Relevant bibliographies by topics / Malware family / Journal articles
To see the other types of publications on this topic, follow the link: Malware family.

Journal articles on the topic 'Malware family'

Author: Grafiati
Published: 28 June 2021
Last updated: 17 February 2022

Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles

Select a source type:

Consult the top 50 journal articles for your research on the topic 'Malware family.'

Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.

You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.

Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.

1

Yan, Jinpei, Yong Qi, and Qifan Rao. "Detecting Malware with an Ensemble Method Based on Deep Neural Network." Security and Communication Networks 2018 (2018): 1–16. http://dx.doi.org/10.1155/2018/7247095.

Full text
Abstract:
Malware detection plays a crucial role in computer security. Recent researches mainly use machine learning based methods heavily relying on domain knowledge for manually extracting malicious features. In this paper, we propose MalNet, a novel malware detection method that learns features automatically from the raw data. Concretely, we first generate a grayscale image from malware file, meanwhile extracting its opcode sequences with the decompilation tool IDA. Then MalNet uses CNN and LSTM networks to learn from grayscale image and opcode sequence, respectively, and takes a stacking ensemble for malware classification. We perform experiments on more than 40,000 samples including 20,650 benign files collected from online software providers and 21,736 malwares provided by Microsoft. The evaluation result shows that MalNet achieves 99.88% validation accuracy for malware detection. In addition, we also take malware family classification experiment on 9 malware families to compare MalNet with other related works, in which MalNet outperforms most of related works with 99.36% detection accuracy and achieves a considerable speed-up on detecting efficiency comparing with two state-of-the-art results on Microsoft malware dataset.
APA, Harvard, Vancouver, ISO, and other styles
2

Jiao, Jian, Qiyuan Liu, Xin Chen, and Hongsheng Cao. "Behavior Intention Derivation of Android Malware Using Ontology Inference." Journal of Electrical and Computer Engineering 2018 (2018): 1–13. http://dx.doi.org/10.1155/2018/9250297.

Full text
Abstract:
Previous researches on Android malware mainly focus on malware detection, and malware’s evolution makes the process face certain hysteresis. The information presented by these detected results (malice judgment, family classification, and behavior characterization) is limited for analysts. Therefore, a method is needed to restore the intention of malware, which reflects the relation between multiple behaviors of complex malware and its ultimate purpose. This paper proposes a novel description and derivation model of Android malware intention based on the theory of intention and malware reverse engineering. This approach creates ontology for malware intention to model the semantic relation between behaviors and its objects and automates the process of intention derivation by using SWRL rules transformed from intention model and Jess inference engine. Experiments on 75 typical samples show that the inference system can perform derivation of malware intention effectively, and 89.3% of the inference results are consistent with artificial analysis, which proves the feasibility and effectiveness of our theory and inference system.
APA, Harvard, Vancouver, ISO, and other styles
3

Prima, B., and M. Bouhorma. "USING TRANSFER LEARNING FOR MALWARE CLASSIFICATION." ISPRS - International Archives of the Photogrammetry, Remote Sensing and Spatial Information Sciences XLIV-4/W3-2020 (November 23, 2020): 343–49. http://dx.doi.org/10.5194/isprs-archives-xliv-4-w3-2020-343-2020.

Full text
Abstract:
Abstract. In this paper, we propose a malware classification framework using transfer learning based on existing Deep Learning models that have been pre-trained on massive image datasets. In recent years there has been a significant increase in the number and variety of malwares, which amplifies the need to improve automatic detection and classification of the malwares. Nowadays, neural network methodology has reached a level that may exceed the limits of previous machine learning methods, such as Hidden Markov Models and Support Vector Machines (SVM). As a result, convolutional neural networks (CNNs) have shown superior performance compared to traditional learning techniques, specifically in tasks such as image classification. Motivated by this success, we propose a CNN-based architecture for malware classification. The malicious binary files are represented as grayscale images and a deep neural network is trained by freezing the pre-trained VGG16 layers on the ImageNet dataset and adapting the last fully connected layer to the malware family classification. Our evaluation results show that our approach is able to achieve an average of 98% accuracy for the MALIMG dataset.
APA, Harvard, Vancouver, ISO, and other styles
4

Jang, Jae-wook, and Huy Kang Kim. "Function-Oriented Mobile Malware Analysis as First Aid." Mobile Information Systems 2016 (2016): 1–11. http://dx.doi.org/10.1155/2016/6707524.

Full text
Abstract:
Recently, highly well-crafted mobile malware has arisen as mobile devices manage highly valuable and sensitive information. Currently, it is impossible to detect and prevent all malware because the amount of new malware continues to increase exponentially; malware detection methods need to improve in order to respond quickly and effectively to malware. For the quick response, revealing the main purpose or functions of captured malware is important; however, only few recent works have attempted to find malware’s main purpose. Our approach is designed to help with efficient and effective incident responses or countermeasure development by analyzing the main functions of malicious behavior. In this paper, we propose a novel method for function-oriented malware analysis approach based on analysis of suspicious API call patterns. Instead of extracting API call patterns for malware in each family, we focus on extracting such patterns for certain malicious functionalities. Our proposed method dumps memory sections where an application is allocated and extracts suspicious API sequences from bytecode by comparing with predefined suspicious API lists. By matching API call patterns with our functionality database, our method determines whether they are malicious. The experiment results demonstrate that our method performs well in detecting malware with high accuracy.
APA, Harvard, Vancouver, ISO, and other styles
5

Wang, Changguang, Ziqiu Zhao, Fangwei Wang, and Qingru Li. "A Novel Malware Detection and Family Classification Scheme for IoT Based on DEAM and DenseNet." Security and Communication Networks 2021 (January 5, 2021): 1–16. http://dx.doi.org/10.1155/2021/6658842.

