Rashed, Mohammed, und Guillermo Suarez-Tangil. „An Analysis of Android Malware Classification Services“. Sensors 21, Nr. 16 (23.08.2021): 5671. http://dx.doi.org/10.3390/s21165671.

Der volle Inhalt der Quelle
Annotation:
The increasing number of Android malware forced antivirus (AV) companies to rely on automated classification techniques to determine the family and class of suspicious samples. The research community relies heavily on such labels to carry out prevalence studies of the threat ecosystem and to build datasets that are used to validate and benchmark novel detection and classification methods. In this work, we carry out an extensive study of the Android malware ecosystem by surveying white papers and reports from 6 key players in the industry, as well as 81 papers from 8 top security conferences, to understand how malware datasets are used by both. We, then, explore the limitations associated with the use of available malware classification services, namely VirusTotal (VT) engines, for determining the family of an Android sample. Using a dataset of 2.47 M Android malware samples, we find that the detection coverage of VT’s AVs is generally very low, that the percentage of samples flagged by any 2 AV engines does not go beyond 52%, and that common families between any pair of AV engines is at best 29%. We rely on clustering to determine the extent to which different AV engine pairs agree upon which samples belong to the same family (regardless of the actual family name) and find that there are discrepancies that can introduce noise in automatic label unification schemes. We also observe the usage of generic labels and inconsistencies within the labels of top AV engines, suggesting that their efforts are directed towards accurate detection rather than classification. Our results contribute to a better understanding of the limitations of using Android malware family labels as supplied by common AV engines.
APA, Harvard, Vancouver, ISO und andere Zitierweisen
20

Wang, Chenyue, Linlin Zhang, Kai Zhao, Xuhui Ding und Xusheng Wang. „AdvAndMal: Adversarial Training for Android Malware Detection and Family Classification“. Symmetry 13, Nr. 6 (17.06.2021): 1081. http://dx.doi.org/10.3390/sym13061081.

Der volle Inhalt der Quelle
Annotation:
In recent years, Android malware has continued to evolve against detection technologies, becoming more concealed and harmful, making it difficult for existing models to resist adversarial sample attacks. At the current stage, the detection result is no longer the only criterion for evaluating the pros and cons of the model with its algorithms, it is also vital to take the model’s defensive ability against adversarial samples into consideration. In this study, we propose a general framework named AdvAndMal, which consists of a two-layer network for adversarial training to generate adversarial samples and improve the effectiveness of the classifiers in Android malware detection and family classification. The adversarial sample generation layer is composed of a conditional generative adversarial network called pix2pix, which can generate malware variants to extend the classifiers’ training set, and the malware classification layer is trained by RGB image visualized from the sequence of system calls. To evaluate the adversarial training effect of the framework, we propose the robustness coefficient, a symmetric interval i = [−1, 1], and conduct controlled experiments on the dataset to measure the robustness of the overall framework for the adversarial training. Experimental results on 12 families with the largest number of samples in the Drebin dataset show that the accuracy of the overall framework is increased from 0.976 to 0.989, and its robustness coefficient is increased from 0.857 to 0.917, which proves the effectiveness of the adversarial training method.
APA, Harvard, Vancouver, ISO und andere Zitierweisen
21

Chae, Dong-Kyu, Sung-Jun Park, Eujeanne Kim, Jiwon Hong und Sang-Wook Kim. „Identifying the Author Group of Malwares through Graph Embedding and Human-in-the-Loop Classification“. Applied Sciences 11, Nr. 14 (20.07.2021): 6640. http://dx.doi.org/10.3390/app11146640.

Der volle Inhalt der Quelle
Annotation:
Malware are developed for various types of malicious attacks, e.g., to gain access to a user’s private information or control of the computer system. The identification and classification of malware has been extensively studied in academic societies and many companies. Beyond the traditional research areas in this field, including malware detection, malware propagation analysis, and malware family clustering, this paper focuses on identifying the “author group” of a given malware as a means of effective detection and prevention of further malware threats, along with providing evidence for proper legal action. Our framework consists of a malware-feature bipartite graph construction, malware embedding based on DeepWalk, and classification of the target malware based on the k-nearest neighbors (KNN) classification. However, our KNN classifier often faced ambiguous cases, where it should say “I don’t know” rather than attempting to predict something with a high risk of misclassification. Therefore, our framework allows human experts to intervene in the process of classification for the final decision. We also developed a graphical user interface that provides the points of ambiguity for helping human experts to effectively determine the author group of the target malware. We demonstrated the effectiveness of our human-in-the-loop classification framework via extensive experiments using real-world malware data.
APA, Harvard, Vancouver, ISO und andere Zitierweisen
22

Bai, Jinrong, Qibin Shi und Shiguang Mu. „A Malware and Variant Detection Method Using Function Call Graph Isomorphism“. Security and Communication Networks 2019 (22.09.2019): 1–12. http://dx.doi.org/10.1155/2019/1043794.

