Malware Detection Based on Code Visualization and Two-Level Classification

Malware creators generate new malicious software samples by making minor changes in previously generated code, in order to reuse malicious code, as well as to go unnoticed from signature-based antivirus software. As a result, various families of variations of the same initial code exist today. Visualization of compiled executables for malware analysis has been proposed several years ago. Visualization can greatly assist malware classification and requires neither disassembly nor code execution. Moreover, new variations of known malware families are instantly detected, in contrast to traditional signature-based antivirus software. This paper addresses the problem of identifying variations of existing malware visualized as images. A new malware detection system based on a two-level Artificial Neural Network (ANN) is proposed. The classification is based on file and image features. The proposed system is tested on the ‘Malimg’ dataset consisting of the visual representation of well-known malware families. From this set some important image features are extracted. Based on these features, the ANN is trained. Then, this ANN is used to detect and classify other samples of the dataset. Malware families creating a confusion are classified by a second level of ANNs. The proposed two-level ANN method excels in simplicity, accuracy, and speed; it is easy to implement and fast to run, thus it can be applied to antivirus software, smart firewalls, web applications, etc.

Download Full-text

Macro Based Malware Detection System

Turkish Journal of Computer and Mathematics Education (TURCOMAT) ◽

10.17762/turcomat.v12i3.2254 ◽

2021 ◽

Vol 12 (3) ◽

pp. 5776-5787

Author(s):

Balal Sohail Et. al.

Keyword(s):

Detection System ◽

Malware Detection ◽

System Research ◽

Text File ◽

Technical Research ◽

Antivirus Software ◽

Development Cycle ◽

Executable File ◽

Tools And Techniques ◽

The Way

Macro based Malware has taken a great rise is these recent years, Attackers are now using this malware for hacking purposes. This virus is embedded inside the macro of a word document and can be used to infect the victim’s machine. These infected files are usually sent through emails and all antivirus software are unable to detect the virus due to the format of the file. Due to the format being a rich text file and not an executable file, the infected file is able to bypass all security. Hence it is necessary to develop a detection system for such attacks to help reduce the threat. Technical research is carried out to identify the tools and techniques essential in the completion of this system. Research on methodology is done to finalise which development cycle will be used and how functions will be carried out at each phase of the development cycle. This paper outlines the problems that people face once they are attacked through macro malwares and the way it can be mitigated. Lastly, all information necessary to start the implementation has been gathered and analysed

Download Full-text

Survey on Mobile Malware Analysis and Detection

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i2.32.15584 ◽

2018 ◽

Vol 7 (2.32) ◽

pp. 279 ◽

Cited By ~ 1

Author(s):

K Swetha ◽

K V.D.Kiran

Keyword(s):

Mobile Phones ◽

Malware Detection ◽

Detection Methods ◽

Classification Algorithms ◽

Malware Analysis ◽

Consistent System ◽

Malware Classification ◽

Mobile Malware

The amazing advances of mobile phones enable their wide utilize. Since mobiles are joined with pariah applications, bundles of security and insurance issues are incited. But, current mobile malware analysis and detection advances are as yet flawed, incapable, and incomprehensive. On account of particular qualities of mobiles such as constrained assets, user action and neighborhood correspondence ability, consistent system network, versatile malware detection faces new difficulties, particularly on remarkable runtime malware area. This paper provides overview on malware classification, methodologies of assessment, analysis and on and off device detection methods on android. The work mainly focuses on different classification algorithms which are used as a part of dynamic malware detection on android.

Download Full-text

Invesitigation of Malware and Forensic Tools on Internet

International Journal of Electrical and Computer Engineering (IJECE) ◽

10.11591/ijece.v8i5.pp3179-3186 ◽

2018 ◽

Vol 8 (5) ◽

pp. 3179 ◽

Cited By ~ 1

Author(s):

Tarun Kumar ◽

Sanjeev Sharma ◽

Ravi Dhaundiyal ◽

Parag Jain

Keyword(s):

Malware Detection ◽

Trojan Horse ◽

Malicious Code ◽

Malware Analysis ◽

The Real ◽

Analysis Tools ◽

Forensic Tools

<p>Malware is an application that is harmful to your forensic information. Basically, malware analyses is the process of analysing the behaviours of malicious code and then create signatures to detect and defend against it.Malware, such as Trojan horse, Worms and Spyware severely threatens the forensic security. This research observed that although malware and its variants may vary a lot from content signatures, they share some behaviour features at a higher level which are more precise in revealing the real intent of malware. This paper investigates the various techniques of malware behaviour extraction and analysis. In addition, we discuss the implications of malware analysis tools for malware detection based on various techniques.</p>

Download Full-text

Review on Malware and Malware Detection ‎Using Data Mining Techniques

Journal of University of Babylon for Pure and Applied Sciences ◽

10.29196/jub.v25i5.104 ◽

2017 ◽

Vol 25 (5) ◽

pp. 1585-1601

Author(s):

