Malicious Code Variant Detection : A Survey

International Journal of Scientific Research in Science Engineering and Technology ◽

10.32628/ijsrset207141 ◽

2020 ◽

pp. 245-251

Author(s):

K V Sreelakshmi ◽

Dileesh E D

Keyword(s):

Computer Systems ◽

Malicious Code ◽

Behavioral Patterns ◽

Malicious Software ◽

Detailed Survey ◽

Code Variant ◽

Malicious Codes ◽

Variant Detection

Malicious codes have become one of the major threats to computer systems. The malicious software which is also referred to as malware is designed by the attackers and can change their code as they propagate. The existing defense against malware is highly affected by the diversity and volume of malware variants that are being created rapidly. The variants of malware families exhibit typical behavioral patterns exhibiting their origin and purpose. The behavioral patterns can be exploited statically or dynamically to detect and classify malware into their known families. This paper provides a detailed survey of techniques to detect and classify malware into their respective families.

Download Full-text

Malware Detection Based on Code Visualization and Two-Level Classification

Information ◽

10.3390/info12030118 ◽

2021 ◽

Vol 12 (3) ◽

pp. 118

Author(s):

Vassilios Moussas ◽

Antonios Andreatos

Keyword(s):

Web Applications ◽

Detection System ◽

Malware Detection ◽

Image Features ◽

Malicious Code ◽

Malware Analysis ◽

Malicious Software ◽

Antivirus Software ◽

Malware Classification ◽

Artificial Neural Network Ann

Malware creators generate new malicious software samples by making minor changes in previously generated code, in order to reuse malicious code, as well as to go unnoticed from signature-based antivirus software. As a result, various families of variations of the same initial code exist today. Visualization of compiled executables for malware analysis has been proposed several years ago. Visualization can greatly assist malware classification and requires neither disassembly nor code execution. Moreover, new variations of known malware families are instantly detected, in contrast to traditional signature-based antivirus software. This paper addresses the problem of identifying variations of existing malware visualized as images. A new malware detection system based on a two-level Artificial Neural Network (ANN) is proposed. The classification is based on file and image features. The proposed system is tested on the ‘Malimg’ dataset consisting of the visual representation of well-known malware families. From this set some important image features are extracted. Based on these features, the ANN is trained. Then, this ANN is used to detect and classify other samples of the dataset. Malware families creating a confusion are classified by a second level of ANNs. The proposed two-level ANN method excels in simplicity, accuracy, and speed; it is easy to implement and fast to run, thus it can be applied to antivirus software, smart firewalls, web applications, etc.

Download Full-text

A proposals of convolution neural network system for malicious code analysis based on cloud systems

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i2.12.11040 ◽

2018 ◽

Vol 7 (2.12) ◽

pp. 80

Author(s):

Yong Kyu Park ◽

Kyung Shin Kim ◽

Jang Il Kim ◽

Sung Hee Kim ◽

Kil Hung Lee

Keyword(s):

Machine Learning ◽

Parameter Tuning ◽

Ease Of Use ◽

Malicious Code ◽

Network System ◽

Code Analysis ◽

Cloud Systems ◽

Malicious Codes ◽

Neural Network System ◽

Learning Machine

Background/Objectives: In the information security field, artificial intelligence must be applied first. This is because the frequency of malicious code is too high and the processing method is too difficult, which is very difficult for human to handle.Methods/Statistical analysis: In this paper, we developed a program to classify malicious codes into images and a Tensorflow system to classify malicious codes. The malware used as input was the computer virus code used in the BIG 2015 Challenge. This dataset, called a Kaggle dataset, consists of 10,868 bytes of train set.Findings: We used the Tensorflow SLIM library to develop this machine learning malware learning machine. This resulted in more than 80% accuracy. Especially, when the CRIS-Ensemble algorithm was added, the accuracy was 97%. The study of malicious code analysis using machine learning consists of two major parts. First, the process of making the virus into images is important. To classify 10,868 Kaggle malware datasets that the BIG 2015 winner showed 99.6% accuracy, Tensorflow's accuracy and parameter tuning are important, but finding the way to make good images is the most important techniqueImprovements/Applications: The results show that the malicious code classification system using machine learning can be an effective method to classify malicious code of malicious code by the accuracy of the result and ease of use.