Der volle Inhalt der Quelle
Annotation:
The huge influx of malware variants are generated using packing and obfuscating techniques. Current antivirus software use byte signature to identify known malware, and this method is easy to be deceived and generally ineffective for identifying malware variants. Antivirus experts use hash signature to verify if captured sample is one of the malware databases, and this method cannot recognize malware variants whose hash signatures have changed completely. Function call graph is a high-level abstraction representation of a program and more stable and resilient than byte or hash signature. In this paper, function call graph is used as signature of a program, and two kinds of graph isomorphism algorithms are employed to identify known malware and its variants. Four experiments are designed to evaluate the performance of the proposed method. Experimental results indicate that the proposed method is effective and efficient for identifying known malware and a portion of their variants. The proposed method can also be used to index and locate a large-scale malware database and group malware to the corresponding family.
APA, Harvard, Vancouver, ISO und andere Zitierweisen
23

Jang, Sejun, Shuyu Li und Yunsick Sung. „FastText-Based Local Feature Visualization Algorithm for Merged Image-Based Malware Classification Framework for Cyber Security and Cyber Defense“. Mathematics 8, Nr. 3 (24.03.2020): 460. http://dx.doi.org/10.3390/math8030460.

Der volle Inhalt der Quelle
Annotation:
The importance of cybersecurity has recently been increasing. A malware coder writes malware into normal executable files. A computer is more likely to be infected by malware when users have easy access to various executables. Malware is considered as the starting point for cyber-attacks; thus, the timely detection, classification and blocking of malware are important. Malware visualization is a method for detecting or classifying malware. A global image is visualized through binaries extracted from malware. The overall structure and behavior of malware are considered when global images are utilized. However, the visualization of obfuscated malware is tough, owing to the difficulties encountered when extracting local features. This paper proposes a merged image-based malware classification framework that includes local feature visualization, global image-based local feature visualization, and global and local image merging methods. This study introduces a fastText-based local feature visualization method: First, local features such as opcodes and API function names are extracted from the malware; second, important local features in each malware family are selected via the term frequency inverse document frequency algorithm; third, the fastText model embeds the selected local features; finally, the embedded local features are visualized through a normalization process. Malware classification based on the proposed method using the Microsoft Malware Classification Challenge dataset was experimentally verified. The accuracy of the proposed method was approximately 99.65%, which is 2.18% higher than that of another contemporary global image-based approach.
APA, Harvard, Vancouver, ISO und andere Zitierweisen
24

Catak, Ferhat Ozgur, Ahmet Faruk Yazı, Ogerta Elezaj und Javed Ahmed. „Deep learning based Sequential model for malware analysis using Windows exe API Calls“. PeerJ Computer Science 6 (27.07.2020): e285. http://dx.doi.org/10.7717/peerj-cs.285.

Der volle Inhalt der Quelle
Annotation:
Malware development has seen diversity in terms of architecture and features. This advancement in the competencies of malware poses a severe threat and opens new research dimensions in malware detection. This study is focused on metamorphic malware, which is the most advanced member of the malware family. It is quite impossible for anti-virus applications using traditional signature-based methods to detect metamorphic malware, which makes it difficult to classify this type of malware accordingly. Recent research literature about malware detection and classification discusses this issue related to malware behavior. The main goal of this paper is to develop a classification method according to malware types by taking into consideration the behavior of malware. We started this research by developing a new dataset containing API calls made on the windows operating system, which represents the behavior of malicious software. The types of malicious malware included in the dataset are Adware, Backdoor, Downloader, Dropper, spyware, Trojan, Virus, and Worm. The classification method used in this study is LSTM (Long Short-Term Memory), which is a widely used classification method in sequential data. The results obtained by the classifier demonstrate accuracy up to 95% with 0.83 $F_1$-score, which is quite satisfactory. We also run our experiments with binary and multi-class malware datasets to show the classification performance of the LSTM model. Another significant contribution of this research paper is the development of a new dataset for Windows operating systems based on API calls. To the best of our knowledge, there is no such dataset available before our research. The availability of our dataset on GitHub facilitates the research community in the domain of malware detection to benefit and make a further contribution to this domain.
APA, Harvard, Vancouver, ISO und andere Zitierweisen
25

