Using a Subtractive Center Behavioral Model to Detect Malware

In recent years, malware has evolved by using different obfuscation techniques; due to this evolution, the detection of malware has become problematic. Signature-based and traditional behavior-based malware detectors cannot effectively detect this new generation of malware. This paper proposes a subtractive center behavior model (SCBM) to create a malware dataset that captures semantically related behaviors from sample programs. In the proposed model, system paths, where malware behaviors are performed, and malware behaviors themselves are taken into consideration. This way malicious behavior patterns are differentiated from benign behavior patterns. Features that could not exceed the specified score are removed from the dataset. The datasets created using the proposed model contain far fewer features than the datasets created by n-gram and other models that have been used in other studies. The proposed model can handle both known and unknown malware, and the obtained detection rate and accuracy of the proposed model are higher than those of the known models. To show the effectiveness of the proposed model, 2 datasets with score and without score are created by using SCBM. In total, 6700 malware samples and 3000 benign samples are tested. The results are compared with those derived from n-gram and models from other studies in the literature. The test results show that, by combining the proposed model with an appropriate machine learning algorithm, the detection rate, false positive rate, and accuracy are measured as 99.9%, 0.2%, and 99.8%, respectively.

Download Full-text

Night-Time Vehicle Sensing in Far Infrared Image with Deep Learning

Journal of Sensors ◽

10.1155/2016/3403451 ◽

2016 ◽

Vol 2016 ◽

pp. 1-8 ◽

Cited By ~ 11

Author(s):

Hai Wang ◽

Yingfeng Cai ◽

Xiaobo Chen ◽

Long Chen

Keyword(s):

Detection Rate ◽

False Positive Rate ◽

Infrared Image ◽

Far Infrared ◽

Night Vision ◽

Infrared Sensors ◽

Night Time ◽

Detection Rates ◽

Positive Rate ◽

And Performance

The use of night vision systems in vehicles is becoming increasingly common. Several approaches using infrared sensors have been proposed in the literature to detect vehicles in far infrared (FIR) images. However, these systems still have low vehicle detection rates and performance could be improved. This paper presents a novel method to detect vehicles using a far infrared automotive sensor. Firstly, vehicle candidates are generated using a constant threshold from the infrared frame. Contours are then generated by using a local adaptive threshold based on maximum distance, which decreases the number of processing regions for classification and reduces the false positive rate. Finally, vehicle candidates are verified using a deep belief network (DBN) based classifier. The detection rate is 93.9% which is achieved on a database of 5000 images and video streams. This result is approximately a 2.5% improvement on previously reported methods and the false detection rate is also the lowest among them.

Download Full-text

Contextual Identification of Windows Malware through Semantic Interpretation of API Call Sequence

Applied Sciences ◽

10.3390/app10217673 ◽

2020 ◽

Vol 10 (21) ◽

pp. 7673

Author(s):

Eslam Amer ◽

Shaker El-Sappagh ◽

Jong Wan Hu

Keyword(s):

False Positive Rate ◽

Heuristic Method ◽

Semantic Interpretation ◽

Detection Accuracy ◽

Behavioral Models ◽

Proposed Model ◽

Positive Rate ◽

Call Sequence ◽

Proper Interpretation ◽

Contextual Association

The proper interpretation of the malware API call sequence plays a crucial role in identifying its malicious intent. Moreover, there is a necessity to characterize smart malware mimicry activities that resemble goodware programs. Those types of malware imply further challenges in recognizing their malicious activities. In this paper, we propose a standard and straightforward contextual behavioral models that characterize Windows malware and goodware. We relied on the word embedding to realize the contextual association that may occur between API functions in malware sequences. Our empirical results proved that there is a considerable distinction between malware and goodware call sequences. Based on that distinction, we propose a new method to detect malware that relies on the Markov chain. We also propose a heuristic method that identifies malware’s mimicry activities by tracking the likelihood behavior of a given API call sequence. Experimental results showed that our proposed model outperforms other peer models that rely on API call sequences. Our model returns an average malware detection accuracy of 0.990, with a false positive rate of 0.010. Regarding malware mimicry, our model shows an average noteworthy accuracy of 0.993 in detecting false positives.