Full text
Abstract:
With the rapid increase in the amount and type of malware, traditional methods of malware detection and family classification for IoT applications through static and dynamic analysis have been greatly challenged. In this paper, a new simple and effective attention module of Convolutional Neural Networks (CNNs), named as Depthwise Efficient Attention Module (DEAM), is proposed and combined with a DenseNet to propose a new malware detection and family classification model. Based on the good effect of the DenseNet in the field of image classification and the visual similarity of the malware family on images, the gray-scale image transformed from malware is input into the model combined with the DEAM and DenseNet for malware detection, and then the family classification is carried out. The DEAM is a general lightweight attention module improved based on the Convolutional Block Attention Module (CBAM), which can strengthen the attention to the characteristics of malware and improve the model effect. We use the MalImg dataset, Microsoft malware classification challenge dataset (BIG 2015), and our dataset constructed by the two above-mentioned datasets to verify the effectiveness of the proposed model in family classification and malware detection. Experimental results show that the proposed model achieves 99.3% in terms of accuracy for malware detection on our dataset and achieves 98.5% and 97.3% in terms of accuracy for family classification on the MalImg dataset and BIG 2015 dataset, respectively. The model can reliably detect IoT malware and classify its families.
APA, Harvard, Vancouver, ISO, and other styles
6

Abuthawabeh, Mohammad, and Khaled Mahmoud. "Enhanced Android Malware Detection and Family Classification, using Conversation-level Network Traffic Features." International Arab Journal of Information Technology 17, no. 4A (July 31, 2020): 607–14. http://dx.doi.org/10.34028/iajit/17/4a/4.

Full text
Abstract:
Signature-based malware detection algorithms are facing challenges to cope with the massive number of threats in the Android environment. In this paper, conversation-level network traffic features are extracted and used in a supervised-based model. This model was used to enhance the process of Android malware detection, categorization, and family classification. The model employs the ensemble learning technique in order to select the most useful features among the extracted features. A real-world dataset called CICAndMal2017 was used in this paper. The results show that Extra-trees classifier had achieved the highest weighted accuracy percentage among the other classifiers by 87.75%, 79.97%, and 66.71%for malware detection, malware categorization, and malware family classification respectively. A comparison with another study that uses the same dataset was made. This study has achieved a significant enhancement in malware family classification and malware categorization. For malware family classification, the enhancement was 39.71% for precision and 41.09% for recall. The rate of enhancement for the Android malware categorization was 30.2% and 31.14‬% for precision and recall, respectively
APA, Harvard, Vancouver, ISO, and other styles
7

Cheng, Binlin, Jinjun Liu, Jiejie Chen, Shudong Shi, Xufu Peng, Xingwen Zhang, and Haiqing Hai. "MoG: Behavior-Obfuscation Resistance Malware Detection." Computer Journal 62, no. 12 (June 4, 2019): 1734–47. http://dx.doi.org/10.1093/comjnl/bxz033.

Full text
Abstract:
Abstract Malware brings a big security threat on the Internet today. With the great increasing malware attacks. Behavior-based detection approaches are one of the major method to detect zero-day malware. Such approaches often use API calls to represent the behavior of malware. Unfortunately, behavior-based approaches suffer from behavior obfuscation attacks. In this paper, we propose a novel malware detection approach that is both effective and efficient. First, we abstract the API call to object operation. And then we generate the object operation dependency graph based on these object operations. Finally, we construct the family dependency graph for a malware family. Our approach use family dependency graph to represent the behavior of malware family. The evaluation results show that our approach can provide a complete resistance to all types of behavior obfuscation attacks, and outperforms existing behavior-based approaches in terms of better effectiveness and efficiency.
APA, Harvard, Vancouver, ISO, and other styles
8

Shao, Ke, Qiang Xiong, and Zhiming Cai. "FB2Droid: A Novel Malware Family-Based Bagging Algorithm for Android Malware Detection." Security and Communication Networks 2021 (June 19, 2021): 1–13. http://dx.doi.org/10.1155/2021/6642252.

Full text
Abstract:
As the number of Android malware applications continues to grow at a high rate, detecting malware to protect the system security and user privacy is becoming increasingly urgent. Each malware application belongs to a specific family, and there is a gap in the number of malware families. The accuracy of detection can be improved if malware family information is well utilized and certain strategies are adopted to balance the variability among samples. In addition, the performance of a base classifier is limited. If an ensemble classifier or an ensemble method can be adopted, the detection effect can be further improved. Therefore, this paper proposes a novel malware family-based bagging algorithm for Android malware detection, called FB2Droid, to perform malware detection. First, five features are extracted from the Android application package. Then, the relief feature selection algorithm is used for feature selection. Next, we designed two different sampling strategies based on different families of malware to alleviate the sample imbalance in the dataset. Combined with the two sampling strategies, the traditional bagging algorithm is improved to integrate the classifier. In the experiment, several classifiers were used to evaluate the proposed scheme. The experimental results show that the proposed sampling strategy and the improved bagging algorithm can effectively improve the detection accuracy of these classifiers.
APA, Harvard, Vancouver, ISO, and other styles
9

Alswaina, Fahad, and Khaled Elleithy. "Android Malware Family Classification and Analysis: Current Status and Future Directions." Electronics 9, no. 6 (June 5, 2020): 942. http://dx.doi.org/10.3390/electronics9060942.

