A Dynamic Malware Detection Approach by Mining the Frequency of API Calls

2014 ◽  
Vol 519-520 ◽  
pp. 309-312 ◽  
Author(s):  
Jin Rong Bai ◽  
Zhen Zhou An ◽  
Guo Zhong Zou ◽  
Shi Guang Mu
Keyword(s):  
Detection Rate ◽  
Detection Method ◽  
Malware Detection ◽  
Experimental Results ◽  
Detection Approach ◽  
Dynamic Detection

Dynamic detection method based on software behavior is an efficient and effective way for anti-virus technology. Malware and benign executable differ mainly in the implementation of some special behavior to propagation and destruction. A program's execution flow is essentially equivalent to the stream of API calls. Analyzing the API calls frequency from six kinds of behaviors in the same time has the very well differentiate between malicious and benign executables. This paper proposed a dynamic malware detection approach by mining the frequency of sensitive native API calls and described experiments conducted against recent Win32 malware. Experimental results indicate that the detection rate of proposed method is 98% and the value of the AUC is 0.981. Furthermore, proposed method can identify known and unknown malware.

Windows Malware Detection Method Based on the Path IRP

2014 ◽  
Vol 687-691 ◽  
pp. 2626-2629
Author(s):  
Fu Yong Zhang
Keyword(s):  
Operating System ◽  
Positive Selection ◽  
Negative Selection ◽  
Detection Rate ◽  
Detection Method ◽  
Malware Detection ◽  
Experimental Results ◽  
Selection Algorithm ◽  
Negative Selection Algorithm ◽  
Request Sequence

Because the IRP (I/O Request Packets) sequences of programs are not identical in different environments in the same operating system, which have a certain influence on the detection results. Through a lot of experiments, we found that the IRP request sequences of programs on the same operation path are consistent. Therefore, the new malware detection method based on the path IRP sequences is proposed. Every single IRP request sequence on the same operation path is extracted, Negative Selection Algorithm (NSA) and Positive Selection Algorithm (PSA) are used for detection. Experimental results reveal that our method outperforms the method which based on IRP sequences in detection rate.

scholarly journals Android Malware Detection Based on API Pairing

2020 ◽  
Vol 38 (5) ◽  
pp. 965-970
Author(s):  
Jun Guan ◽  
Huiying Liu ◽  
Baolei Mao ◽  
Xu Jiang
Keyword(s):  
Detection Method ◽  
Undirected Graph ◽  
Malware Detection ◽  
Experimental Results ◽  
Application Program Interface ◽  
Coarse Grained ◽  
Practical Significance ◽  
Android Malware ◽  
Android Malware Detection ◽  
Program Interface

Aiming at the problem that the permission-based detection is too coarse-grained, a malware detection method based on sensitive application program interface(API) pairing is proposed. The method decompiles the application to extract the sensitive APIs corresponding to the dangerous permissions, and uses the pairing of the sensitive APIs to construct the undirected graph of malicious applications and undirected graph of benign applications. According to the importance of sensitive APIs in malware and benign applications, different weights on the same edge in the different graphs are assigned to detect Android malicious applications. Experimental results show that the proposed method can effectively detect Android malicious applications and has practical significance.

A Novel Edge Detection Approach Based on Soft Morphological Operations

2012 ◽  
Vol 220-223 ◽  
pp. 2828-2832
Author(s):  
Bo Chen ◽  
Meng Jia
Keyword(s):  
Edge Detection ◽  
Edge Effect ◽  
Detection Method ◽  
Experimental Results ◽  
Morphological Operations ◽  
The Novel ◽  
Target Segmentation ◽  
Detection Approach ◽  
Edge Detection Method ◽  
Image Details

Edge detection and target segmentation is difficult due to noise existing in an image. A novel edge detection method is proposed based on soft morphological operations in this paper. Because soft morphological operations can remove noise while preserving image details, which can be used to construct morphological edge detection operators with high robustness and better edge effect. Experimental results show that, comparing with the existing edge detection operators, the novel edge detection method can get better edge effect while removing pseudo edges.