Download Full-text

A Learning-based Neural Network Model for the Detection and Classification of SQL Injection Attacks

International Journal of Cyber Warfare and Terrorism ◽

10.4018/ijcwt.2017040102 ◽

2017 ◽

Vol 7 (2) ◽

pp. 16-41 ◽

Cited By ~ 5

Author(s):

Naghmeh Moradpoor Sheykhkanloo

Keyword(s):

Neural Network ◽

Web Application ◽

Query Language ◽

False Positive Rate ◽

True Positive Rate ◽

Injection Technique ◽

Injection Attacks ◽

Proposed Model ◽

Positive Rate ◽

Sql Injection Attacks

Structured Query Language injection (SQLi) attack is a code injection technique where hackers inject SQL commands into a database via a vulnerable web application. Injected SQL commands can modify the back-end SQL database and thus compromise the security of a web application. In the previous publications, the author has proposed a Neural Network (NN)-based model for detections and classifications of the SQLi attacks. The proposed model was built from three elements: 1) a Uniform Resource Locator (URL) generator, 2) a URL classifier, and 3) a NN model. The proposed model was successful to: 1) detect each generated URL as either a benign URL or a malicious, and 2) identify the type of SQLi attack for each malicious URL. The published results proved the effectiveness of the proposal. In this paper, the author re-evaluates the performance of the proposal through two scenarios using controversial data sets. The results of the experiments are presented in order to demonstrate the effectiveness of the proposed model in terms of accuracy, true-positive rate as well as false-positive rate.

Download Full-text

A Novel Hybrid LE and SVM with CV in Intrusion Detection

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.644-650.2572 ◽

2014 ◽

Vol 644-650 ◽

pp. 2572-2576

Author(s):

Qing Liu ◽

Yun Kai Zhang ◽

Qing Ru Li

Keyword(s):

Intrusion Detection ◽

False Positive Rate ◽

Likelihood Estimation ◽

Support Vector ◽

Training Time ◽

Detection Algorithms ◽

Lower False Positive Rate ◽

Proposed Model ◽

Positive Rate ◽

Rbf Kernel

A support vector machine (SVM) model combined Laplacian Eigenmaps (LE) with Cross Validation (CV) is proposed for intrusion detection. In the proposed model, a classifier is adopted to estimate whether an action is an attack or not. Maximum Likelihood Estimation (MLE) is used to estimate the intrinsic dimensions, and LE is used as a preprocessor of SVM to reduce the dimensions of feature vectors then training time is shortened. In order to improve the performance of SVM, CV is used to optimize the parameters of SVM in RBF kernel function. Compared with other detection algorithms, the experimental results show that the proposed model has the advantages: shorter training time, higher accuracy rate and lower false positive rate.

Download Full-text

Rapid and Automatic Detection of Micronuclei in Binucleated lymphocytes Image

10.21203/rs.3.rs-709853/v1 ◽

2021 ◽

Author(s):

Xiang Shen ◽

Ying Chen ◽

Chaowen Li ◽

Fucheng Yang ◽

Zhanbo Wen ◽

...

Keyword(s):

False Positive ◽

Detection Rate ◽

False Positive Rate ◽

Research Work ◽

Estimation Method ◽

Automatic Detection ◽

Dose Estimation ◽

Binucleated Cell ◽

Positive Rate ◽

Binucleated Lymphocytes

Abstract In terms of radiation biological dose estimation, the cytokinesis block micronucleus (CBMN) assay is the internationally recognized dose estimation method. Due to the subjectivity and the time-consuming of manual detection, it cannot meet the needs of rapid standard assay of CBMN. Therefore, in this research work, we combined the convolutional neural network to design a software that can be used for rapid standard automatic detection of micronuclei in Giemsa stained binucleated lymphocytes image. The software analysis workflow is divided into four stages: cell acquisition, adhesive cell masses segmentation, cell type identification, micronucleus counting. After verification, our algorithm can quickly and effectively detect binucleated cells and micronucleus even when the cytoplasm is blurred, multiple micronucleus are attached to each other, or micronucleus is attached to the nucleus. In the test of a large number of random images, the software reached 99.4% of the manual detection in terms of the detection rate of binucleated cell, and the false positive rate of binucleated cell was 14.7%. In terms of micronucleus detection rate, the software reached 115.1% of manual detection, and its false positive rate was 26.2%. The analysis time of each picture is about 0.3s, an order of magnitude faster than conventional method.