Full text
Abstract:
Android receives major attention from security practitioners and researchers due to the influx number of malicious applications. For the past twelve years, Android malicious applications have been grouped into families. In the research community, detecting new malware families is a challenge. As we investigate, most of the literature reviews focus on surveying malware detection. Characterizing the malware families can improve the detection process and understand the malware patterns. For this reason, we conduct a comprehensive survey on the state-of-the-art Android malware familial detection, identification, and categorization techniques. We categorize the literature based on three dimensions: type of analysis, features, and methodologies and techniques. Furthermore, we report the datasets that are commonly used. Finally, we highlight the limitations that we identify in the literature, challenges, and future research directions regarding the Android malware family.
APA, Harvard, Vancouver, ISO, and other styles
10

Cheng, Binlin, Qiang Tong, Jianhong Wang, and Wenhui Tian. "Malware Clustering Using Family Dependency Graph." IEEE Access 7 (2019): 72267–72. http://dx.doi.org/10.1109/access.2019.2914031.

Full text
APA, Harvard, Vancouver, ISO, and other styles
11

Zhu, Xuejin, Jie Huang, Bin Wang, and Chunyang Qi. "Malware homology determination using visualized images and feature fusion." PeerJ Computer Science 7 (April 15, 2021): e494. http://dx.doi.org/10.7717/peerj-cs.494.

Full text
Abstract:
The family homology determination of malware has become a research hotspot as the number of malware variants are on the rise. However, existing studies on malware visualization only determines homology based on the global structure features of executable, which leads creators of some malware variants with the same structure intentionally set to misclassify them as the same family. We sought to develop a homology determination method using the fusion of global structure features and local fine-grained features based on malware visualization. Specifically, the global structural information of the malware executable file was converted into a bytecode image, and the opcode semantic information of the code segment was extracted by the n-gram feature model to generate an opcode image. We also propose a dual-branch convolutional neural network, which features the opcode image and bytecode image as the final family classification basis. Our results demonstrate that the accuracy and F-measure of family homology classification based on the proposed scheme are 99.05% and 98.52% accurate, respectively, which is better than the results from a single image feature or other major schemes.
APA, Harvard, Vancouver, ISO, and other styles
12

Aguilera, Luis Rojas, Eduardo Souto, and Gilbert Breves Martins. "Improving the detection of metamorphic malware through data dependency graphs indexing." Journal of Information Security and Cryptography (Enigma) 4, no. 1 (July 21, 2018): 03. http://dx.doi.org/10.17648/enigma.v4i1.65.

Full text
Abstract:
Metamorphism have been successfully used in original malicious code to the creation and proliferation of new malware instances, making them harder to detect. This work presents an approach that identifies metamorphic malware through data dependency graphs comparison. Features are extracted on data dependency graphs to build an index that is used to determine which malware family a suspicious code belongs to. Experimental results on 3045 samples of metamorphic malware showed that our proposed approach obtained accuracy rate higher than most commercial anti-malware tools.
APA, Harvard, Vancouver, ISO, and other styles
13

Ding, Chao, Nurbol Luktarhan, Bei Lu, and Wenhui Zhang. "A Hybrid Analysis-Based Approach to Android Malware Family Classification." Entropy 23, no. 8 (August 3, 2021): 1009. http://dx.doi.org/10.3390/e23081009.

Full text
Abstract:
With the popularity of Android, malware detection and family classification have also become a research focus. Many excellent methods have been proposed by previous authors, but static and dynamic analyses inevitably require complex processes. A hybrid analysis method for detecting Android malware and classifying malware families is presented in this paper, and is partially optimized for multiple-feature data. For static analysis, we use permissions and intent as static features and use three feature selection methods to form a subset of three candidate features. Compared with various models, including k-nearest neighbors and random forest, random forest is the best, with a detection rate of 95.04%, while the chi-square test is the best feature selection method. After using feature selection to explore the critical static features contained in this dataset, we analyzed a subset of important features to gain more insight into the malware. In a dynamic analysis based on network traffic, unlike those that focus on a one-way flow of traffic and work on HTTP protocols and transport layer protocols, we focused on sessions and retained protocol layers. The Res7LSTM model is then used to further classify the malicious and partially benign samples detected in the static detection. The experimental results show that our approach can not only work with fewer static features and guarantee sufficient accuracy, but also improve the detection rate of Android malware family classification from 71.48% in previous work to 99% when cutting the traffic in terms of the sessions and protocols of all layers.
APA, Harvard, Vancouver, ISO, and other styles
14

Cho, In Kyeom, and Eul Gyu Im. "Malware Family Recommendation using Multiple Sequence Alignment." Journal of KIISE 43, no. 3 (March 15, 2016): 289–95. http://dx.doi.org/10.5626/jok.2016.43.3.289.

Full text
APA, Harvard, Vancouver, ISO, and other styles
15

Dayal, Mohit, and Bharti Nagpal. "A compendious investigation of Android malware family." International Journal of Information Privacy, Security and Integrity 2, no. 4 (2016): 330. http://dx.doi.org/10.1504/ijipsi.2016.082127.

Full text
APA, Harvard, Vancouver, ISO, and other styles
16

Nagpal, Bharti, and Mohit Dayal. "A compendious investigation of Android malware family." International Journal of Information Privacy, Security and Integrity 2, no. 4 (2016): 330. http://dx.doi.org/10.1504/ijipsi.2016.10003026.

Full text
APA, Harvard, Vancouver, ISO, and other styles
17

Lee, Jehyun, Suyeon Lee, and Heejo Lee. "Screening smartphone applications using malware family signatures." Computers & Security 52 (July 2015): 234–49. http://dx.doi.org/10.1016/j.cose.2015.02.003.

Full text
APA, Harvard, Vancouver, ISO, and other styles
18

O’Shaughnessy, Stephen, and Frank Breitinger. "Malware family classification via efficient Huffman features." Forensic Science International: Digital Investigation 37 (July 2021): 301192. http://dx.doi.org/10.1016/j.fsidi.2021.301192.

