Malware Detection using Deep Learning Methods

Rapid development of the internet leads the malware to become one of the most significant threads nowadays. Malware, is any kind of program or file which would adversely affect the computer users in a harmful way. Malware exist in different forms which includes worms, viruses in computer, Trojan horses, etc. These malicious contents can degrade the overall performance of the system. It includes activities like stealing, encrypting or deleting sensitive data, etc. without the consent of the user. Malware detection is a milestone in the field of computer security. For detecting malware many methods have been evolved. Researchers are mainly concentrated in malware identification methods based on machine learning. Malware can be detected in two ways. They are static approach and dynamic approach. This paper mainly deals with the current challenges faced by malware detection methods and also explores a categorized new method in machine learning. The methods discussed here are combined static and dynamic approach, random forest, Bayes classification. This work will help in cyber security area and also which will help the researchers to do efficient researches.

Download Full-text

FEATURE SELECTION AND MACHINE LEARNING CLASSIFICATION FOR MALWARE DETECTION

Jurnal Teknologi ◽

10.11113/jt.v77.3558 ◽

2015 ◽

Vol 77 (1) ◽

Cited By ~ 13

Author(s):

Ban Mohammed Khammas ◽

Alireza Monemi ◽

Joseph Stephen Bassi ◽

Ismahani Ismail ◽

Sulaiman Mohd Nor ◽

...

Keyword(s):

Machine Learning ◽

Feature Selection ◽

Computer Security ◽

Malware Detection ◽

Principal Component ◽

Machine Learning Techniques ◽

Detection Methods ◽

Support Vector ◽

Machine Learning Classification ◽

Minimum Number

Malware is a computer security problem that can morph to evade traditional detection methods based on known signature matching. Since new malware variants contain patterns that are similar to those in observed malware, machine learning techniques can be used to identify new malware. This work presents a comparative study of several feature selection methods with four different machine learning classifiers in the context of static malware detection based on n-grams analysis. The result shows that the use of Principal Component Analysis (PCA) feature selection and Support Vector Machines (SVM) classification gives the best classification accuracy using a minimum number of features.

Download Full-text

Dynamic detection of mobile malware using smartphone data and machine learning

Digital Threats: Research and Practice ◽

10.1145/3484246 ◽

2021 ◽

Author(s):

Sebastian Panman de Wit ◽

Doina Bucur ◽

Jeroen van der Ham

Keyword(s):

Machine Learning ◽

Malware Detection ◽

Real Life ◽

Detection Methods ◽

Nearest Neighbour ◽

Dynamic Features ◽

Machine Learning Classifiers ◽

Cpu Usage ◽

Mobile Malware ◽

Mobile Malware Detection

Mobile malware are malicious programs that target mobile devices. They are an increasing problem, as seen in the rise of detected mobile malware samples per year. The number of active smartphone users is expected to grow, stressing the importance of research on the detection of mobile malware. Detection methods for mobile malware exist but are still limited. In this paper, we propose dynamic malware-detection methods that use device information such as the CPU usage, battery usage, and memory usage for the detection of 10 subtypes of Mobile Trojans on the Android Operating System (OS). We use a real-life sensor dataset containing device and malware data from 47 users for a year (2016) to create multiple mobile malware detection methods. We examine which features, i.e. aspects, of a device, are most important to monitor to detect (subtypes of) Mobile Trojans. The focus of this paper is on dynamic hardware features. Using these dynamic features we apply the following machine learning classifiers: Random Forest, K-Nearest Neighbour, and AdaBoost.

Download Full-text

Government's Dynamic Approach to Addressing Challenges of Cybersecurity in South Africa

Cyber Law, Privacy, and Security ◽

10.4018/978-1-5225-8897-9.ch008 ◽

2019 ◽

pp. 139-156

Author(s):

Thokozani Ian Nzimakwe

Keyword(s):

Cyber Security ◽

Modern Society ◽

Daily Basis ◽

Cyber Crime ◽

Security Strategy ◽

Dynamic Approach ◽

Sensitive Data ◽

Unique Challenge ◽

The Public ◽

Cyber Space

Cybersecurity is the practice of making the networks that constitute cyber space secure against intrusions. The aim is to maintain the confidentiality, the availability and integrity of information, by detecting interferences. Traditionally, cybersecurity has focused on preventing intrusions and monitoring ports. The evolving threat landscape, however, calls for a more dynamic approach. It is increasingly clear that total cybersecurity is impossible, unless government develops a cyber-security strategy. The aim of this chapter is to discuss government's dynamic approach to addressing challenges of cybersecurity. The chapter looks at the co-ordination of cyber-security activities so as to have a coordinated approach to cyber-crime. This chapter also highlights the idea of protecting sensitive data for the public good. It is generally accepted that technology has become indispensable in modern society. Government's cybersecurity presents a unique challenge simply because of the volume of threats that agencies working for government face on a daily basis.