Download Full-text

The Research of Malicious Code's Spread and Found Technology

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.860-863.2750 ◽

2013 ◽

Vol 860-863 ◽

pp. 2750-2753

Author(s):

Ya Qin Fan ◽

Xin Zhang ◽

Xin Yu Chen ◽

Chi Li

Keyword(s):

Simulation Software ◽

Malicious Code ◽

Propagation Model ◽

Matlab Simulation ◽

Malware Propagation ◽

Detection Technology ◽

Malicious Codes ◽

Improved Methods

In order to defense malicious codes increasing serious infestations actively. We proposed several corresponding malicious code found and detection technology on the basis of malware propagation principle. We use MATLAB simulation software to achieve the malware propagation model and detection technology. We proved the practicability of the discovery technology, and present improved methods for the deficiency of the model.

Download Full-text

Overview of static methods of analysis malicious software

Computer Science and Cybersecurity ◽

10.26565/2519-2310-2020-2-02 ◽

2020 ◽

Keyword(s):

Static Analysis ◽

Large Data ◽

Malicious Code ◽

Machine Learning Algorithms ◽

Data Sets ◽

Malware Analysis ◽

Universal Method ◽

Malicious Software ◽

Promising Area ◽

Almost All

In today's world, the problem of losses from the actions of malicious software (or ordinary software, which has the characteristics of undeclared functions) continues to be extremely relevant. Therefore, the creation and modification of anti-virus solutions for protection and analysis of malware (software) is a relevant and promising area of research. This is due to the lack of a single, universal method that provides 100% finding malicious code. The paper considers the composition and main components of static analysis. The main methods of static analysis is identified, and relevant examples of almost all of them are given. Got concluded that the main advantages of static analysis are that by using a relatively simple set of commands and tools, it is possible to perform malware analysis and partially understand how it works. Attention is drawn to the fact that static analysis does not give 100% certainty that the investigated software is malicious. With this in mind, to provide a more meaningful analysis, you need to collect as much data as possible about the structure of the file, its possible functions, etc. Analysis of files for the possible presence of malicious code is provided through the use of appropriate programs to view their structure and composition. A more informative way is to analyze the Portable Executable format. It consists of the analysis of various sections of the code of fields and resources. Since static analysis does not always provide the required level of guarantees, it is better to use machine learning algorithms at the stage of making the final classification decision (malicious or not). This approach will make it possible to process large data sets with greater accuracy in determining the nature of the software is analyzed. The main purpose of this work is to analyze the existing methods of static malware analysis, and review the features of their further development.

Download Full-text

Detecting malicious software using machine learning

Issues of radio electronics ◽

10.21778/2218-5453-2019-11-42-45 ◽

2019 ◽

pp. 42-45

Author(s):

A. V. Chevychelov ◽

A. V. Burmistrov ◽

K. Yu. Voyshhev

Keyword(s):

Machine Learning ◽

Random Forest ◽

Decision Tree ◽

Learning Algorithms ◽

Malware Detection ◽

Malicious Code ◽

Machine Learning Algorithms ◽

Fisher Criterion ◽

Malicious Software ◽

Informative Parameters

Today, most malware detection tools (Trojans): trojans, spyware, adware, worms, viruses, and ransomware are based on a signature approach that is ineffective for detecting polymorphs and malware whose signatures have not been recorded in antivirus database. This article explores methods for detecting opcodes in malware using machine learning algorithms. The study is carried on a Microsoft dataset containing 21653 examples of malicious code. The 20 most informative parameters based on the Fisher criterion are distinguished, methods for selecting parameters and various classifiers (logistic decision tree, random forest, naive Bayesian classifier, random tree) are compared, as a result of which an accuracy close to 100% is achieved.