Full text
APA, Harvard, Vancouver, ISO, and other styles
19

Rashed, Mohammed, and Guillermo Suarez-Tangil. "An Analysis of Android Malware Classification Services." Sensors 21, no. 16 (August 23, 2021): 5671. http://dx.doi.org/10.3390/s21165671.

Full text
Abstract:
The increasing number of Android malware forced antivirus (AV) companies to rely on automated classification techniques to determine the family and class of suspicious samples. The research community relies heavily on such labels to carry out prevalence studies of the threat ecosystem and to build datasets that are used to validate and benchmark novel detection and classification methods. In this work, we carry out an extensive study of the Android malware ecosystem by surveying white papers and reports from 6 key players in the industry, as well as 81 papers from 8 top security conferences, to understand how malware datasets are used by both. We, then, explore the limitations associated with the use of available malware classification services, namely VirusTotal (VT) engines, for determining the family of an Android sample. Using a dataset of 2.47 M Android malware samples, we find that the detection coverage of VT’s AVs is generally very low, that the percentage of samples flagged by any 2 AV engines does not go beyond 52%, and that common families between any pair of AV engines is at best 29%. We rely on clustering to determine the extent to which different AV engine pairs agree upon which samples belong to the same family (regardless of the actual family name) and find that there are discrepancies that can introduce noise in automatic label unification schemes. We also observe the usage of generic labels and inconsistencies within the labels of top AV engines, suggesting that their efforts are directed towards accurate detection rather than classification. Our results contribute to a better understanding of the limitations of using Android malware family labels as supplied by common AV engines.
APA, Harvard, Vancouver, ISO, and other styles
20

Wang, Chenyue, Linlin Zhang, Kai Zhao, Xuhui Ding, and Xusheng Wang. "AdvAndMal: Adversarial Training for Android Malware Detection and Family Classification." Symmetry 13, no. 6 (June 17, 2021): 1081. http://dx.doi.org/10.3390/sym13061081.

Full text
Abstract:
In recent years, Android malware has continued to evolve against detection technologies, becoming more concealed and harmful, making it difficult for existing models to resist adversarial sample attacks. At the current stage, the detection result is no longer the only criterion for evaluating the pros and cons of the model with its algorithms, it is also vital to take the model’s defensive ability against adversarial samples into consideration. In this study, we propose a general framework named AdvAndMal, which consists of a two-layer network for adversarial training to generate adversarial samples and improve the effectiveness of the classifiers in Android malware detection and family classification. The adversarial sample generation layer is composed of a conditional generative adversarial network called pix2pix, which can generate malware variants to extend the classifiers’ training set, and the malware classification layer is trained by RGB image visualized from the sequence of system calls. To evaluate the adversarial training effect of the framework, we propose the robustness coefficient, a symmetric interval i = [−1, 1], and conduct controlled experiments on the dataset to measure the robustness of the overall framework for the adversarial training. Experimental results on 12 families with the largest number of samples in the Drebin dataset show that the accuracy of the overall framework is increased from 0.976 to 0.989, and its robustness coefficient is increased from 0.857 to 0.917, which proves the effectiveness of the adversarial training method.
APA, Harvard, Vancouver, ISO, and other styles
21

Chae, Dong-Kyu, Sung-Jun Park, Eujeanne Kim, Jiwon Hong, and Sang-Wook Kim. "Identifying the Author Group of Malwares through Graph Embedding and Human-in-the-Loop Classification." Applied Sciences 11, no. 14 (July 20, 2021): 6640. http://dx.doi.org/10.3390/app11146640.

Full text
Abstract:
Malware are developed for various types of malicious attacks, e.g., to gain access to a user’s private information or control of the computer system. The identification and classification of malware has been extensively studied in academic societies and many companies. Beyond the traditional research areas in this field, including malware detection, malware propagation analysis, and malware family clustering, this paper focuses on identifying the “author group” of a given malware as a means of effective detection and prevention of further malware threats, along with providing evidence for proper legal action. Our framework consists of a malware-feature bipartite graph construction, malware embedding based on DeepWalk, and classification of the target malware based on the k-nearest neighbors (KNN) classification. However, our KNN classifier often faced ambiguous cases, where it should say “I don’t know” rather than attempting to predict something with a high risk of misclassification. Therefore, our framework allows human experts to intervene in the process of classification for the final decision. We also developed a graphical user interface that provides the points of ambiguity for helping human experts to effectively determine the author group of the target malware. We demonstrated the effectiveness of our human-in-the-loop classification framework via extensive experiments using real-world malware data.
APA, Harvard, Vancouver, ISO, and other styles
22

Bai, Jinrong, Qibin Shi, and Shiguang Mu. "A Malware and Variant Detection Method Using Function Call Graph Isomorphism." Security and Communication Networks 2019 (September 22, 2019): 1–12. http://dx.doi.org/10.1155/2019/1043794.

Full text
Abstract:
The huge influx of malware variants are generated using packing and obfuscating techniques. Current antivirus software use byte signature to identify known malware, and this method is easy to be deceived and generally ineffective for identifying malware variants. Antivirus experts use hash signature to verify if captured sample is one of the malware databases, and this method cannot recognize malware variants whose hash signatures have changed completely. Function call graph is a high-level abstraction representation of a program and more stable and resilient than byte or hash signature. In this paper, function call graph is used as signature of a program, and two kinds of graph isomorphism algorithms are employed to identify known malware and its variants. Four experiments are designed to evaluate the performance of the proposed method. Experimental results indicate that the proposed method is effective and efficient for identifying known malware and a portion of their variants. The proposed method can also be used to index and locate a large-scale malware database and group malware to the corresponding family.
APA, Harvard, Vancouver, ISO, and other styles
23

Jang, Sejun, Shuyu Li, and Yunsick Sung. "FastText-Based Local Feature Visualization Algorithm for Merged Image-Based Malware Classification Framework for Cyber Security and Cyber Defense." Mathematics 8, no. 3 (March 24, 2020): 460. http://dx.doi.org/10.3390/math8030460.

