An API Semantics-Aware Malware Detection Method Based on Deep Learning

The explosive growth of malware variants poses a continuously and deeply evolving challenge to information security. Traditional malware detection methods require a lot of manpower. However, machine learning has played an important role on malware classification and detection, and it is easily spoofed by malware disguising to be benign software by employing self-protection techniques, which leads to poor performance for existing techniques based on the machine learning method. In this paper, we analyze the local maliciousness about malware and implement an anti-interference detection framework based on API fragments, which uses the LSTM model to classify API fragments and employs ensemble learning to determine the final result of the entire API sequence. We present our experimental results on Ali-Tianchi contest API databases. By comparing with the experiments of some common methods, it is proved that our method based on local maliciousness has better performance, which is a higher accuracy rate of 0.9734.

Download Full-text

Dynamic detection of mobile malware using smartphone data and machine learning

Digital Threats: Research and Practice ◽

10.1145/3484246 ◽

2021 ◽

Author(s):

Sebastian Panman de Wit ◽

Doina Bucur ◽

Jeroen van der Ham

Keyword(s):

Machine Learning ◽

Malware Detection ◽

Real Life ◽

Detection Methods ◽

Nearest Neighbour ◽

Dynamic Features ◽

Machine Learning Classifiers ◽

Cpu Usage ◽

Mobile Malware ◽

Mobile Malware Detection

Mobile malware are malicious programs that target mobile devices. They are an increasing problem, as seen in the rise of detected mobile malware samples per year. The number of active smartphone users is expected to grow, stressing the importance of research on the detection of mobile malware. Detection methods for mobile malware exist but are still limited. In this paper, we propose dynamic malware-detection methods that use device information such as the CPU usage, battery usage, and memory usage for the detection of 10 subtypes of Mobile Trojans on the Android Operating System (OS). We use a real-life sensor dataset containing device and malware data from 47 users for a year (2016) to create multiple mobile malware detection methods. We examine which features, i.e. aspects, of a device, are most important to monitor to detect (subtypes of) Mobile Trojans. The focus of this paper is on dynamic hardware features. Using these dynamic features we apply the following machine learning classifiers: Random Forest, K-Nearest Neighbour, and AdaBoost.

Download Full-text

Survey on Mobile Malware Analysis and Detection

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i2.32.15584 ◽

2018 ◽

Vol 7 (2.32) ◽

pp. 279 ◽

Cited By ~ 1

Author(s):

K Swetha ◽

K V.D.Kiran

Keyword(s):

Mobile Phones ◽

Malware Detection ◽

Detection Methods ◽

Classification Algorithms ◽

Malware Analysis ◽

Consistent System ◽

Malware Classification ◽

Mobile Malware

The amazing advances of mobile phones enable their wide utilize. Since mobiles are joined with pariah applications, bundles of security and insurance issues are incited. But, current mobile malware analysis and detection advances are as yet flawed, incapable, and incomprehensive. On account of particular qualities of mobiles such as constrained assets, user action and neighborhood correspondence ability, consistent system network, versatile malware detection faces new difficulties, particularly on remarkable runtime malware area. This paper provides overview on malware classification, methodologies of assessment, analysis and on and off device detection methods on android. The work mainly focuses on different classification algorithms which are used as a part of dynamic malware detection on android.

Download Full-text

Permission Sensitivity-Based Malicious Application Detection for Android

Security and Communication Networks ◽

10.1155/2021/6689486 ◽

2021 ◽

Vol 2021 ◽

pp. 1-12

Author(s):

Yubo Song ◽

Yijin Geng ◽

Junbo Wang ◽

Shang Gao ◽

Wei Shi

Keyword(s):

Detection Method ◽

Malware Detection ◽

Feature Selection Method ◽

Machine Learning Algorithms ◽

Detection Methods ◽

Detection Accuracy ◽

Android Malware ◽

Android Malware Detection ◽

Private Data ◽

Weight Allocation

Since a growing number of malicious applications attempt to steal users’ private data by illegally invoking permissions, application stores have carried out many malware detection methods based on application permissions. However, most of them ignore specific permission combinations and application categories that affect the detection accuracy. The features they extracted are neither representative enough to distinguish benign and malicious applications. For these problems, an Android malware detection method based on permission sensitivity is proposed. First, for each kind of application categories, the permission features and permission combination features are extracted. The sensitive permission feature set corresponding to each category label is then obtained by the feature selection method based on permission sensitivity. In the following step, the permission call situation of the application to be detected is compared with the sensitive permission feature set, and the weight allocation method is used to quantify this information into numerical features. In the proposed method of malicious application detection, three machine-learning algorithms are selected to construct the classifier model and optimize the parameters. Compared with traditional methods, the proposed method consumed 60.94% less time while still achieving high accuracy of up to 92.17%.

