scholarly journals PRATD: A Phased Remote Access Trojan Detection Method with Double-Sided Features

Electronics ◽  
2020 ◽  
Vol 9 (11) ◽  
pp. 1894
Author(s):  
Chun Guo ◽  
Zihua Song ◽  
Yuan Ping ◽  
Guowei Shen ◽  
Yuhei Cui ◽  
...  
Keyword(s):  
False Positive ◽  
Detection Method ◽  
False Positive Rate ◽  
True Positive Rate ◽  
Remote Access ◽  
Detection Methods ◽  
Security Threats ◽  
True Positive ◽  
Trojan Detection ◽  
Positive Rate

Remote Access Trojan (RAT) is one of the most terrible security threats that organizations face today. At present, two major RAT detection methods are host-based and network-based detection methods. To complement one another’s strengths, this article proposes a phased RATs detection method by combining double-side features (PRATD). In PRATD, both host-side and network-side features are combined to build detection models, which is conducive to distinguishing the RATs from benign programs because that the RATs not only generate traffic on the network but also leave traces on the host at run time. Besides, PRATD trains two different detection models for the two runtime states of RATs for improving the True Positive Rate (TPR). The experiments on the network and host records collected from five kinds of benign programs and 20 famous RATs show that PRATD can effectively detect RATs, it can achieve a TPR as high as 93.609% with a False Positive Rate (FPR) as low as 0.407% for the known RATs, a TPR 81.928% and FPR 0.185% for the unknown RATs, which suggests it is a competitive candidate for RAT detection.

The performance of delta check methods.

1979 ◽  
Vol 25 (12) ◽  
pp. 2034-2037 ◽  
Author(s):  
L B Sheiner ◽  
L A Wheeler ◽  
J K Moore
Keyword(s):  
False Positive ◽  
False Positive Rate ◽  
True Positive Rate ◽  
True Positive ◽  
Discriminant Functions ◽  
Linear Discriminant ◽  
Operating Rate ◽  
Positive Rate ◽  
The Relationship

Abstract The percentage of mislabeled specimens detected (true-positive rate) and the percentage of correctly labeled specimens misidentified (false-positive rate) were computed for three previously proposed delta check methods and two linear discriminant functions. The true-positive rate was computed from a set of pairs of specimens, each having one member replaced by a member from another pair chosen at random. The relationship between true-positive and false-positive rates was similar among the delta check methods tested, indicating equal performance for all of them over the range of false-positive rate of interest. At a practical false-positive operating rate of about 5%, delta check methods detect only about 50% of mislabeled specimens; even if the actual mislabeling rate is moderate (e.g., 1%), only abot 10% of specimens flagged a by a delta check will actually have been mislabeled.

scholarly journals Actor Critic Deep Reinforcement Learning for Neural Malware Control

2020 ◽  
Vol 34 (01) ◽  
pp. 1005-1012
Author(s):  
Yu Wang ◽  
Jack Stokes ◽  
Mady Marinescu
Keyword(s):  
Operating System ◽  
Reinforcement Learning ◽  
False Positive ◽  
Partial Information ◽  
False Positive Rate ◽  
True Positive Rate ◽  
True Positive ◽  
New Model ◽  
Positive Rate ◽  
Execution Speed

In addition to using signatures, antimalware products also detect malicious attacks by evaluating unknown files in an emulated environment, i.e. sandbox, prior to execution on a computer's native operating system. During emulation, a file cannot be scanned indefinitely, and antimalware engines often set the number of instructions to be executed based on a set of heuristics. These heuristics only make the decision of when to halt emulation using partial information leading to the execution of the file for either too many or too few instructions. Also this method is vulnerable if the attackers learn this set of heuristics. Recent research uses a deep reinforcement learning (DRL) model employing a Deep Q-Network (DQN) to learn when to halt the emulation of a file. In this paper, we propose a new DRL-based system which instead employs a modified actor critic (AC) framework for the emulation halting task. This AC model dynamically predicts the best time to halt the file's execution based on a sequence of system API calls. Compared to the earlier models, the new model is capable of handling adversarial attacks by simulating their behaviors using the critic model. The new AC model demonstrates much better performance than both the DQN model and antimalware engine's heuristics. In terms of execution speed (evaluated by the halting decision), the new model halts the execution of unknown files by up to 2.5% earlier than the DQN model and 93.6% earlier than the heuristics. For the task of detecting malicious files, the proposed AC model increases the true positive rate by 9.9% from 69.5% to 76.4% at a false positive rate of 1% compared to the DQN model, and by 83.4% from 41.2% to 76.4% at a false positive rate of 1% compared to a recently proposed LSTM model.