Full text
Abstract:
The importance of cybersecurity has recently been increasing. A malware coder writes malware into normal executable files. A computer is more likely to be infected by malware when users have easy access to various executables. Malware is considered as the starting point for cyber-attacks; thus, the timely detection, classification and blocking of malware are important. Malware visualization is a method for detecting or classifying malware. A global image is visualized through binaries extracted from malware. The overall structure and behavior of malware are considered when global images are utilized. However, the visualization of obfuscated malware is tough, owing to the difficulties encountered when extracting local features. This paper proposes a merged image-based malware classification framework that includes local feature visualization, global image-based local feature visualization, and global and local image merging methods. This study introduces a fastText-based local feature visualization method: First, local features such as opcodes and API function names are extracted from the malware; second, important local features in each malware family are selected via the term frequency inverse document frequency algorithm; third, the fastText model embeds the selected local features; finally, the embedded local features are visualized through a normalization process. Malware classification based on the proposed method using the Microsoft Malware Classification Challenge dataset was experimentally verified. The accuracy of the proposed method was approximately 99.65%, which is 2.18% higher than that of another contemporary global image-based approach.
APA, Harvard, Vancouver, ISO, and other styles
24

Catak, Ferhat Ozgur, Ahmet Faruk Yazı, Ogerta Elezaj, and Javed Ahmed. "Deep learning based Sequential model for malware analysis using Windows exe API Calls." PeerJ Computer Science 6 (July 27, 2020): e285. http://dx.doi.org/10.7717/peerj-cs.285.

Full text
Abstract:
Malware development has seen diversity in terms of architecture and features. This advancement in the competencies of malware poses a severe threat and opens new research dimensions in malware detection. This study is focused on metamorphic malware, which is the most advanced member of the malware family. It is quite impossible for anti-virus applications using traditional signature-based methods to detect metamorphic malware, which makes it difficult to classify this type of malware accordingly. Recent research literature about malware detection and classification discusses this issue related to malware behavior. The main goal of this paper is to develop a classification method according to malware types by taking into consideration the behavior of malware. We started this research by developing a new dataset containing API calls made on the windows operating system, which represents the behavior of malicious software. The types of malicious malware included in the dataset are Adware, Backdoor, Downloader, Dropper, spyware, Trojan, Virus, and Worm. The classification method used in this study is LSTM (Long Short-Term Memory), which is a widely used classification method in sequential data. The results obtained by the classifier demonstrate accuracy up to 95% with 0.83 $F_1$-score, which is quite satisfactory. We also run our experiments with binary and multi-class malware datasets to show the classification performance of the LSTM model. Another significant contribution of this research paper is the development of a new dataset for Windows operating systems based on API calls. To the best of our knowledge, there is no such dataset available before our research. The availability of our dataset on GitHub facilitates the research community in the domain of malware detection to benefit and make a further contribution to this domain.
APA, Harvard, Vancouver, ISO, and other styles
25

Black, Paul, Iqbal Gondal, Peter Vamplew, and Arun Lakhotia. "Function Similarity Using Family Context." Electronics 9, no. 7 (July 17, 2020): 1163. http://dx.doi.org/10.3390/electronics9071163.

Full text
Abstract:
Finding changed and similar functions between a pair of binaries is an important problem in malware attribution and for the identification of new malware capabilities. This paper presents a new technique called Function Similarity using Family Context (FSFC) for this problem. FSFC trains a Support Vector Machine (SVM) model using pairs of similar functions from two program variants. This method improves upon previous research called Cross Version Contextual Function Similarity (CVCFS) e epresenting a function using features extracted not just from the function itself, but also, from other functions with which it has a caller and callee relationship. We present the results of an initial experiment that shows that the use of additional features from the context of a function significantly decreases the false positive rate, obviating the need for a separate pass for cleaning false positives. The more surprising and unexpected finding is that the SVM model produced by FSFC can abstract function similarity features from one pair of program variants to find similar functions in an unrelated pair of program variants. If validated by a larger study, this new property leads to the possibility of creating generic similar function classifiers that can be packaged and distributed in reverse engineering tools such as IDA Pro and Ghidra.
APA, Harvard, Vancouver, ISO, and other styles
26

Ding, Yuxin, Xiaoling Xia, Sheng Chen, and Ye Li. "A malware detection method based on family behavior graph." Computers & Security 73 (March 2018): 73–86. http://dx.doi.org/10.1016/j.cose.2017.10.007.

Full text
APA, Harvard, Vancouver, ISO, and other styles
27

Kim, Heejin, Kyuho Kim, Ming Jin, and Jiman Hong. "Android Malware Family Classification based on Weighted Majority Voting." KIISE Transactions on Computing Practices 27, no. 2 (February 28, 2021): 116–21. http://dx.doi.org/10.5626/ktcp.2021.27.2.116.

Full text
APA, Harvard, Vancouver, ISO, and other styles
28

Gupta, Charu, Rakesh Kumar Singh, Simran Kaur Bhatia, and Amar Kumar Mohapatra. "DecaDroid Classification and Characterization of Malicious Behaviour in Android Applications." International Journal of Information Security and Privacy 14, no. 4 (October 2020): 57–73. http://dx.doi.org/10.4018/ijisp.2020100104.