Black, Paul, Iqbal Gondal, Peter Vamplew und Arun Lakhotia. „Function Similarity Using Family Context“. Electronics 9, Nr. 7 (17.07.2020): 1163. http://dx.doi.org/10.3390/electronics9071163.

Der volle Inhalt der Quelle
Annotation:
Finding changed and similar functions between a pair of binaries is an important problem in malware attribution and for the identification of new malware capabilities. This paper presents a new technique called Function Similarity using Family Context (FSFC) for this problem. FSFC trains a Support Vector Machine (SVM) model using pairs of similar functions from two program variants. This method improves upon previous research called Cross Version Contextual Function Similarity (CVCFS) e epresenting a function using features extracted not just from the function itself, but also, from other functions with which it has a caller and callee relationship. We present the results of an initial experiment that shows that the use of additional features from the context of a function significantly decreases the false positive rate, obviating the need for a separate pass for cleaning false positives. The more surprising and unexpected finding is that the SVM model produced by FSFC can abstract function similarity features from one pair of program variants to find similar functions in an unrelated pair of program variants. If validated by a larger study, this new property leads to the possibility of creating generic similar function classifiers that can be packaged and distributed in reverse engineering tools such as IDA Pro and Ghidra.
APA, Harvard, Vancouver, ISO und andere Zitierweisen
26

Ding, Yuxin, Xiaoling Xia, Sheng Chen und Ye Li. „A malware detection method based on family behavior graph“. Computers & Security 73 (März 2018): 73–86. http://dx.doi.org/10.1016/j.cose.2017.10.007.

Der volle Inhalt der Quelle
APA, Harvard, Vancouver, ISO und andere Zitierweisen
27

Kim, Heejin, Kyuho Kim, Ming Jin und Jiman Hong. „Android Malware Family Classification based on Weighted Majority Voting“. KIISE Transactions on Computing Practices 27, Nr. 2 (28.02.2021): 116–21. http://dx.doi.org/10.5626/ktcp.2021.27.2.116.

Der volle Inhalt der Quelle
APA, Harvard, Vancouver, ISO und andere Zitierweisen
28

Gupta, Charu, Rakesh Kumar Singh, Simran Kaur Bhatia und Amar Kumar Mohapatra. „DecaDroid Classification and Characterization of Malicious Behaviour in Android Applications“. International Journal of Information Security and Privacy 14, Nr. 4 (Oktober 2020): 57–73. http://dx.doi.org/10.4018/ijisp.2020100104.

Der volle Inhalt der Quelle
Annotation:
Widespread use of Android-based applications on the smartphones has resulted in significant growth of security attack incidents. Malware-based attacks are the most common attacks on Android-based smartphones. To forestall malware from attacking the users, a much better understanding of Android malware and its behaviour is required. In this article, an approach to classify and characterise the malicious behaviour of Android applications using static features, data flow analysis, and machine learning techniques has been proposed. Static features like hardware components, permissions, Android components and inter-component communication along with unique source-sink pairs obtained from data flow analysis have been used to extract the features of the Android applications. Based on the features extracted, the malicious behaviour of the applications has been classified to their respective malware family. The proposed approach has given 95.19% accuracy rate and F1 measure of 92.19302 with the largest number of malware families classified as compared to previous work.
APA, Harvard, Vancouver, ISO und andere Zitierweisen
29

Han, KyoungSoo, BooJoong Kang und Eul Gyu Im. „Malware Analysis Using Visualized Image Matrices“. Scientific World Journal 2014 (2014): 1–15. http://dx.doi.org/10.1155/2014/132713.