Download Full-text

An Android Behavior-Based Malware Detection Method using Machine Learning

2016 IEEE International Conference on Signal Processing, Communications and Computing (ICSPCC) ◽

10.1109/icspcc.2016.7753624 ◽

2016 ◽

Cited By ~ 1

Author(s):

Wei-Ling Chang ◽

Hung-Min Sun ◽

Wei Wu

Keyword(s):

Machine Learning ◽

Detection Method ◽

Malware Detection ◽

Behavior Based

Download Full-text

MALGRA: Machine Learning and N-Gram Malware Feature Extraction and Detection System

Electronics ◽

10.3390/electronics9111777 ◽

2020 ◽

Vol 9 (11) ◽

pp. 1777

Author(s):

Muhammad Ali ◽

Stavros Shiaeles ◽

Gueltoum Bendiab ◽

Bogdan Ghita

Keyword(s):

Machine Learning ◽

Learning Algorithm ◽

Detection System ◽

Malware Detection ◽

Machine Learning Algorithms ◽

Supervised Machine Learning ◽

Detection Methods ◽

Normal Operation ◽

Analysis Technique ◽

N Gram

Detection and mitigation of modern malware are critical for the normal operation of an organisation. Traditional defence mechanisms are becoming increasingly ineffective due to the techniques used by attackers such as code obfuscation, metamorphism, and polymorphism, which strengthen the resilience of malware. In this context, the development of adaptive, more effective malware detection methods has been identified as an urgent requirement for protecting the IT infrastructure against such threats, and for ensuring security. In this paper, we investigate an alternative method for malware detection that is based on N-grams and machine learning. We use a dynamic analysis technique to extract an Indicator of Compromise (IOC) for malicious files, which are represented using N-grams. The paper also proposes TF-IDF as a novel alternative used to identify the most significant N-grams features for training a machine learning algorithm. Finally, the paper evaluates the proposed technique using various supervised machine-learning algorithms. The results show that Logistic Regression, with a score of 98.4%, provides the best classification accuracy when compared to the other classifiers used.

Download Full-text

Towards Accurate Run-Time Hardware-Assisted Stealthy Malware Detection: A Lightweight, Yet Effective Time Series CNN-Based Approach

Cryptography ◽

10.3390/cryptography5040028 ◽

2021 ◽

Vol 5 (4) ◽

pp. 28

Author(s):

Hossein Sayadi ◽

Yifeng Gao ◽

Hosein Mohammadi Makrani ◽

Jessica Lin ◽

Paulo Cesar Costa ◽

...

Keyword(s):

Machine Learning ◽

Time Series ◽

Time Series Data ◽

State Of The Art ◽

Malware Detection ◽

Detection Performance ◽

Malicious Code ◽

Detection Methods ◽

Series Data ◽

Run Time

According to recent security analysis reports, malicious software (a.k.a. malware) is rising at an alarming rate in numbers, complexity, and harmful purposes to compromise the security of modern computer systems. Recently, malware detection based on low-level hardware features (e.g., Hardware Performance Counters (HPCs) information) has emerged as an effective alternative solution to address the complexity and performance overheads of traditional software-based detection methods. Hardware-assisted Malware Detection (HMD) techniques depend on standard Machine Learning (ML) classifiers to detect signatures of malicious applications by monitoring built-in HPC registers during execution at run-time. Prior HMD methods though effective have limited their study on detecting malicious applications that are spawned as a separate thread during application execution, hence detecting stealthy malware patterns at run-time remains a critical challenge. Stealthy malware refers to harmful cyber attacks in which malicious code is hidden within benign applications and remains undetected by traditional malware detection approaches. In this paper, we first present a comprehensive review of recent advances in hardware-assisted malware detection studies that have used standard ML techniques to detect the malware signatures. Next, to address the challenge of stealthy malware detection at the processor’s hardware level, we propose StealthMiner, a novel specialized time series machine learning-based approach to accurately detect stealthy malware trace at run-time using branch instructions, the most prominent HPC feature. StealthMiner is based on a lightweight time series Fully Convolutional Neural Network (FCN) model that automatically identifies potentially contaminated samples in HPC-based time series data and utilizes them to accurately recognize the trace of stealthy malware. Our analysis demonstrates that using state-of-the-art ML-based malware detection methods is not effective in detecting stealthy malware samples since the captured HPC data not only represents malware but also carries benign applications’ microarchitectural data. The experimental results demonstrate that with the aid of our novel intelligent approach, stealthy malware can be detected at run-time with 94% detection performance on average with only one HPC feature, outperforming the detection performance of state-of-the-art HMD and general time series classification methods by up to 42% and 36%, respectively.

Download Full-text

Image-Based Malware Classification Using VGG19 Network and Spatial Convolutional Attention

Electronics ◽

10.3390/electronics10192444 ◽

2021 ◽

Vol 10 (19) ◽

pp. 2444

Author(s):

Mazhar Javed Awan ◽

Osama Ahmed Masood ◽

Mazin Abed Mohammed ◽

Awais Yasin ◽

Azlan Mohd Zain ◽

...