scholarly journals An Automatic Face Detection System for RGB Images

2011 ◽  
Vol 6 (1) ◽  
pp. 21 ◽  
Author(s):  
Tudor Barbu
Keyword(s):  
Face Detection ◽  
Detection Rate ◽  
Detection Method ◽  
Detection System ◽  
Color Images ◽  
Human Face ◽  
Skin Region ◽  
Detection Approach ◽  
Rgb Images ◽  
Digital Color Images

We propose a robust face detection approach that works for digital color images. Our automatic detection method is based on image skin regions, therefore a skin-based segmentation of RGB images is provided first. Then, we decide for each skin region if it represents a human face or not, using a set of candidate criteria, an edge detection process, a correlation based technique and a threshold-based method. A high face detection rate is obtained using the proposed method.

scholarly journals A Detection Approach for Vulnerability Exploiter Based on the Features of the Exploiter

2021 ◽  
Vol 2021 ◽  
pp. 1-14
Author(s):  
Jinchang Hu ◽  
Jinfu Chen ◽  
Sher Ali ◽  
Bo Liu ◽  
Jingyi Chen ◽  
...  
Keyword(s):  
Computer Security ◽  
Detection Method ◽  
Control Flow ◽  
Experimental Results ◽  
Control Flow Graph ◽  
System Software ◽  
Flow Graph ◽  
Software Vulnerabilities ◽  
Detection Approach ◽  
Control Flow Integrity

With the wide application of software system, software vulnerability has become a major risk in computer security. The on-time detection and proper repair for possible software vulnerabilities are of great importance in maintaining system security and decreasing system crashes. The Control Flow Integrity (CFI) can be used to detect the exploit by some researchers. In this paper, we propose an improved Control Flow Graph with Jump (JCFG) based on CFI and develop a novel Vulnerability Exploit Detection Method based on JCFG (JCFG-VEDM). The detection method of the exploit program is realized based on the analysis results of the exploit program. Then the JCFG is addressed through combining the features of the exploit program and the jump instruction. Finally, we implement JCFG-VEDM and conduct the experiments to verify the effectiveness of the proposed method. The experimental results show that the proposed detection method (JCFG-VEDM) is feasible and effective.

scholarly journals HTTP-Based APT Malware Infection Detection Using URL Correlation Analysis

2021 ◽  
Vol 2021 ◽  
pp. 1-12
Author(s):  
Wei-Na Niu ◽  
Jiao Xie ◽  
Xiao-Song Zhang ◽  
Chong Wang ◽  
Xin-Qiang Li ◽  
...  
Keyword(s):  
Machine Learning ◽  
Correlation Analysis ◽  
Detection Method ◽  
Recall Rate ◽  
Experimental Results ◽  
Innovative Approach ◽  
Statistical Features ◽  
Detection Approach ◽  
Traffic Detection ◽  
The Web

APT malware exploits HTTP to establish communication with a C & C server to hide their malicious activities. Thus, HTTP-based APT malware infection can be discovered by analyzing HTTP traffic. Recent methods have been dependent on the extraction of statistical features from HTTP traffic, which is suitable for machine learning. However, the features they extract from the limited HTTP-based APT malware traffic dataset are too simple to detect APT malware with strong randomness insufficiently. In this paper, we propose an innovative approach which could uncover APT malware traffic related to data exfiltration and other suspect APT activities by analyzing the header fields of HTTP traffic. We use the Referer field in the HTTP header to construct a web request graph. Then, we optimize the web request graph by combining URL similarity and redirect reconstruction. We also use a normal uncorrelated request filter to filter the remaining unrelated legitimate requests. We have evaluated the proposed method using 1.48 GB normal HTTP flow from clickminer and 280 MB APT malware HTTP flow from Stratosphere Lab, Contagiodump, and pcapanalysis. The experimental results have shown that the URL-correlation-based APT malware traffic detection method can correctly detect 96.08% APT malware traffic, and its recall rate is 98.87%. We have also conducted experiments to compare our approach against Jiang’s method, MalHunter, and BotDet, and the experimental results have confirmed that our detection approach has a better performance, the accuracy of which reached 96.08% and the F1 value increased by more than 5%.