Wesam S Bhaya ◽

Mustafa A Ali

Keyword(s):

Data Mining ◽

Computer Security ◽

Computer System ◽

Private Information ◽

Detection System ◽

Denial Of Service ◽

Malware Detection ◽

Malicious Software ◽

Attack Data ◽

Using Data

Malicious software is any type of software or codes which hooks some: private information, data from the computer system, computer operations or(and) merely just to do malicious goals of the author on the computer system, without permission of the computer users. (The short abbreviation of malicious software is Malware). However, the detection of malware has become one of biggest issues in the computer security field because of the current communication infrastructures are vulnerable to penetration from many types of malware infection strategies and attacks. Moreover, malwares are variant and diverse in volume and types and that strictly explode the effectiveness of traditional defense methods like signature approach, which is unable to detect a new malware. However, this vulnerability will lead to a successful computer system penetration (and attack) as well as success of more advanced attacks like distributed denial of service (DDoS) attack. Data mining methods can be used to overcome limitation of signature-based techniques to detect the zero-day malware. This paper provides an overview of malware and malware detection system using modern techniques such as techniques of data mining approach to detect known and unknown malware samples.

Download Full-text

Use of Data Visualisation for Zero-Day Malware Detection

Security and Communication Networks ◽

10.1155/2018/1728303 ◽

2018 ◽

Vol 2018 ◽

pp. 1-13 ◽

Cited By ~ 18

Author(s):

Sitalakshmi Venkatraman ◽

Mamoun Alazab

Keyword(s):

Malware Analysis ◽

Data Visualisation ◽

Comprehensive Overview ◽

Malicious Software ◽

Analysis Techniques ◽

Data Intensive ◽

Malware Classification ◽

Use Of Data ◽

Effective Analysis ◽

Similarity Matrices

With the explosion of Internet of Things (IoT) worldwide, there is an increasing threat from malicious software (malware) attackers that calls for efficient monitoring of vulnerable systems. Large amounts of data collected from computer networks, servers, and mobile devices need to be analysed for malware proliferation. Effective analysis methods are needed to match with the scale and complexity of such a data-intensive environment. In today’s Big Data contexts, visualisation techniques can support malware analysts going through the time-consuming process of analysing suspicious activities thoroughly. This paper takes a step further in contributing to the evolving realm of visualisation techniques used in the information security field. The aim of the paper is twofold: (1) to provide a comprehensive overview of the existing visualisation techniques for detecting suspicious behaviour of systems and (2) to design a novel visualisation using similarity matrix method for establishing malware classification accurately. The prime motivation of our proposal is to identify obfuscated malware using visualisation of the extended x86 IA-32 (opcode) similarity patterns, which are hard to detect with the existing approaches. Our approach uses hybrid models wherein static and dynamic malware analysis techniques are combined effectively along with visualisation of similarity matrices in order to detect and classify zero-day malware efficiently. Overall, the high accuracy of classification achieved with our proposed method can be visually observed since different malware families exhibit significantly dissimilar behaviour patterns.

Download Full-text

Overview of static methods of analysis malicious software

Computer Science and Cybersecurity ◽

10.26565/2519-2310-2020-2-02 ◽

2020 ◽

Keyword(s):

Static Analysis ◽

Large Data ◽

Malicious Code ◽

Machine Learning Algorithms ◽

Data Sets ◽

Malware Analysis ◽

Universal Method ◽

Malicious Software ◽

Promising Area ◽

Almost All

In today's world, the problem of losses from the actions of malicious software (or ordinary software, which has the characteristics of undeclared functions) continues to be extremely relevant. Therefore, the creation and modification of anti-virus solutions for protection and analysis of malware (software) is a relevant and promising area of research. This is due to the lack of a single, universal method that provides 100% finding malicious code. The paper considers the composition and main components of static analysis. The main methods of static analysis is identified, and relevant examples of almost all of them are given. Got concluded that the main advantages of static analysis are that by using a relatively simple set of commands and tools, it is possible to perform malware analysis and partially understand how it works. Attention is drawn to the fact that static analysis does not give 100% certainty that the investigated software is malicious. With this in mind, to provide a more meaningful analysis, you need to collect as much data as possible about the structure of the file, its possible functions, etc. Analysis of files for the possible presence of malicious code is provided through the use of appropriate programs to view their structure and composition. A more informative way is to analyze the Portable Executable format. It consists of the analysis of various sections of the code of fields and resources. Since static analysis does not always provide the required level of guarantees, it is better to use machine learning algorithms at the stage of making the final classification decision (malicious or not). This approach will make it possible to process large data sets with greater accuracy in determining the nature of the software is analyzed. The main purpose of this work is to analyze the existing methods of static malware analysis, and review the features of their further development.