Der volle Inhalt der Quelle
Annotation:
This paper proposes a novel malware visual analysis method that contains not only a visualization method to convert binary files into images, but also a similarity calculation method between these images. The proposed method generates RGB-colored pixels on image matrices using the opcode sequences extracted from malware samples and calculates the similarities for the image matrices. Particularly, our proposed methods are available for packed malware samples by applying them to the execution traces extracted through dynamic analysis. When the images are generated, we can reduce the overheads by extracting the opcode sequences only from the blocks that include the instructions related to staple behaviors such as functions and application programming interface (API) calls. In addition, we propose a technique that generates a representative image for each malware family in order to reduce the number of comparisons for the classification of unknown samples and the colored pixel information in the image matrices is used to calculate the similarities between the images. Our experimental results show that the image matrices of malware can effectively be used to classify malware families both statically and dynamically with accuracy of 0.9896 and 0.9732, respectively.
APA, Harvard, Vancouver, ISO und andere Zitierweisen
30

Massarelli, Luca, Leonardo Aniello, Claudio Ciccotelli, Leonardo Querzoni, Daniele Ucci und Roberto Baldoni. „AndroDFA: Android Malware Classification Based on Resource Consumption“. Information 11, Nr. 6 (16.06.2020): 326. http://dx.doi.org/10.3390/info11060326.

Der volle Inhalt der Quelle
Annotation:
The vast majority of today’s mobile malware targets Android devices. An important task of malware analysis is the classification of malicious samples into known families. In this paper, we propose AndroDFA (DFA, detrended fluctuation analysis): an approach to Android malware family classification based on dynamic analysis of resource consumption metrics available from the proc file system. These metrics can be easily measured during sample execution. From each malware, we extract features through detrended fluctuation analysis (DFA) and Pearson’s correlation, then a support vector machine is employed to classify malware into families. We provide an experimental evaluation based on malware samples from two datasets, namely Drebin and AMD. With the Drebin dataset, we obtained a classification accuracy of 82%, comparable with works from the state-of-the-art like DroidScribe. However, compared to DroidScribe, our approach is easier to reproduce because it is based on publicly available tools only, does not require any modification to the emulated environment or Android OS, and by design, can also be used on physical devices rather than exclusively on emulators. The latter is a key factor because modern mobile malware can detect the emulated environment and hide its malicious behavior. The experiments on the AMD dataset gave similar results, with an overall mean accuracy of 78%. Furthermore, we made the software we developed publicly available, to ease the reproducibility of our results.
APA, Harvard, Vancouver, ISO und andere Zitierweisen
31

Catak, Ferhat Ozgur, Javed Ahmed, Kevser Sahinbas und Zahid Hussain Khand. „Data augmentation based malware detection using convolutional neural networks“. PeerJ Computer Science 7 (22.01.2021): e346. http://dx.doi.org/10.7717/peerj-cs.346.

Der volle Inhalt der Quelle
Annotation:
Due to advancements in malware competencies, cyber-attacks have been broadly observed in the digital world. Cyber-attacks can hit an organization hard by causing several damages such as data breach, financial loss, and reputation loss. Some of the most prominent examples of ransomware attacks in history are WannaCry and Petya, which impacted companies’ finances throughout the globe. Both WannaCry and Petya caused operational processes inoperable by targeting critical infrastructure. It is quite impossible for anti-virus applications using traditional signature-based methods to detect this type of malware because they have different characteristics on each contaminated computer. The most important feature of this type of malware is that they change their contents using their mutation engines to create another hash representation of the executable file as they propagate from one computer to another. To overcome this method that attackers use to camouflage malware, we have created three-channel image files of malicious software. Attackers make different variants of the same software because they modify the contents of the malware. In the solution to this problem, we created variants of the images by applying data augmentation methods. This article aims to provide an image augmentation enhanced deep convolutional neural network (CNN) models for detecting malware families in a metamorphic malware environment. The main contributions of the article consist of three components, including image generation from malware samples, image augmentation, and the last one is classifying the malware families by using a CNN model. In the first component, the collected malware samples are converted into binary file to 3-channel images using the windowing technique. The second component of the system create the augmented version of the images, and the last part builds a classification model. This study uses five different deep CNN model for malware family detection. The results obtained by the classifier demonstrate accuracy up to 98%, which is quite satisfactory.
APA, Harvard, Vancouver, ISO und andere Zitierweisen
32

Bagui, Sikha, und Daniel Benson. „Android Adware Detection Using Machine Learning“. International Journal of Cyber Research and Education 3, Nr. 2 (Juli 2021): 1–19. http://dx.doi.org/10.4018/ijcre.2021070101.