Download Full-text

Behavioral Modeling of Malicious Objects in a Highly Infected Network Under Quarantine Defence

International Journal of Information Security and Privacy ◽

10.4018/ijisp.2019010102 ◽

2019 ◽

Vol 13 (1) ◽

pp. 17-29 ◽

Cited By ~ 1

Author(s):

Yerra Shankar Rao ◽

Prasant Kumar Nayak ◽

Hemraj Saini ◽

Tarini Charana Panda

Keyword(s):

Control Strategy ◽

Computer Network ◽

Reproduction Number ◽

Malicious Code ◽

Behavioral Modeling ◽

Asymptotically Stable ◽

Matlab Simulation ◽

Safety Measures ◽

Malicious Codes ◽

The Stability

This article describes a highly infected e-epidemic model in a computer network. This article establishes the Basic reproduction number R0, which explicitly brings out the stability conditions. Further, the article shows that if R0< 1 then the infected nodes ceases the spreading of malicious code in computer network as it dies down and consequently establishes the asymptotically stable, when R0> 1, the alternative aspect is that infected nodes stretch out into the network and becomes asymptotically unstable. The pivotal, impact of quarantine node on e-epidemic models has been verified along with its control strategy for a high infected computer network. In the MATLAB simulation, the quarantine class shows its explicit relationship with respect to high as well as low infected class, exposed class, and finally, with recovery class in order to yield increasing safety measures on transmission of malicious codes.

Download Full-text

Digital Immunity Module: Preventing Unwanted Encryption using Source Coding

10.36227/techrxiv.17789735.v1 ◽

2022 ◽

Author(s):

Arash Mahboubi ◽

Keyvan Ansari ◽

Seyit Camtepe ◽

Jarek Duda ◽

Paweł Morawiecki ◽

...

Keyword(s):

Source Coding ◽

Data Encryption ◽

Malicious Software ◽

Encrypted Data ◽

Related Data ◽

Coding Method ◽

Malicious Codes ◽

Data Files ◽

Data Centres ◽

Sample File

Unwanted data encryption, such as ransomware attacks, continues to be a significant cybersecurity threat. Ransomware is a preferred weapon of cybercriminals who target small to large organizations' computer systems and data centres. It is malicious software that infects a victim's computer system and encrypts all its valuable data files. The victim needs to pay a ransom, often in cryptocurrency, in return for a decryption key. Many solutions use methods, including the inspection of file signatures, runtime process behaviors, API calls, and network traffic, to detect ransomware code. However, unwanted data encryption is still a top threat. This paper presents the first immunity solution, called the digital immunity module (DIM). DIM focuses on protecting valuable business-related data files from unwanted encryption rather than detecting malicious codes or processes. We show that methods such as file entropy and fuzzy hashing can be effectively used to sense unwanted encryption on a protected file, triggering our novel source coding method to paralyze the malicious manipulation of data such as ransomware encryption. Specifically, maliciously encrypted data blocks consume exponentially larger space and longer writing time on the DIM-protected file system. As a result, DIM creates enough time for system/human intervention and forensics analysis. Unlike the existing solutions, DIM protects the data regardless of ransomware families and variants. Additionally, DIM can defend against simultaneously active multiple ransomware, including the most recent hard to detect and stop fileless ones. We tested our solution on 39 ransomware families, including the most recent ransomware attacks. DIM successfully defended our sample file dataset (1335 pdf, jpg, and tiff files) against those ransomware attacks with zero file loss.

Download Full-text

ImageDetox: Method for the Neutralization of Malicious Code Hidden in Image Files

Symmetry ◽

10.3390/sym12101621 ◽

2020 ◽

Vol 12 (10) ◽

pp. 1621

Author(s):

Dong-Seob Jung ◽

Sang-Joon Lee ◽

Ieck-Chae Euom

Keyword(s):

Application Programming Interface ◽

Malicious Code ◽

Commercial Application ◽

Security Threats ◽

Virus Infections ◽

Image File ◽

Malicious Codes ◽

Application Programming ◽

Image File Format ◽

The Difference

Malicious codes may cause virus infections or threats of ransomware through symmetric encryption. Moreover, various bypassing techniques such as steganography, which refers to the hiding of malicious code in image files, have been devised. Unknown or new malware hidden in an image file in the form of malicious code is difficult to detect using most representative reputation- or signature-based antivirus methods. In this paper, we propose the use of ImageDetox method to neutralize malicious code hidden in an image file even in the absence of any prior information regarding the signatures or characteristics of the code. This method is composed of four modules: image file extraction, image file format analysis, image file conversion, and the convergence of image file management modules. To demonstrate the effectiveness of the proposed method, 30 image files with hidden malicious codes were used in an experiment. The malicious codes were selected from 48,220 recent malicious codes purchased from VirusTotal (a commercial application programming interface (API)). The experimental results showed that the detection rate of viruses was remarkably reduced. In addition, image files from which the hidden malicious code had previously been removed using a nonlinear transfer function maintained nearly the same quality as that of the original image; in particular, the difference could not be distinguished by the naked eye. The proposed method can also be utilized to prevent security threats resulting from the concealment of confidential information in image files with the aim of leaking such threats.