Keyword(s):

High Performance ◽

State Of The Art ◽

Malware Detection ◽

Detection Methods ◽

Learning Framework ◽

Malware Classification ◽

Proposed Model ◽

Communication Devices ◽

Digital Assets

In recent years the amount of malware spreading through the internet and infecting computers and other communication devices has tremendously increased. To date, countless techniques and methodologies have been proposed to detect and neutralize these malicious agents. However, as new and automated malware generation techniques emerge, a lot of malware continues to be produced, which can bypass some state-of-the-art malware detection methods. Therefore, there is a need for the classification and detection of these adversarial agents that can compromise the security of people, organizations, and countless other forms of digital assets. In this paper, we propose a spatial attention and convolutional neural network (SACNN) based on deep learning framework for image-based classification of 25 well-known malware families with and without class balancing. Performance was evaluated on the Malimg benchmark dataset using precision, recall, specificity, precision, and F1 score on which our proposed model with class balancing reached 97.42%, 97.95%, 97.33%, 97.11%, and 97.32%. We also conducted experiments on SACNN with class balancing on benign class, also produced above 97%. The results indicate that our proposed model can be used for image-based malware detection with high performance, despite being simpler as compared to other available solutions.

Download Full-text

Accuracy Improved Malware Detection Method using Snort Sub-signatures and Machine Learning Techniques

2018 10th Computer Science and Electronic Engineering (CEEC) ◽

10.1109/ceec.2018.8674233 ◽

2018 ◽

Cited By ~ 2

Author(s):

Ban M. Khammas ◽

Sami Hasan ◽

Rabah Abood Ahmed ◽

Joseph Stephen Bassi ◽

Ismahani Ismail

Keyword(s):

Machine Learning ◽

Detection Method ◽

Malware Detection ◽

Machine Learning Techniques ◽

Learning Techniques

Download Full-text

Mlifdect: Android Malware Detection Based on Parallel Machine Learning and Information Fusion

Security and Communication Networks ◽

10.1155/2017/6451260 ◽

2017 ◽

Vol 2017 ◽

pp. 1-14 ◽

Cited By ~ 8

Author(s):

Xin Wang ◽

Dafang Zhang ◽

Xin Su ◽

Wenjia Li

Keyword(s):

Machine Learning ◽

Information Fusion ◽

Malware Detection ◽

Parallel Machine ◽

Detection Methods ◽

Detection Accuracy ◽

Android Malware ◽

Detection Model ◽

Android Apps ◽

Android Malware Detection

In recent years, Android malware has continued to grow at an alarming rate. More recent malicious apps’ employing highly sophisticated detection avoidance techniques makes the traditional machine learning based malware detection methods far less effective. More specifically, they cannot cope with various types of Android malware and have limitation in detection by utilizing a single classification algorithm. To address this limitation, we propose a novel approach in this paper that leverages parallel machine learning and information fusion techniques for better Android malware detection, which is named Mlifdect. To implement this approach, we first extract eight types of features from static analysis on Android apps and build two kinds of feature sets after feature selection. Then, a parallel machine learning detection model is developed for speeding up the process of classification. Finally, we investigate the probability analysis based and Dempster-Shafer theory based information fusion approaches which can effectively obtain the detection results. To validate our method, other state-of-the-art detection works are selected for comparison with real-world Android apps. The experimental results demonstrate that Mlifdect is capable of achieving higher detection accuracy as well as a remarkable run-time efficiency compared to the existing malware detection solutions.

Download Full-text

Joint Banknote Recognition and Counterfeit Detection Using Explainable Artificial Intelligence

Sensors ◽

10.3390/s19163607 ◽

2019 ◽

Vol 19 (16) ◽

pp. 3607 ◽

Cited By ~ 1

Author(s):

Miseon Han ◽

Jeongtae Kim

Keyword(s):

Artificial Intelligence ◽

Machine Learning ◽

European Union ◽

Detection Method ◽

Computation Time ◽

Learning System ◽

Detection Methods ◽

The European Union ◽

Explainable Artificial Intelligence ◽

Banknote Recognition

We investigated machine learning-based joint banknote recognition and counterfeit detection method. Unlike existing methods, since the proposed method simultaneously recognize banknote type and detect counterfeit detection, it is significantly faster than existing serial banknote recognition and counterfeit detection methods. Furthermore, we propose an explainable artificial intelligence method for visualizing regions that contributed to the recognition and detection. Using the visualization, it is possible to understand the behavior of the trained machine learning system. In experiments using the United State Dollar and the European Union Euro banknotes, the proposed method shows significant improvement in computation time from conventional serial method.

Download Full-text