Der volle Inhalt der Quelle
Annotation:
Adware, an advertising-supported software, becomes a type of malware when it automatically delivers unwanted advertisements to an infected device, steals user information, and opens other vulnerabilities that allow other malware and adware to be installed. With the rise of more and complex evasive malware, specifically adware, better methods of detecting adware are required. Though a lot of work has been done on malware detection in general, very little focus has been put on the adware family. The novelty of this paper lies in analyzing the individual adware families. To date, no work has been done on analyzing the individual adware families. In this paper, using the CICAndMal2017 dataset, feature selection is performed using information gain, and classification is performed using machine learning. The best attributes for classification of each of the individual adware families using network traffic samples are presented. The results present an average classification rate that is an improvement over previous works for classification of individual adware families.
APA, Harvard, Vancouver, ISO und andere Zitierweisen
33

Parmuval, Poonam, Mosin Hasan und Samip Patel. „Malware Family Detection Approach using Image Processing Techniques: Visualization Technique“. International Journal of Computer Applications Technology and Research 07, Nr. 03 (25.03.2018): 129–32. http://dx.doi.org/10.7753/ijcatr0703.1004.

Der volle Inhalt der Quelle
APA, Harvard, Vancouver, ISO und andere Zitierweisen
34

Choi, Changhee, Kyeongsik Lee, Hwaseong Lee, Ilhoon Jeong und Hosang Yun. „Malware Family Classification Based on Novel Features from Frequency Analysis“. International Journal of Computer Theory and Engineering 10, Nr. 4 (2018): 135–38. http://dx.doi.org/10.7763/ijcte.2018.v10.1214.

Der volle Inhalt der Quelle
APA, Harvard, Vancouver, ISO und andere Zitierweisen
35

Dhalaria, Meghna, und Ekta Gandotra. „A Hybrid Approach for Android Malware Detection and Family Classification“. International Journal of Interactive Multimedia and Artificial Intelligence In Press, In Press (2020): 1. http://dx.doi.org/10.9781/ijimai.2020.09.001.

Der volle Inhalt der Quelle
APA, Harvard, Vancouver, ISO und andere Zitierweisen
36

Garcia, Joshua, Mahmoud Hammad und Sam Malek. „Lightweight, Obfuscation-Resilient Detection and Family Identification of Android Malware“. ACM Transactions on Software Engineering and Methodology 26, Nr. 3 (12.01.2018): 1–29. http://dx.doi.org/10.1145/3162625.

Der volle Inhalt der Quelle
APA, Harvard, Vancouver, ISO und andere Zitierweisen
37

Bolton, Alexander D., und Nicholas A. Heard. „Malware Family Discovery Using Reversible Jump MCMC Sampling of Regimes“. Journal of the American Statistical Association 113, Nr. 524 (11.07.2018): 1490–502. http://dx.doi.org/10.1080/01621459.2018.1423984.

Der volle Inhalt der Quelle
APA, Harvard, Vancouver, ISO und andere Zitierweisen
38

Kang, Munyeong, Seonghyun Park, Jihyeon Park, Seong-je Cho und Minkyu Park. „Image-based Android Malware Family Classification Using Convolutional Neural Network“. KIISE Transactions on Computing Practices 27, Nr. 4 (30.04.2021): 189–97. http://dx.doi.org/10.5626/ktcp.2021.27.4.189.

Der volle Inhalt der Quelle
APA, Harvard, Vancouver, ISO und andere Zitierweisen
39

Moshood Abiola, Alogba, und Mohd Fadzli Marhusin. „Signature-Based Malware Detection Using Sequences of N-grams“. International Journal of Engineering & Technology 7, Nr. 4.15 (07.10.2018): 120. http://dx.doi.org/10.14419/ijet.v7i4.15.21432.