scholarly journals Identification of Influential Variants in Significant Aggregate Rare Variant Tests

2021 ◽  
pp. 1-13
Author(s):  
Rachel Z. Blumhagen ◽  
David A. Schwartz ◽  
Carl D. Langefeld ◽  
Tasha E. Fingerlin
Keyword(s):  
Outlier Detection ◽  
Rare Variant ◽  
False Positive ◽  
Rare Variants ◽  
False Positive Rate ◽  
Experimental Studies ◽  
Detection Methods ◽  
True Positive ◽  
Adaptive Combination ◽  
Positive Rate

<b><i>Introduction:</i></b> Studies that examine the role of rare variants in both simple and complex disease are increasingly common. Though the usual approach of testing rare variants in aggregate sets is more powerful than testing individual variants, it is of interest to identify the variants that are plausible drivers of the association. We present a novel method for prioritization of rare variants after a significant aggregate test by quantifying the influence of the variant on the aggregate test of association. <b><i>Methods:</i></b> In addition to providing a measure used to rank variants, we use outlier detection methods to present the computationally efficient Rare Variant Influential Filtering Tool (RIFT) to identify a subset of variants that influence the disease association. We evaluated several outlier detection methods that vary based on the underlying variance measure: interquartile range (Tukey fences), median absolute deviation, and SD. We performed 1,000 simulations for 50 regions of size 3 kb and compared the true and false positive rates. We compared RIFT using the Inner Tukey to 2 existing methods: adaptive combination of <i>p</i> values (ADA) and a Bayesian hierarchical model (BeviMed). Finally, we applied this method to data from our targeted resequencing study in idiopathic pulmonary fibrosis (IPF). <b><i>Results:</i></b> All outlier detection methods observed higher sensitivity to detect uncommon variants (0.001 &#x3c; minor allele frequency, MAF &#x3e; 0.03) compared to very rare variants (MAF &#x3c;0.001). For uncommon variants, RIFT had a lower median false positive rate compared to the ADA. ADA and RIFT had significantly higher true positive rates than that observed for BeviMed. When applied to 2 regions found previously associated with IPF including 100 rare variants, we identified 6 polymorphisms with the greatest evidence for influencing the association with IPF. <b><i>Discussion:</i></b> In summary, RIFT has a high true positive rate while maintaining a low false positive rate for identifying polymorphisms influencing rare variant association tests. This work provides an approach to obtain greater resolution of the rare variant signals within significant aggregate sets; this information can provide an objective measure to prioritize variants for follow-up experimental studies and insight into the biological pathways involved.

scholarly journals Detecting Malware Based on DNS Graph Mining

2015 ◽  
Vol 2015 ◽  
pp. 1-12 ◽  
Author(s):  
Futai Zou ◽  
Siyu Zhang ◽  
Weixiong Rao ◽  
Ping Yi
Keyword(s):  
Real World ◽  
False Positive ◽  
Graph Mining ◽  
Belief Propagation ◽  
False Positive Rate ◽  
Malware Detection ◽  
True Positive Rate ◽  
True Positive ◽  
Detection Approach ◽  
Positive Rate