Download Full-text

Malware Analysis

International Journal of Advanced Research in Computer Science and Software Engineering ◽

10.23956/ijarcsse.v7i12.507 ◽

2018 ◽

Vol 7 (12) ◽

pp. 27

Author(s):

Ujaliben Kalpesh Bavishi ◽

Bhavesh Madanlal Jain

Keyword(s):

Sensitive Information ◽

Malware Analysis ◽

Malicious Software ◽

Antivirus Software ◽

Major Threat ◽

Contact Information ◽

Frequent Use ◽

Effective Manner ◽

Restricted Environment ◽

Large Systems

Malware, also known as malicious software affects the user’s computer system or mobile devices by exploiting the system’s vulnerabilities. It is a major threat to the security of the computer systems. Some of the types of malwares that are most commonly used are viruses, trojans, worms, etc. Nowadays, there is a widespread use of malware which allows malware author to get sensitive information like bank details, contact information which is a serious threat in the world. Most of the malwares are spread through internet because of its frequent use which can destroy large systems piercing through network. Hence, in this paper, we focus on analyzing malware using different tools which can analyze the malware in a restricted environment. Since many malware authors uses self-modifying code and obfuscation, it is very difficult for the traditional antivirus software to detect the malware which identifies that it is under scan and it can change its execution sequence. So, in order to address the shortcomings of the traditional antivirus software, we will be discussing some of the analysis tools which runs analysis on the malware in an effective manner and helps us to analyze the malware which can help us to protect our system’s information.

Download Full-text

Detecting malicious software using machine learning

Issues of radio electronics ◽

10.21778/2218-5453-2019-11-42-45 ◽

2019 ◽

pp. 42-45

Author(s):

A. V. Chevychelov ◽

A. V. Burmistrov ◽

K. Yu. Voyshhev

Keyword(s):

Machine Learning ◽

Random Forest ◽

Decision Tree ◽

Learning Algorithms ◽

Malware Detection ◽

Malicious Code ◽

Machine Learning Algorithms ◽

Fisher Criterion ◽

Malicious Software ◽

Informative Parameters

Today, most malware detection tools (Trojans): trojans, spyware, adware, worms, viruses, and ransomware are based on a signature approach that is ineffective for detecting polymorphs and malware whose signatures have not been recorded in antivirus database. This article explores methods for detecting opcodes in malware using machine learning algorithms. The study is carried on a Microsoft dataset containing 21653 examples of malicious code. The 20 most informative parameters based on the Fisher criterion are distinguished, methods for selecting parameters and various classifiers (logistic decision tree, random forest, naive Bayesian classifier, random tree) are compared, as a result of which an accuracy close to 100% is achieved.

Download Full-text

A Research on Different Types of Malware and Detection Techniques

International Journal of Recent Technology and Engineering - 2 ◽

10.35940/ijrte.b1155.0882s819 ◽

2019 ◽

Vol 8 (2S8) ◽

pp. 1792-1797

Keyword(s):

Specific Problem ◽

Detection System ◽

Malware Detection ◽

Behavior Model ◽

Malware Analysis ◽

Research Gaps ◽

Detection Techniques ◽

Different Types

Malware has become a serious threat. Malware analysis is one of the challenging domain. The increase in the malware exploitation has made the detailed study of the malware, understand the different types of malware and its behavior model and analyze the existing detection system with their short comes to identify the research gaps [8] to solve the specific problem. So in this paper, we have presented the different malware taxonomy and different malware detection techniques with its features and also presented the malware model and the research gaps in the malware analysis domain.

Download Full-text

An Enhanced and Automatic Skin Cancer Detection using K-Mean and PSO Technique

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.i1101.0789s19 ◽

2019 ◽

Vol 8 (9S) ◽

pp. 634-639

Keyword(s):

Skin Cancer ◽

Cancer Detection ◽

Detection System ◽

Cell Cancer ◽

Image Features ◽

Detection Accuracy ◽

Basal Cell Cancer ◽

And Performance ◽

Artificial Neural Network Ann ◽

Skin Cancer Detection

Scientists have been trying to implement traditional methods around the world, particularly in developing countries, to reduce the death rate of skin cancer in humans. The scientific term is named as melanoma. But this effort always working hard as the system is costly, the low availability of experts and the conventional telemedicine. There are three types of skin cancer: basal cell cancer (BCC), squamous cell cancer, and melanoma. More than 90% of human is affected by ultraviolet (UV) radiation exposed to the sun. In this research, a skin cancer detection system (BCC) is designed in MATLAB. The images going to different processes such as Pre processing, feature extraction and classification. In pre-processing K-mean clustering is applied to determine the foreground and background of an image, since some part of background appear in the image after K-mean. Therefore, to resolve this problem Particle Swarm optimization (PSO) is applied. The segmented image features are extracted using Speed Up Robust Features (SURF), this helps to enhance the quality of the image. The Artificial neural network (ANN) is trained on the basis of these extracted features. To determine the efficiency of the system, the images are tested and performance parameters are measured. The detection accuracy determined by this model is about 98.7 5 is obtained.

Download Full-text