Download Full-text

Intelligent Malware Detection Using Deep Dilated Residual Networks for Cyber Security

Research Anthology on Artificial Intelligence Applications in Security ◽

10.4018/978-1-7998-7705-9.ch050 ◽

2021 ◽

pp. 1085-1099

Author(s):

S. Abijah Roseline ◽

S. Geetha

Keyword(s):

Machine Learning ◽

Cyber Security ◽

Machine Learning Algorithms ◽

Human Interaction ◽

Machine Learning Techniques ◽

Detection Methods ◽

Security Threat ◽

Signature Detection ◽

Learning Techniques ◽

Feature Based

Malware is the most serious security threat, which possibly targets billions of devices like personal computers, smartphones, etc. across the world. Malware classification and detection is a challenging task due to the targeted, zero-day, and stealthy nature of advanced and new malwares. The traditional signature detection methods like antivirus software were effective for detecting known malwares. At present, there are various solutions for detection of such unknown malwares employing feature-based machine learning algorithms. Machine learning techniques detect known malwares effectively but are not optimal and show a low accuracy rate for unknown malwares. This chapter explores a novel deep learning model called deep dilated residual network model for malware image classification. The proposed model showed a higher accuracy of 98.50% and 99.14% on Kaggle Malimg and BIG 2015 datasets, respectively. The new malwares can be handled in real-time with minimal human interaction using the proposed deep residual model.

Download Full-text

An API Semantics-Aware Malware Detection Method Based on Deep Learning

Security and Communication Networks ◽

10.1155/2019/1315047 ◽

2019 ◽

Vol 2019 ◽

pp. 1-9 ◽

Cited By ~ 1

Author(s):

Xin Ma ◽

Shize Guo ◽

Wei Bai ◽

Jun Chen ◽

Shiming Xia ◽

...

Keyword(s):

Machine Learning ◽

Detection Method ◽

Malware Detection ◽

Poor Performance ◽

Detection Methods ◽

Interference Detection ◽

Machine Learning Method ◽

Accuracy Rate ◽

Malware Classification ◽

Self Protection

The explosive growth of malware variants poses a continuously and deeply evolving challenge to information security. Traditional malware detection methods require a lot of manpower. However, machine learning has played an important role on malware classification and detection, and it is easily spoofed by malware disguising to be benign software by employing self-protection techniques, which leads to poor performance for existing techniques based on the machine learning method. In this paper, we analyze the local maliciousness about malware and implement an anti-interference detection framework based on API fragments, which uses the LSTM model to classify API fragments and employs ensemble learning to determine the final result of the entire API sequence. We present our experimental results on Ali-Tianchi contest API databases. By comparing with the experiments of some common methods, it is proved that our method based on local maliciousness has better performance, which is a higher accuracy rate of 0.9734.

Download Full-text

TFDroid: Android Malware Detection by Topics and Sensitive Data Flows Using Machine Learning Techniques

2019 IEEE 2nd International Conference on Information and Computer Technologies (ICICT) ◽

10.1109/infoct.2019.8711179 ◽

2019 ◽

Author(s):

Songhao Lou ◽

Shaoyin Cheng ◽

Jingjing Huang ◽

Fan Jiang

Keyword(s):

Machine Learning ◽

Malware Detection ◽

Machine Learning Techniques ◽

Sensitive Data ◽

Android Malware ◽

Android Malware Detection ◽

Learning Techniques ◽

Data Flows

Download Full-text

MALGRA: Machine Learning and N-Gram Malware Feature Extraction and Detection System

Electronics ◽

10.3390/electronics9111777 ◽

2020 ◽

Vol 9 (11) ◽

pp. 1777

Author(s):

Muhammad Ali ◽

Stavros Shiaeles ◽

Gueltoum Bendiab ◽

Bogdan Ghita

Keyword(s):

Machine Learning ◽

Learning Algorithm ◽

Detection System ◽

Malware Detection ◽

Machine Learning Algorithms ◽

Supervised Machine Learning ◽

Detection Methods ◽

Normal Operation ◽

Analysis Technique ◽

N Gram

Detection and mitigation of modern malware are critical for the normal operation of an organisation. Traditional defence mechanisms are becoming increasingly ineffective due to the techniques used by attackers such as code obfuscation, metamorphism, and polymorphism, which strengthen the resilience of malware. In this context, the development of adaptive, more effective malware detection methods has been identified as an urgent requirement for protecting the IT infrastructure against such threats, and for ensuring security. In this paper, we investigate an alternative method for malware detection that is based on N-grams and machine learning. We use a dynamic analysis technique to extract an Indicator of Compromise (IOC) for malicious files, which are represented using N-grams. The paper also proposes TF-IDF as a novel alternative used to identify the most significant N-grams features for training a machine learning algorithm. Finally, the paper evaluates the proposed technique using various supervised machine-learning algorithms. The results show that Logistic Regression, with a score of 98.4%, provides the best classification accuracy when compared to the other classifiers used.