Malware remains a major threat to nowadays Internet. In this paper, we propose a DNS graph mining-based malware detection approach. A DNS graph is composed of DNS nodes, which represent server IPs, client IPs, and queried domain names in the process of DNS resolution. After the graph construction, we next transform the problem of malware detection to the graph mining task of inferring graph nodes’ reputation scores using the belief propagation algorithm. The nodes with lower reputation scores are inferred as those infected by malwares with higher probability. For demonstration, we evaluate the proposed malware detection approach with real-world dataset. Our real-world dataset is collected from campus DNS servers for three months and we built a DNS graph consisting of 19,340,820 vertices and 24,277,564 edges. On the graph, we achieve a true positive rate 80.63% with a false positive rate 0.023%. With a false positive of 1.20%, the true positive rate was improved to 95.66%. We detected 88,592 hosts infected by malware or C&C servers, accounting for the percentage of 5.47% among all hosts. Meanwhile, 117,971 domains are considered to be related to malicious activities, accounting for 1.5% among all domains. The results indicate that our method is efficient and effective in detecting malwares.

scholarly journals Optimizing Android Malware Detection Via Ensemble Learning

2020 ◽  
Vol 14 (09) ◽  
pp. 61
Author(s):  
Abikoye Oluwakemi Christianah ◽  
Benjamin Aruwa Gyunka ◽  
Akande Noah Oluwatobi
Keyword(s):  
Random Forest ◽  
False Positive ◽  
False Positive Rate ◽  
True Positive Rate ◽  
Ensemble Model ◽  
True Positive ◽  
Android Malware ◽  
Detection Model ◽  
Android Malware Detection ◽  
Positive Rate

<p>Android operating system has become very popular, with the highest market share, amongst all other mobile operating systems due to its open source nature and users friendliness. This has brought about an uncontrolled rise in malicious applications targeting the Android platform. Emerging trends of Android malware are employing highly sophisticated detection and analysis avoidance techniques such that the traditional signature-based detection methods have become less potent in their ability to detect new and unknown malware. Alternative approaches, such as the Machine learning techniques have taken the lead for timely zero-day anomaly detections.  The study aimed at developing an optimized Android malware detection model using ensemble learning technique. Random Forest, Support Vector Machine, and k-Nearest Neighbours were used to develop three distinct base models and their predictive results were further combined using Majority Vote combination function to produce an ensemble model. Reverse engineering procedure was employed to extract static features from large repository of malware samples and benign applications. WEKA 3.8.2 data mining suite was used to perform all the learning experiments. The results showed that Random Forest had a true positive rate of 97.9%, a false positive rate of 1.9% and was able to correctly classify instances with 98%, making it a strong base model. The ensemble model had a true positive rate of 98.1%, false positive rate of 1.8% and was able to correctly classify instances with 98.16%. The finding shows that, although the base learners had good detection results, the ensemble learner produced a better optimized detection model compared with the performances of those of the base learners.</p>

scholarly journals Two-way partial AUC and its properties

2017 ◽  
Vol 28 (1) ◽  
pp. 184-195 ◽  
Author(s):  
Hanfang Yang ◽  
Kun Lu ◽  
Xiang Lyu ◽  
Feifang Hu
Keyword(s):  
Roc Curve ◽  
False Positive ◽  
False Positive Rate ◽  
R Package ◽  
True Positive Rate ◽  
Performance Measure ◽  
True Positive ◽  
Cancer Data ◽  
Partial Area ◽  
Positive Rate

Simultaneous control on true positive rate and false positive rate is of significant importance in the performance evaluation of diagnostic tests. Most of the established literature utilizes partial area under receiver operating characteristic (ROC) curve with restrictions only on false positive rate (FPR), called FPR pAUC, as a performance measure. However, its indirect control on true positive rate (TPR) is conceptually and practically misleading. In this paper, a novel and intuitive performance measure, named as two-way pAUC, is proposed, which directly quantifies partial area under ROC curve with explicit restrictions on both TPR and FPR. To estimate two-way pAUC, we devise a nonparametric estimator. Based on the estimator, a bootstrap-assisted testing method for two-way pAUC comparison is established. Moreover, to evaluate possible covariate effects on two-way pAUC, a regression analysis framework is constructed. Asymptotic normalities of the methods are provided. Advantages of the proposed methods are illustrated by simulation and Wisconsin Breast Cancer Data. We encode the methods as a publicly available R package tpAUC.