Download Full-text

Predicting first-trimester outcome of embryos with cardiac activity in women with recurrent spontaneous abortion

Journal of International Medical Research ◽

10.1177/0300060520911829 ◽

2020 ◽

Vol 48 (6) ◽

pp. 030006052091182

Author(s):

Huixian Li ◽

Shuang Qin ◽

Fanfan Xiao ◽

Yuhong Li ◽

Yunhe Gao ◽

...

Keyword(s):

Pregnant Women ◽

False Positive ◽

Detection Rate ◽

False Positive Rate ◽

Cardiac Activity ◽

First Trimester ◽

Clinical Indicators ◽

Early Outcome ◽

Heart Motion ◽

Positive Rate

Objective This study was performed to evaluate the capability of routine clinical indicators to predict the early outcome of embryos with cardiac activity in women with recurrent spontaneous abortion (RSA). Methods A retrospective cohort study of pregnant women with a history of RSA in a Chinese tertiary hospital was performed using unadjusted and multivariable logistic regression. Results Of 789 pregnant women with RSA, 625 (79.21%) had ongoing pregnancy, whereas 164 (20.79%) developed abortion before 20 full weeks of gestational age even after embryonic heart motion was detected. The final model had an area under the curve of 0.81 (95% confidence interval, 0.78–0.84) with a sensitivity of 74.39%, a specificity of 76.00%, and a false-positive rate of 52.32% at a fixed detection rate of 90%. Conclusions The combination of multiple routine clinical indicators was valuable in predicting the early outcome of embryos with cardiac activity in viable pregnancies with RSA. However, this model might result in a high false-positive rate with a fixed detection rate of 90%; other markers must be investigated to identify first-trimester RSA once positive embryonic heart motion is established.

Download Full-text

Deep-learning and radiomics ensemble classifier for false positive reduction in brain metastases segmentation

Physics in Medicine and Biology ◽

10.1088/1361-6560/ac4667 ◽

2021 ◽

Author(s):

Zi Yang ◽

Mingli Chen ◽

Mahdieh Kazemimoghadam ◽

Lin Ma ◽

Strahinja Stojadinovic ◽

...

Keyword(s):

Deep Learning ◽

Brain Metastases ◽

False Positive ◽

False Positive Rate ◽

Ensemble Classifier ◽

Support Vector ◽

Svm Classifier ◽

Siamese Network ◽

Proposed Model ◽

Positive Rate

Abstract Stereotactic radiosurgery (SRS) is now the standard of care for brain metastases (BMs) patients. The SRS treatment planning process requires precise target delineation, which in clinical workflow for patients with multiple (>4) BMs (mBMs) could become a pronounced time bottleneck. Our group has developed an automated BMs segmentation platform to assist in this process. The accuracy of the auto-segmentation, however, is influenced by the presence of false-positive segmentations, mainly caused by the injected contrast during MRI acquisition. To address this problem and further improve the segmentation performance, a deep-learning and radiomics ensemble classifier was developed to reduce the false-positive rate in segmentations. The proposed model consists of a Siamese network and a radiomic-based support vector machine (SVM) classifier. The 2D-based Siamese network contains a pair of parallel feature extractors with shared weights followed by a single classifier. This architecture is designed to identify the inter-class difference. On the other hand, the SVM model takes the radiomic features extracted from 3D segmentation volumes as the input for twofold classification, either a false-positive segmentation or a true BM. Lastly, the outputs from both models create an ensemble to generate the final label. The performance of the proposed model in the segmented mBMs testing dataset reached the accuracy (ACC), sensitivity (SEN), specificity (SPE) and area under the curve (AUC) of 0.91, 0.96, 0.90 and 0.93, respectively. After integrating the proposed model into the original segmentation platform, the average segmentation false negative rate (FNR) and the false positive over the union (FPoU) were 0.13 and 0.09, respectively, which preserved the initial FNR (0.07) and significantly improved the FPoU (0.55). The proposed method effectively reduced the false-positive rate in the BMs raw segmentations indicating that the integration of the proposed ensemble classifier into the BMs segmentation platform provides a beneficial tool for mBMs SRS management.