Full text
Abstract:
Widespread use of Android-based applications on the smartphones has resulted in significant growth of security attack incidents. Malware-based attacks are the most common attacks on Android-based smartphones. To forestall malware from attacking the users, a much better understanding of Android malware and its behaviour is required. In this article, an approach to classify and characterise the malicious behaviour of Android applications using static features, data flow analysis, and machine learning techniques has been proposed. Static features like hardware components, permissions, Android components and inter-component communication along with unique source-sink pairs obtained from data flow analysis have been used to extract the features of the Android applications. Based on the features extracted, the malicious behaviour of the applications has been classified to their respective malware family. The proposed approach has given 95.19% accuracy rate and F1 measure of 92.19302 with the largest number of malware families classified as compared to previous work.
APA, Harvard, Vancouver, ISO, and other styles
29

Han, KyoungSoo, BooJoong Kang, and Eul Gyu Im. "Malware Analysis Using Visualized Image Matrices." Scientific World Journal 2014 (2014): 1–15. http://dx.doi.org/10.1155/2014/132713.

Full text
Abstract:
This paper proposes a novel malware visual analysis method that contains not only a visualization method to convert binary files into images, but also a similarity calculation method between these images. The proposed method generates RGB-colored pixels on image matrices using the opcode sequences extracted from malware samples and calculates the similarities for the image matrices. Particularly, our proposed methods are available for packed malware samples by applying them to the execution traces extracted through dynamic analysis. When the images are generated, we can reduce the overheads by extracting the opcode sequences only from the blocks that include the instructions related to staple behaviors such as functions and application programming interface (API) calls. In addition, we propose a technique that generates a representative image for each malware family in order to reduce the number of comparisons for the classification of unknown samples and the colored pixel information in the image matrices is used to calculate the similarities between the images. Our experimental results show that the image matrices of malware can effectively be used to classify malware families both statically and dynamically with accuracy of 0.9896 and 0.9732, respectively.
APA, Harvard, Vancouver, ISO, and other styles
30

Massarelli, Luca, Leonardo Aniello, Claudio Ciccotelli, Leonardo Querzoni, Daniele Ucci, and Roberto Baldoni. "AndroDFA: Android Malware Classification Based on Resource Consumption." Information 11, no. 6 (June 16, 2020): 326. http://dx.doi.org/10.3390/info11060326.

Full text
Abstract:
The vast majority of today’s mobile malware targets Android devices. An important task of malware analysis is the classification of malicious samples into known families. In this paper, we propose AndroDFA (DFA, detrended fluctuation analysis): an approach to Android malware family classification based on dynamic analysis of resource consumption metrics available from the proc file system. These metrics can be easily measured during sample execution. From each malware, we extract features through detrended fluctuation analysis (DFA) and Pearson’s correlation, then a support vector machine is employed to classify malware into families. We provide an experimental evaluation based on malware samples from two datasets, namely Drebin and AMD. With the Drebin dataset, we obtained a classification accuracy of 82%, comparable with works from the state-of-the-art like DroidScribe. However, compared to DroidScribe, our approach is easier to reproduce because it is based on publicly available tools only, does not require any modification to the emulated environment or Android OS, and by design, can also be used on physical devices rather than exclusively on emulators. The latter is a key factor because modern mobile malware can detect the emulated environment and hide its malicious behavior. The experiments on the AMD dataset gave similar results, with an overall mean accuracy of 78%. Furthermore, we made the software we developed publicly available, to ease the reproducibility of our results.
APA, Harvard, Vancouver, ISO, and other styles
31

Catak, Ferhat Ozgur, Javed Ahmed, Kevser Sahinbas, and Zahid Hussain Khand. "Data augmentation based malware detection using convolutional neural networks." PeerJ Computer Science 7 (January 22, 2021): e346. http://dx.doi.org/10.7717/peerj-cs.346.

Full text
Abstract:
Due to advancements in malware competencies, cyber-attacks have been broadly observed in the digital world. Cyber-attacks can hit an organization hard by causing several damages such as data breach, financial loss, and reputation loss. Some of the most prominent examples of ransomware attacks in history are WannaCry and Petya, which impacted companies’ finances throughout the globe. Both WannaCry and Petya caused operational processes inoperable by targeting critical infrastructure. It is quite impossible for anti-virus applications using traditional signature-based methods to detect this type of malware because they have different characteristics on each contaminated computer. The most important feature of this type of malware is that they change their contents using their mutation engines to create another hash representation of the executable file as they propagate from one computer to another. To overcome this method that attackers use to camouflage malware, we have created three-channel image files of malicious software. Attackers make different variants of the same software because they modify the contents of the malware. In the solution to this problem, we created variants of the images by applying data augmentation methods. This article aims to provide an image augmentation enhanced deep convolutional neural network (CNN) models for detecting malware families in a metamorphic malware environment. The main contributions of the article consist of three components, including image generation from malware samples, image augmentation, and the last one is classifying the malware families by using a CNN model. In the first component, the collected malware samples are converted into binary file to 3-channel images using the windowing technique. The second component of the system create the augmented version of the images, and the last part builds a classification model. This study uses five different deep CNN model for malware family detection. The results obtained by the classifier demonstrate accuracy up to 98%, which is quite satisfactory.
APA, Harvard, Vancouver, ISO, and other styles
32

Bagui, Sikha, and Daniel Benson. "Android Adware Detection Using Machine Learning." International Journal of Cyber Research and Education 3, no. 2 (July 2021): 1–19. http://dx.doi.org/10.4018/ijcre.2021070101.