Download Full-text

Toward Developing Efficient Conv-AE-Based Intrusion Detection System Using Heterogeneous Dataset

Electronics ◽

10.3390/electronics9111771 ◽

2020 ◽

Vol 9 (11) ◽

pp. 1771

Author(s):

Muhammad Ashfaq Khan ◽

Juntae Kim

Keyword(s):

Machine Learning ◽

Intrusion Detection ◽

Performance Metrics ◽

Detection System ◽

Rapid Development ◽

Research Problem ◽

Vital Role ◽

Attack Detection ◽

Detection Methods ◽

Malicious Attacks

Recently, due to the rapid development and remarkable result of deep learning (DL) and machine learning (ML) approaches in various domains for several long-standing artificial intelligence (AI) tasks, there has an extreme interest in applying toward network security too. Nowadays, in the information communication technology (ICT) era, the intrusion detection (ID) system has the great potential to be the frontier of security against cyberattacks and plays a vital role in achieving network infrastructure and resources. Conventional ID systems are not strong enough to detect advanced malicious threats. Heterogeneity is one of the important features of big data. Thus, designing an efficient ID system using a heterogeneous dataset is a massive research problem. There are several ID datasets openly existing for more research by the cybersecurity researcher community. However, no existing research has shown a detailed performance evaluation of several ML methods on various publicly available ID datasets. Due to the dynamic nature of malicious attacks with continuously changing attack detection methods, ID datasets are available publicly and are updated systematically. In this research, spark MLlib (machine learning library)-based robust classical ML classifiers for anomaly detection and state of the art DL, such as the convolutional-auto encoder (Conv-AE) for misuse attack, is used to develop an efficient and intelligent ID system to detect and classify unpredictable malicious attacks. To measure the effectiveness of our proposed ID system, we have used several important performance metrics, such as FAR, DR, and accuracy, while experiments are conducted on the publicly existing dataset, specifically the contemporary heterogeneous CSE-CIC-IDS2018 dataset.

Download Full-text

Towards Accurate Run-Time Hardware-Assisted Stealthy Malware Detection: A Lightweight, Yet Effective Time Series CNN-Based Approach

Cryptography ◽

10.3390/cryptography5040028 ◽

2021 ◽

Vol 5 (4) ◽

pp. 28

Author(s):

Hossein Sayadi ◽

Yifeng Gao ◽

Hosein Mohammadi Makrani ◽

Jessica Lin ◽

Paulo Cesar Costa ◽

...

Keyword(s):

Machine Learning ◽

Time Series ◽

Time Series Data ◽

State Of The Art ◽

Malware Detection ◽

Detection Performance ◽

Malicious Code ◽

Detection Methods ◽

Series Data ◽

Run Time

According to recent security analysis reports, malicious software (a.k.a. malware) is rising at an alarming rate in numbers, complexity, and harmful purposes to compromise the security of modern computer systems. Recently, malware detection based on low-level hardware features (e.g., Hardware Performance Counters (HPCs) information) has emerged as an effective alternative solution to address the complexity and performance overheads of traditional software-based detection methods. Hardware-assisted Malware Detection (HMD) techniques depend on standard Machine Learning (ML) classifiers to detect signatures of malicious applications by monitoring built-in HPC registers during execution at run-time. Prior HMD methods though effective have limited their study on detecting malicious applications that are spawned as a separate thread during application execution, hence detecting stealthy malware patterns at run-time remains a critical challenge. Stealthy malware refers to harmful cyber attacks in which malicious code is hidden within benign applications and remains undetected by traditional malware detection approaches. In this paper, we first present a comprehensive review of recent advances in hardware-assisted malware detection studies that have used standard ML techniques to detect the malware signatures. Next, to address the challenge of stealthy malware detection at the processor’s hardware level, we propose StealthMiner, a novel specialized time series machine learning-based approach to accurately detect stealthy malware trace at run-time using branch instructions, the most prominent HPC feature. StealthMiner is based on a lightweight time series Fully Convolutional Neural Network (FCN) model that automatically identifies potentially contaminated samples in HPC-based time series data and utilizes them to accurately recognize the trace of stealthy malware. Our analysis demonstrates that using state-of-the-art ML-based malware detection methods is not effective in detecting stealthy malware samples since the captured HPC data not only represents malware but also carries benign applications’ microarchitectural data. The experimental results demonstrate that with the aid of our novel intelligent approach, stealthy malware can be detected at run-time with 94% detection performance on average with only one HPC feature, outperforming the detection performance of state-of-the-art HMD and general time series classification methods by up to 42% and 36%, respectively.

Download Full-text