Download Full-text

Gender-adjusted multiples of the median in amniotic fluid alpha-fetoprotein-screening for neural-tube defects halve false-positive rate without affecting detection rate

Ultrasound in Obstetrics and Gynecology ◽

10.1046/j.1469-0705.2001.abs23-4.x ◽

2001 ◽

Vol 18 ◽

pp. F58-F58

Author(s):

P. Kozlowski ◽

A. J. Knippel ◽

R. Stressig

Keyword(s):

Amniotic Fluid ◽

Neural Tube ◽

Neural Tube Defects ◽

False Positive ◽

Detection Rate ◽

False Positive Rate ◽

Alpha Fetoprotein ◽

Positive Rate

Download Full-text

An evaluation of tail paint as an aid or alternative to oestrus detection

Animal Science ◽

10.1017/s0003356100001768 ◽

1983 ◽

Vol 37 (2) ◽

pp. 221-227 ◽

Cited By ~ 5

Author(s):

M. J. Ducker ◽

Rosemary A. Haggett ◽

W. J. Fisher ◽

Glenys A. Bloomfield ◽

S. V. Morant

Keyword(s):

False Positive ◽

Detection Rate ◽

False Positive Rate ◽

Critical Time ◽

Successful Pregnancy ◽

Service Period ◽

Significant Difference ◽

Positive Rate ◽

The Mean ◽

Paint Removal

ABSTRACTOne hundred Friesian heifers were tail-painted between 14 and 21 days after calving. Once a week the paint strip was renewed if any paint had been removed. Over the whole period of observation the ovulation detection rate by definite signs of oestrus was high (0·79), whilst the proportion of silent ovulations detected by tail paint removal was low (0·10). In addition, tail paint was not removed on 0·28 of the occasions when definite oestrus with ovulation occurred and on 0·26 of the occasions when all the paint was removed it was not associated with any reproductive event. In practice, the critical time for tail paint to be effective is during the service period. Again, tail paint identified fewer (P < 0·001) ovulations than definite signs of oestrus (0·66) and had a significantly higher false positive rate (P < 0·001). Month of calving did not affect these results but the accuracy of tail paint declined as the season progressed (P < 0·001). False positive indications were not associated with individual animal characteristics. In a second trial 43 cows were tail-painted and 43 were not. There was no significant difference in the mean number of days from calving to first insemination or successful pregnancy between the two groups. It is concluded that in these trials tail paint was not an effective or reliable aid or alternative to oestrus detection.

Download Full-text

Jobst et al's “Detection in Life of Confirmed Alzheimer's Disease Using a Simple Measurement of Medial Temporal Lobe Atrophy by Computed Tomography”

The British Journal of Psychiatry ◽

10.1192/bjp.163.6.809 ◽

1993 ◽

Vol 163 (6) ◽

pp. 809-812 ◽

Cited By ~ 2

Author(s):

Michael Philpot ◽

Alistair Burns

Keyword(s):

Computed Tomography ◽

Alzheimer’S Disease ◽

Alzheimer's Disease ◽

Temporal Lobe ◽

False Positive ◽

Medial Temporal Lobe ◽

Detection Rate ◽

False Positive Rate ◽

Minimum Width ◽

Positive Rate

‘The medial temporal lobe of the brain is important for normal cognitive function, notably for memory, and is the region with the most extensive pathological change in Alzheimer's disease (AD). We wanted to find out if atrophy of the medial temporal lobe could be detected in life in patients in whom a diagnosis of AD was subsequently established histopathologically. The minimum width of the medial temporal lobe, measured by temporal-lobe-oriented computed tomography (CT) about one year before death, in 44 patients with a histopathological diagnosis of AD (cases) was nearly half (0.56 of the median) that in 75 controls of the same age with no clinical evidence of dementia (95% confidence interval 0.51–0.61). There was little overlap between the distributions of measurements in cases and controls. A cut-off (< 0.79 MoM) selected to yield a 5% false-positive rate gave an expected detection rate of 92%. A cut-off selected to yield a false-positive rate of 1 % (< 0.70 MoM) yielded a 79% detection rate. 20 of the 44 patients with histopathologically diagnosed AD had been scanned more than once before death, and the test (cut-off < 0.79 MoM) was positive in all 20 more than a year before and in 9/10 more than 2 years before death. In 10 subjects with dementia but with histopathology excluding AD, the mean minimum width of the medial temporal lobe was significantly greater than that in the cases with AD, but was not significantly different from that in controls. Medial temporal lobe CT is a non-invasive, rapid, simple and effective test for AD which could have immediate application firstly in improving the accuracy of prevalence and incidence studies and, secondly, for the identification of groups of high-risk patients in the evaluation of novel treatments for AD. In the future, it could be applied as a screening test.”

Download Full-text