Full text
Abstract:
Adware, an advertising-supported software, becomes a type of malware when it automatically delivers unwanted advertisements to an infected device, steals user information, and opens other vulnerabilities that allow other malware and adware to be installed. With the rise of more and complex evasive malware, specifically adware, better methods of detecting adware are required. Though a lot of work has been done on malware detection in general, very little focus has been put on the adware family. The novelty of this paper lies in analyzing the individual adware families. To date, no work has been done on analyzing the individual adware families. In this paper, using the CICAndMal2017 dataset, feature selection is performed using information gain, and classification is performed using machine learning. The best attributes for classification of each of the individual adware families using network traffic samples are presented. The results present an average classification rate that is an improvement over previous works for classification of individual adware families.
APA, Harvard, Vancouver, ISO, and other styles
33

Parmuval, Poonam, Mosin Hasan, and Samip Patel. "Malware Family Detection Approach using Image Processing Techniques: Visualization Technique." International Journal of Computer Applications Technology and Research 07, no. 03 (March 25, 2018): 129–32. http://dx.doi.org/10.7753/ijcatr0703.1004.

Full text
APA, Harvard, Vancouver, ISO, and other styles
34

Choi, Changhee, Kyeongsik Lee, Hwaseong Lee, Ilhoon Jeong, and Hosang Yun. "Malware Family Classification Based on Novel Features from Frequency Analysis." International Journal of Computer Theory and Engineering 10, no. 4 (2018): 135–38. http://dx.doi.org/10.7763/ijcte.2018.v10.1214.

Full text
APA, Harvard, Vancouver, ISO, and other styles
35

Dhalaria, Meghna, and Ekta Gandotra. "A Hybrid Approach for Android Malware Detection and Family Classification." International Journal of Interactive Multimedia and Artificial Intelligence In Press, In Press (2020): 1. http://dx.doi.org/10.9781/ijimai.2020.09.001.

Full text
APA, Harvard, Vancouver, ISO, and other styles
36

Garcia, Joshua, Mahmoud Hammad, and Sam Malek. "Lightweight, Obfuscation-Resilient Detection and Family Identification of Android Malware." ACM Transactions on Software Engineering and Methodology 26, no. 3 (January 12, 2018): 1–29. http://dx.doi.org/10.1145/3162625.

Full text
APA, Harvard, Vancouver, ISO, and other styles
37

Bolton, Alexander D., and Nicholas A. Heard. "Malware Family Discovery Using Reversible Jump MCMC Sampling of Regimes." Journal of the American Statistical Association 113, no. 524 (July 11, 2018): 1490–502. http://dx.doi.org/10.1080/01621459.2018.1423984.

Full text
APA, Harvard, Vancouver, ISO, and other styles
38

Kang, Munyeong, Seonghyun Park, Jihyeon Park, Seong-je Cho, and Minkyu Park. "Image-based Android Malware Family Classification Using Convolutional Neural Network." KIISE Transactions on Computing Practices 27, no. 4 (April 30, 2021): 189–97. http://dx.doi.org/10.5626/ktcp.2021.27.4.189.

Full text
APA, Harvard, Vancouver, ISO, and other styles
39

Moshood Abiola, Alogba, and Mohd Fadzli Marhusin. "Signature-Based Malware Detection Using Sequences of N-grams." International Journal of Engineering & Technology 7, no. 4.15 (October 7, 2018): 120. http://dx.doi.org/10.14419/ijet.v7i4.15.21432.

Full text
Abstract:
The focus of our study is on one set of malware family known as Brontok worms. These worms have long been a huge burden to most Windows-based user platforms. A prototype of the antivirus was able to scan files and accurately detect any traces of the Brontok malware signatures in the scanned files. In this study, we developed a detection model by extracting the signatures of the Brontok worms and used an n-gram technique to break down the signatures. This process makes the task to remove redundancies between the signatures of the different types of Brontok malware easier. Hence, it was used in this study to accurately differentiate between the signatures of both malicious and normal files. During the experiment, we have successfully detected the presence of Brontok worms while correctly identifying the benign ones. The techniques employed in the experiment provided some insight on creating a good signature-based detector, which could be used to create a more credible solution that eliminates any threats of old malware that may resurface in the future.
APA, Harvard, Vancouver, ISO, and other styles
40

Zhao, Yanjie, Li Li, Haoyu Wang, Haipeng Cai, Tegawendé F. Bissyandé, Jacques Klein, and John Grundy. "On the Impact of Sample Duplication in Machine-Learning-Based Android Malware Detection." ACM Transactions on Software Engineering and Methodology 30, no. 3 (May 2021): 1–38. http://dx.doi.org/10.1145/3446905.

Full text
Abstract:
Malware detection at scale in the Android realm is often carried out using machine learning techniques. State-of-the-art approaches such as DREBIN and MaMaDroid are reported to yield high detection rates when assessed against well-known datasets. Unfortunately, such datasets may include a large portion of duplicated samples, which may bias recorded experimental results and insights. In this article, we perform extensive experiments to measure the performance gap that occurs when datasets are de-duplicated. Our experimental results reveal that duplication in published datasets has a limited impact on supervised malware classification models. This observation contrasts with the finding of Allamanis on the general case of machine learning bias for big code. Our experiments, however, show that sample duplication more substantially affects unsupervised learning models (e.g., malware family clustering). Nevertheless, we argue that our fellow researchers and practitioners should always take sample duplication into consideration when performing machine-learning-based (via either supervised or unsupervised learning) Android malware detections, no matter how significant the impact might be.
APA, Harvard, Vancouver, ISO, and other styles
41

Calleja, Alejandro, Alejandro Martín, Héctor D. Menéndez, Juan Tapiador, and David Clark. "Picking on the family: Disrupting android malware triage by forcing misclassification." Expert Systems with Applications 95 (April 2018): 113–26. http://dx.doi.org/10.1016/j.eswa.2017.11.032.

Full text
APA, Harvard, Vancouver, ISO, and other styles
42

Atzeni, Andrea, Fernando Diaz, Andrea Marcelli, Antonio Sanchez, Giovanni Squillero, and Alberto Tonda. "Countering Android Malware: A Scalable Semi-Supervised Approach for Family-Signature Generation." IEEE Access 6 (2018): 59540–56. http://dx.doi.org/10.1109/access.2018.2874502.