Der volle Inhalt der Quelle
Annotation:
The focus of our study is on one set of malware family known as Brontok worms. These worms have long been a huge burden to most Windows-based user platforms. A prototype of the antivirus was able to scan files and accurately detect any traces of the Brontok malware signatures in the scanned files. In this study, we developed a detection model by extracting the signatures of the Brontok worms and used an n-gram technique to break down the signatures. This process makes the task to remove redundancies between the signatures of the different types of Brontok malware easier. Hence, it was used in this study to accurately differentiate between the signatures of both malicious and normal files. During the experiment, we have successfully detected the presence of Brontok worms while correctly identifying the benign ones. The techniques employed in the experiment provided some insight on creating a good signature-based detector, which could be used to create a more credible solution that eliminates any threats of old malware that may resurface in the future.
APA, Harvard, Vancouver, ISO und andere Zitierweisen
40

Zhao, Yanjie, Li Li, Haoyu Wang, Haipeng Cai, Tegawendé F. Bissyandé, Jacques Klein und John Grundy. „On the Impact of Sample Duplication in Machine-Learning-Based Android Malware Detection“. ACM Transactions on Software Engineering and Methodology 30, Nr. 3 (Mai 2021): 1–38. http://dx.doi.org/10.1145/3446905.

Der volle Inhalt der Quelle
Annotation:
Malware detection at scale in the Android realm is often carried out using machine learning techniques. State-of-the-art approaches such as DREBIN and MaMaDroid are reported to yield high detection rates when assessed against well-known datasets. Unfortunately, such datasets may include a large portion of duplicated samples, which may bias recorded experimental results and insights. In this article, we perform extensive experiments to measure the performance gap that occurs when datasets are de-duplicated. Our experimental results reveal that duplication in published datasets has a limited impact on supervised malware classification models. This observation contrasts with the finding of Allamanis on the general case of machine learning bias for big code. Our experiments, however, show that sample duplication more substantially affects unsupervised learning models (e.g., malware family clustering). Nevertheless, we argue that our fellow researchers and practitioners should always take sample duplication into consideration when performing machine-learning-based (via either supervised or unsupervised learning) Android malware detections, no matter how significant the impact might be.
APA, Harvard, Vancouver, ISO und andere Zitierweisen
41

Calleja, Alejandro, Alejandro Martín, Héctor D. Menéndez, Juan Tapiador und David Clark. „Picking on the family: Disrupting android malware triage by forcing misclassification“. Expert Systems with Applications 95 (April 2018): 113–26. http://dx.doi.org/10.1016/j.eswa.2017.11.032.

Der volle Inhalt der Quelle
APA, Harvard, Vancouver, ISO und andere Zitierweisen
42

Atzeni, Andrea, Fernando Diaz, Andrea Marcelli, Antonio Sanchez, Giovanni Squillero und Alberto Tonda. „Countering Android Malware: A Scalable Semi-Supervised Approach for Family-Signature Generation“. IEEE Access 6 (2018): 59540–56. http://dx.doi.org/10.1109/access.2018.2874502.

Der volle Inhalt der Quelle
APA, Harvard, Vancouver, ISO und andere Zitierweisen
43

Zhang, Li, Vrizlynn L. L. Thing und Yao Cheng. „A scalable and extensible framework for android malware detection and family attribution“. Computers & Security 80 (Januar 2019): 120–33. http://dx.doi.org/10.1016/j.cose.2018.10.001.

Der volle Inhalt der Quelle
APA, Harvard, Vancouver, ISO und andere Zitierweisen
44

Iadarola, Giacomo, Fabio Martinelli, Francesco Mercaldo und Antonella Santone. „Towards an interpretable deep learning model for mobile malware detection and family identification“. Computers & Security 105 (Juni 2021): 102198. http://dx.doi.org/10.1016/j.cose.2021.102198.

Der volle Inhalt der Quelle
APA, Harvard, Vancouver, ISO und andere Zitierweisen
45

Dib, Mirabelle, Sadegh Torabi, Elias Bou-Harb und Chadi Assi. „A Multi-Dimensional Deep Learning Framework for IoT Malware Classification and Family Attribution“. IEEE Transactions on Network and Service Management 18, Nr. 2 (Juni 2021): 1165–77. http://dx.doi.org/10.1109/tnsm.2021.3075315.

Der volle Inhalt der Quelle
APA, Harvard, Vancouver, ISO und andere Zitierweisen
46

Wu, Qing, Miaomiao Li, Xueling Zhu und Bo Liu. „MVIIDroid: A Multiple View Information Integration Approach for Android Malware Detection and Family Identification“. IEEE MultiMedia 27, Nr. 4 (01.10.2020): 48–57. http://dx.doi.org/10.1109/mmul.2020.3022702.