Download Full-text

Laundering the Profits of Ransomware

European Journal of Crime Criminal Law and Criminal Justice ◽

10.1163/15718174-02802002 ◽

2020 ◽

Vol 28 (2) ◽

pp. 121-152 ◽

Cited By ~ 1

Author(s):

Bart Custers ◽

Jan-Jaap Oerlemans ◽

Ronald Pool

Keyword(s):

Computer System ◽

Computer Systems ◽

Malicious Software ◽

Desk Research

Ransomware is malicious software (malware) that blocks access to someone’s computer system or files on the system and subsequently demands a ransom to be paid for unlocking the computer or files. Ransomware is considered one of the main threats in cybercrime today. Cryptoware is a specific type of ransomware, which encrypts files on computer systems. The ransom is often demanded in bitcoins. Based on desk research, a series of interviews, and the investigation of several police files, this paper investigates the modi operandi in which cybercriminals use ransomware and cryptoware to make profits and how they launder these profits. Two models, based on the payment of the ransom via vouchers and via bitcoins respectively, are identified and described. These methods allow criminals to launder profits in relative anonymity and prevent the seizure of the illegally obtained money.

Download Full-text

Developments and Defenses of Malicious Code

Encyclopedia of Multimedia Technology and Networking, Second Edition ◽

10.4018/978-1-60566-014-1.ch049 ◽

2009 ◽

pp. 356-363 ◽

Cited By ~ 1

Author(s):

Xin Luo ◽

Merrill Warkentin

Keyword(s):

Malicious Code ◽

Sensitive Information ◽

Security Threats ◽

Computer Viruses ◽

The Public ◽

Highly Sensitive ◽

Malicious Codes ◽

In The Wild ◽

Working Practices ◽

E Mail

The continuous evolution of information security threats, coupled with increasing sophistication of malicious codes and the greater flexibility in working practices demanded by organizations and individual users, have imposed further burdens on the development of effective anti-malware defenses. Despite the fact that the IT community is endeavoring to prevent and thwart security threats, the Internet is perceived as the medium that transmits not only legitimate information but also malicious codes. In this cat-and-mouse predicament, it is widely acknowledged that, as new security countermeasures arise, malware authors are always able to learn how to manipulate the loopholes or vulnerabilities of these technologies, and can thereby weaponize new streams of malicious attacks. From e-mail attachments embedded with Trojan horses to recent advanced malware attacks such as Gozi programs, which compromise and transmit users’ highly sensitive information in a clandestine way, malware continues to evolve to be increasingly surreptitious and deadly. This trend of malware development seems foreseeable, yet making it increasingly arduous for organizations and/or individuals to detect and remove malicious codes and to defend against profit-driven perpetrators in the cyber world. This article introduces new malware threats such as ransomware, spyware, and rootkits, discusses the trends of malware development, and provides analysis for malware defenses. Keywords: Ransomware, Spyware, Anti-Virus, Malware, Malicious Code, Background Various forms of malware have been a part of the computing environment since before the implementation of the public Internet. However, the Internet’s ubiquity has ushered in an explosion in the severity and complexity of various forms of malicious applications delivered via increasingly ingenious methods. The original malware attacks were perpetrated via e-mail attachments, but new vulnerabilities have been identified and exploited by a variety of perpetrators who range from merely curious hackers to sophisticated organized criminals and identify thieves. In an earlier manuscript (Luo & Warkentin, 2005), the authors established the basic taxonomy of malware that included various types of computer viruses (boot sector viruses, macro viruses, etc.), worms, and Trojan horses. Since that time, numerous new forms of malicious code have been found “in the wild.”

Download Full-text