Full text
APA, Harvard, Vancouver, ISO, and other styles
43

Zhang, Li, Vrizlynn L. L. Thing, and Yao Cheng. "A scalable and extensible framework for android malware detection and family attribution." Computers & Security 80 (January 2019): 120–33. http://dx.doi.org/10.1016/j.cose.2018.10.001.

Full text
APA, Harvard, Vancouver, ISO, and other styles
44

Iadarola, Giacomo, Fabio Martinelli, Francesco Mercaldo, and Antonella Santone. "Towards an interpretable deep learning model for mobile malware detection and family identification." Computers & Security 105 (June 2021): 102198. http://dx.doi.org/10.1016/j.cose.2021.102198.

Full text
APA, Harvard, Vancouver, ISO, and other styles
45

Dib, Mirabelle, Sadegh Torabi, Elias Bou-Harb, and Chadi Assi. "A Multi-Dimensional Deep Learning Framework for IoT Malware Classification and Family Attribution." IEEE Transactions on Network and Service Management 18, no. 2 (June 2021): 1165–77. http://dx.doi.org/10.1109/tnsm.2021.3075315.

Full text
APA, Harvard, Vancouver, ISO, and other styles
46

Wu, Qing, Miaomiao Li, Xueling Zhu, and Bo Liu. "MVIIDroid: A Multiple View Information Integration Approach for Android Malware Detection and Family Identification." IEEE MultiMedia 27, no. 4 (October 1, 2020): 48–57. http://dx.doi.org/10.1109/mmul.2020.3022702.

Full text
APA, Harvard, Vancouver, ISO, and other styles
47

Kelarev, Andrei, John Yearwood, and Paul Watters. "INTERNET SECURITY APPLICATIONS OF GRÖBNER-SHIRSHOV BASES." Asian-European Journal of Mathematics 03, no. 03 (September 2010): 435–42. http://dx.doi.org/10.1142/s1793557110000283.

Full text
Abstract:
This article is motivated by internet security applications of multiple classifiers designed for the detection of malware. Following a standard approach in data mining, Dazeley et al. (Asian-European J. Math. 2 (2009)(1) 41–56) used Gröbner-Shirshov bases to define a family of multiple classifiers and develop an algorithm optimizing their properties.The present article complements and strengthens these results. We consider a broader construction of classifiers and develop a new and more general algorithm for the optimization of their essential properties.
APA, Harvard, Vancouver, ISO, and other styles
48

Wang, Peng, Zhijie Tang, and Junfeng Wang. "A novel few-shot malware classification approach for unknown family recognition with multi-prototype modeling." Computers & Security 106 (July 2021): 102273. http://dx.doi.org/10.1016/j.cose.2021.102273.

Full text
APA, Harvard, Vancouver, ISO, and other styles
49

O., Amusan, Thompson A. F., Aderinola T. B., and Alese B. K. "Modelling Malicious Attack in Social Networks." Network and Communication Technologies 5, no. 1 (February 6, 2020): 37. http://dx.doi.org/10.5539/nct.v5n1p37.

Full text
Abstract:
Online Social Networks (OSNs) are based on actual trust relationships in environments which help people communicate with friends, family and acquaintances. Malicious individuals take advantage of this trust relationship to propagate malware through social networks. We study the dynamics of malware propagation among OSN users. Social networks users are referred to as nodes which is in two compartments: Healthy (H), or Infected (I). A H node could either be susceptible to infection (S) or removed (R). Simulations were carried out in R using the EpiModel network simulation package. Two networks were simulated thrice with different parameters to give better average values. Two categories of nodes, first category comprises of 3000 nodes with fewer connections and the second category comprising of 7000 nodes are the influential nodes with more connections. The larger network tends to have a higher fraction of nodes getting infected per unit time due to the high level of connectivity, as opposed to the small network where the number of connections is few. However, the infection tends to persist in the network as long as the birth rate is not equal to zero.
APA, Harvard, Vancouver, ISO, and other styles
50

Čeponis, Dainius, and Nikolaj Goranin. "Evaluation of Deep Learning Methods Efficiency for Malicious and Benign System Calls Classification on the AWSCTD." Security and Communication Networks 2019 (November 11, 2019): 1–12. http://dx.doi.org/10.1155/2019/2317976.

Full text
Abstract:
The increasing amount of malware and cyberattacks on a host level increases the need for a reliable anomaly-based host IDS (HIDS) that would be able to deal with zero-day attacks and would ensure low false alarm rate (FAR), which is critical for the detection of such activity. Deep learning methods such as convolutional neural networks (CNNs) and recurrent neural networks (RNNs) are considered to be highly suitable for solving data-driven security solutions. Therefore, it is necessary to perform the comparative analysis of such methods in order to evaluate their efficiency in attack classification as well as their ability to distinguish malicious and benign activity. In this article, we present the results achieved with the AWSCTD (attack-caused Windows OS system calls traces dataset), which can be considered as the most exhaustive set of host-level anomalies at the moment, including 112.56 million system calls from 12110 executable malware samples and 3145 benign software samples with 16.3 million system calls. The best results were obtained with CNNs with up to 90.0% accuracy for family classification and 95.0% accuracy for malicious/benign determination. RNNs demonstrated slightly inferior results. Furthermore, CNN tuning via an increase in the number of layers should make them practically applicable for host-level anomaly detection.
APA, Harvard, Vancouver, ISO, and other styles
We offer discounts on all premium plans for authors whose works are included in thematic literature selections. Contact us to get a unique promo code!

To the bibliography