Study on Malicious Code Behavior Detection Using Windows Filter Driver and API Call Sequence

: Security is one of the important concern in both types of the network. The network may be wired or wireless. In case of wireless network security provisioning is more difficult in comparison to wired network. Wireless Sensor Network (WSN) is also a type of wireless network. And due to resource constraints WSN is vulnerable against malware attacks. Initially, the malware (virus, worm, malicious code, etc.) targets a single node of WSN for attack. When a node of WSN gets infected then automatically start to spread in the network. If nodes are strongly correlated the malware spreads quickly in the network. On the other hand, if nodes are weakly correlated the speed of malware spread is slow. A mathematical model is proposed for the study of malware propagation dynamics in WSN with combination of spatial correlation and epidemic theory. This model is based on epidemic theory with spatial correlation. The proposed model is Susceptible-Exposed-Infectious-Recover-Dead (SEIRD) with spatial correlation. We deduced the expression of basic reproduction number. It helps in the study of malware propagation dynamics in WSN. The stability analysis of the network has been investigated through proposed model. This model also helps in reduction of redundant information and saving of sensor nodes’ energy in WSN. The theoretical investigation verified by simulation results. A spatial correlation based epidemic model has been formulated for the study of dynamic behaviour of malware attacks in WSN.

Download Full-text

User Abnormal Viewing Behavior Detection Method Based On Canopy-FCM and Improved Isolation Forest Algorithm

Journal of Physics Conference Series ◽

10.1088/1742-6596/1792/1/012057 ◽

2021 ◽

Vol 1792 (1) ◽

pp. 012057

Author(s):

Yu Wu ◽

Huiyong Liu

Keyword(s):

Detection Method ◽

Behavior Detection ◽

Isolation Forest

Download Full-text

Malware Detection Based on Code Visualization and Two-Level Classification

Information ◽

10.3390/info12030118 ◽

2021 ◽

Vol 12 (3) ◽

pp. 118

Author(s):

Vassilios Moussas ◽

Antonios Andreatos

Keyword(s):

Web Applications ◽

Detection System ◽

Malware Detection ◽

Image Features ◽

Malicious Code ◽

Malware Analysis ◽

Malicious Software ◽

Antivirus Software ◽

Malware Classification ◽

Artificial Neural Network Ann

Malware creators generate new malicious software samples by making minor changes in previously generated code, in order to reuse malicious code, as well as to go unnoticed from signature-based antivirus software. As a result, various families of variations of the same initial code exist today. Visualization of compiled executables for malware analysis has been proposed several years ago. Visualization can greatly assist malware classification and requires neither disassembly nor code execution. Moreover, new variations of known malware families are instantly detected, in contrast to traditional signature-based antivirus software. This paper addresses the problem of identifying variations of existing malware visualized as images. A new malware detection system based on a two-level Artificial Neural Network (ANN) is proposed. The classification is based on file and image features. The proposed system is tested on the ‘Malimg’ dataset consisting of the visual representation of well-known malware families. From this set some important image features are extracted. Based on these features, the ANN is trained. Then, this ANN is used to detect and classify other samples of the dataset. Malware families creating a confusion are classified by a second level of ANNs. The proposed two-level ANN method excels in simplicity, accuracy, and speed; it is easy to implement and fast to run, thus it can be applied to antivirus software, smart firewalls, web applications, etc.

Download Full-text

Motion-shape-based deep learning approach for divergence behavior detection in high-density crowd

The Visual Computer ◽

10.1007/s00371-021-02088-4 ◽

2021 ◽

Author(s):

Muhammad Umer Farooq ◽

Mohamad Naufal M. Saad ◽

Sultan Daud Khan

Keyword(s):

Deep Learning ◽

High Density ◽

Learning Approach ◽

Behavior Detection

Download Full-text

Automatic Malicious Code Classification System through Static Analysis Using Machine Learning

Symmetry ◽

10.3390/sym13010035 ◽

2020 ◽

Vol 13 (1) ◽

pp. 35

Author(s):

Sungjoong Kim ◽

Seongkyu Yeom ◽

Haengrok Oh ◽

Dongil Shin ◽

Dongkyoo Shin

Keyword(s):

Machine Learning ◽

Static Analysis ◽

Information And Communication Technology ◽

Communication Technology ◽

Classification System ◽

Daily Life ◽

Malicious Code ◽

Access To Information ◽

Analysis Method ◽

Information And Communication

The development of information and communication technology (ICT) is making daily life more convenient by allowing access to information at anytime and anywhere and by improving the efficiency of organizations. Unfortunately, malicious code is also proliferating and becoming increasingly complex and sophisticated. In fact, even novices can now easily create it using hacking tools, which is causing it to increase and spread exponentially. It has become difficult for humans to respond to such a surge. As a result, many studies have pursued methods to automatically analyze and classify malicious code. There are currently two methods for analyzing it: a dynamic analysis method that executes the program directly and confirms the execution result, and a static analysis method that analyzes the program without executing it. This paper proposes a static analysis automation technique for malicious code that uses machine learning. This classification system was designed by combining a method for classifying malicious code using a portable executable (PE) structure and a method for classifying it using a PE structure. The system has 98.77% accuracy when classifying normal and malicious files. The proposed system can be used to classify various types of malware from PE files to shell code.

Download Full-text