scholarly journals Malicious Powershell Detection Using Graph Convolution Network

2021 ◽  
Vol 11 (14) ◽  
pp. 6429
Author(s):  
Sunoh Choi
Keyword(s):  
Artificial Intelligence ◽  
Adjacency Matrix ◽  
Rapid Growth ◽  
Detection Rate ◽  
Detection Method ◽  
Malware Detection ◽  
Detection Methods ◽  
Jaccard Similarity ◽  
Malicious Behaviors

The internet’s rapid growth has resulted in an increase in the number of malicious files. Recently, powershell scripts and Windows portable executable (PE) files have been used in malicious behaviors. To solve these problems, artificial intelligence (AI) based malware detection methods have been widely studied. Among AI techniques, the graph convolution network (GCN) was recently introduced. Here, we propose a malicious powershell detection method using a GCN. To use the GCN, we needed an adjacency matrix. Therefore, we proposed an adjacency matrix generation method using the Jaccard similarity. In addition, we show that the malicious powershell detection rate is increased by approximately 8.2% using GCN.

A Fault Detection Approach Based on Sound Signal Analysis for Equipment Monitoring

2020 ◽  
pp. 129-139
Author(s):  
Weihai Sun ◽  
Lemei Han
Keyword(s):  
Fault Detection ◽  
Signal Analysis ◽  
Energy Analysis ◽  
Detection Method ◽  
Sound Signal ◽  
Practical Significance ◽  
Time Frequency ◽  
Detection Approach ◽  
Machine Fault ◽  
Learning Data

Machine fault detection has great practical significance. Compared with the detection method that requires external sensors, the detection of machine fault by sound signal does not need to destroy its structure. The current popular audio-based fault detection often needs a lot of learning data and complex learning process, and needs the support of known fault database. The fault detection method based on audio proposed in this paper only needs to ensure that the machine works normally in the first second. Through the correlation coefficient calculation, energy analysis, EMD and other methods to carry out time-frequency analysis of the subsequent collected sound signals, we can detect whether the machine has fault.

scholarly journals The Optimization Analysis for the Original and Manipulation Identification of Illegally Filmed Images

2021 ◽  
Vol 11 (11) ◽  
pp. 5220
Author(s):  
Soohyeon Choi ◽  
Dohoon Kim
Keyword(s):  
Social Media ◽  
Mobile Device ◽  
Detection Rate ◽  
Precise Measurement ◽  
Detection Method ◽  
Optimization Analysis ◽  
Storage Devices ◽  
Digital Forensic ◽  
Attribute Information ◽  
Measurement Approach

Illegally filmed images, the sharing of non-consensually filmed images over social media, and the secret recording and distribution of celebrity images are increasing. To catch distributors of illegally filmed images, many investigation techniques based on an analysis of the file attribute information of the original images have been introduced. As forensic science advances, various types of anti-forensic technologies are being produced, requiring investigators to open and analyze all videos from the suspect’s storage devices, raising the question of the invasion of privacy during the investigation. The suspect can even file a lawsuit, which makes issuing a warrant and conducting an investigation difficult. Thus, it is necessary to detect the original and manipulated images without needing to directly go through multiple videos. We propose an optimization analysis and detection method for extracting original and manipulated images from seized devices of suspects. In addition, to increase the detection rate of both original and manipulated images, we suggest a precise measurement approach for comparative thresholds. Thus, the proposed method is a new digital forensic methodology for comparing and identifying original and manipulated images accurately without the need for opening videos individually in a suspect’s mobile device.

Sign in / Sign up

Export Citation Format

Share Document