scholarly journals Hadoop based Parallel Machine Learning Algorithms for Intrusion Detection System

2019 ◽  
Vol 9 (1) ◽  
pp. 1152-1156
Keyword(s):  
Machine Learning ◽  
False Positive ◽  
Naive Bayes ◽  
False Positive Rate ◽  
True Positive Rate ◽  
Naïve Bayes ◽  
Machine Learning Algorithms ◽  
True Positive ◽  
Positive Rate ◽  
Bayes Algorithm

Web use and digitized information are getting expanded each day. The measure of information created is likewise getting expanded. On the opposite side, the security assaults cause numerous security dangers in the system, sites and Internet. Interruption discovery in a fast system is extremely a hard undertaking. The Hadoop Implementation is utilized to address the previously mentioned test that is distinguishing interruption in a major information condition at constant. To characterize the strange bundle stream, AI methodologies are used. Innocent Bayes does grouping by a vector of highlight esteems produced using some limited set. Choice Tree is another Machine Learning classifier which is likewise an administered learning model. Choice tree is the stream diagram like tree structure. J48 and Naïve Bayes Algorithm are actualized in Hadoop MapReduce Framework for parallel preparing by utilizing the KDDCup Data Corrected Benchmark dataset records. The outcome acquired is 89.9% True Positive rate and 0.04% False Positive rate for Naive Bayes Algorithm and 98.06% True Positive rate and 0.001% False Positive rate for Decision Tree Algorithm.

scholarly journals Deteksi Pemain Basket Terklasifikasi Berbasis Histogram of Oriented Gradients

Jurnal INFORM ◽  
2018 ◽  
Vol 3 (1) ◽  
pp. 6-11
Author(s):  
Nisa ul Hafidhoh ◽  
Septian Enggar Sukmana
Keyword(s):  
Support Vector Machine ◽  
False Positive ◽  
False Positive Rate ◽  
True Positive Rate ◽  
Support Vector ◽  
Histogram Of Oriented Gradients ◽  
True Positive ◽  
Positive Rate

Pada olahraga basket jaman modern ini, kebutuhan analisis pergerakan pemain pada calon tim lawan olahraga basket perlu didukung oleh teknologi informasi yang mampu mengupayakan sistem yang otomatis. Analisis pergerakan pemain yang otomatis perlu didukung oleh sistem deteksi pemain yang handal dan akurat sehingga pemetaan pergerakan dapat dilakukan secara optimal. Tujuan dari penelitian ini adalah untuk mengembangkan metode Histogram of Oriented Gradients (HOG) menjadi sebuah metode deteksi yang handal untuk kasus deteksi pemain basket pada media. Tantangan pada penelitian ini adalah deteksi pemain tidak hanya pada saat berjalan dan berlari namun juga pada saat melompat. Untuk memperkuat fokus dan konsistensi terhadap objek yang terdeteksi, pemanfaatan metode klasifikasi Support Vector Machine (SVM) digunakan melalui kolaborasi terhadap HOG descriptor serta warna kostum pemain sehingga pembeda tim dari masing-masing pemain juga dapat dikenali. Tingkat akurasi dari evaluasi yang dihasilkan adalah 92% untuk true positive rate dan 40% untuk false positive rate.

scholarly journals Combining biomarkers by maximizing the true positive rate for a fixed false positive rate

2021 ◽  
Author(s):  
Allison Meisner ◽  
Marco Carone ◽  
Margaret S. Pepe ◽  
Kathleen F. Kerr
Keyword(s):  
False Positive ◽  
False Positive Rate ◽  
True Positive Rate ◽  
True Positive ◽  
Positive Rate
Sign in / Sign up

Export Citation Format

Share Document