Der volle Inhalt der Quelle
APA, Harvard, Vancouver, ISO und andere Zitierweisen
47

Kelarev, Andrei, John Yearwood und Paul Watters. „INTERNET SECURITY APPLICATIONS OF GRÖBNER-SHIRSHOV BASES“. Asian-European Journal of Mathematics 03, Nr. 03 (September 2010): 435–42. http://dx.doi.org/10.1142/s1793557110000283.

Der volle Inhalt der Quelle
Annotation:
This article is motivated by internet security applications of multiple classifiers designed for the detection of malware. Following a standard approach in data mining, Dazeley et al. (Asian-European J. Math. 2 (2009)(1) 41–56) used Gröbner-Shirshov bases to define a family of multiple classifiers and develop an algorithm optimizing their properties.The present article complements and strengthens these results. We consider a broader construction of classifiers and develop a new and more general algorithm for the optimization of their essential properties.
APA, Harvard, Vancouver, ISO und andere Zitierweisen
48

Wang, Peng, Zhijie Tang und Junfeng Wang. „A novel few-shot malware classification approach for unknown family recognition with multi-prototype modeling“. Computers & Security 106 (Juli 2021): 102273. http://dx.doi.org/10.1016/j.cose.2021.102273.

Der volle Inhalt der Quelle
APA, Harvard, Vancouver, ISO und andere Zitierweisen
49

O., Amusan, Thompson A. F., Aderinola T. B. und Alese B. K. „Modelling Malicious Attack in Social Networks“. Network and Communication Technologies 5, Nr. 1 (06.02.2020): 37. http://dx.doi.org/10.5539/nct.v5n1p37.

Der volle Inhalt der Quelle
Annotation:
Online Social Networks (OSNs) are based on actual trust relationships in environments which help people communicate with friends, family and acquaintances. Malicious individuals take advantage of this trust relationship to propagate malware through social networks. We study the dynamics of malware propagation among OSN users. Social networks users are referred to as nodes which is in two compartments: Healthy (H), or Infected (I). A H node could either be susceptible to infection (S) or removed (R). Simulations were carried out in R using the EpiModel network simulation package. Two networks were simulated thrice with different parameters to give better average values. Two categories of nodes, first category comprises of 3000 nodes with fewer connections and the second category comprising of 7000 nodes are the influential nodes with more connections. The larger network tends to have a higher fraction of nodes getting infected per unit time due to the high level of connectivity, as opposed to the small network where the number of connections is few. However, the infection tends to persist in the network as long as the birth rate is not equal to zero.
APA, Harvard, Vancouver, ISO und andere Zitierweisen
50

Čeponis, Dainius, und Nikolaj Goranin. „Evaluation of Deep Learning Methods Efficiency for Malicious and Benign System Calls Classification on the AWSCTD“. Security and Communication Networks 2019 (11.11.2019): 1–12. http://dx.doi.org/10.1155/2019/2317976.

Der volle Inhalt der Quelle
Annotation:
The increasing amount of malware and cyberattacks on a host level increases the need for a reliable anomaly-based host IDS (HIDS) that would be able to deal with zero-day attacks and would ensure low false alarm rate (FAR), which is critical for the detection of such activity. Deep learning methods such as convolutional neural networks (CNNs) and recurrent neural networks (RNNs) are considered to be highly suitable for solving data-driven security solutions. Therefore, it is necessary to perform the comparative analysis of such methods in order to evaluate their efficiency in attack classification as well as their ability to distinguish malicious and benign activity. In this article, we present the results achieved with the AWSCTD (attack-caused Windows OS system calls traces dataset), which can be considered as the most exhaustive set of host-level anomalies at the moment, including 112.56 million system calls from 12110 executable malware samples and 3145 benign software samples with 16.3 million system calls. The best results were obtained with CNNs with up to 90.0% accuracy for family classification and 95.0% accuracy for malicious/benign determination. RNNs demonstrated slightly inferior results. Furthermore, CNN tuning via an increase in the number of layers should make them practically applicable for host-level anomaly detection.
APA, Harvard, Vancouver, ISO und andere Zitierweisen
Wir bieten Rabatte auf alle Premium-Pläne für Autoren, deren Werke in thematische Literatursammlungen aufgenommen wurden. Kontaktieren Sie uns, um einen einzigartigen Promo-Code zu erhalten!

Zur Bibliographie