• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.7
• /
• pp.2736-2754
• /
• 2015

Android dominates the mobile operating system market, which stimulates the rapid spread of mobile malware. It is quite challenging to detect mobile malware. System call sequence analysis is widely used to identify malware. However, the malware detection accuracy of existing approaches is not satisfactory since they do not consider correlation of system calls in the sequence. In this paper, we propose a new scheme called Artificial Neural Networks (ANNs) on Co-occurrence Matrices Droid (ANNCMDroid), using co-occurrence matrices to mine correlation of system calls. Our key observation is that correlation of system calls is significantly different between malware and benign software, which can be accurately expressed by co-occurrence matrices, and ANNs can effectively identify anomaly in the co-occurrence matrices. Thus at first we calculate co-occurrence matrices from the system call sequences and then convert them into vectors. Finally, these vectors are fed into ANN to detect malware. We demonstrate the effectiveness of ANNCMDroid by real experiments. Experimental results show that only 4 applications among 594 evaluated benign applications are falsely detected as malware, and only 18 applications among 614 evaluated malicious applications are not detected. As a result, ANNCMDroid achieved an F-Score of 0.981878, which is much higher than other methods.

• Journal of Convergence for Information Technology
• /
• v.11 no.11
• /
• pp.137-142
• /
• 2021

Although the internet has gained many conveniences and benefits, it is causing economic and social damage to users due to intelligent malware. Most of the signature-based anti-virus programs are used to detect and defend this, but it is insufficient to prevent malware variants becoming more intelligent. Therefore, we proposes a model that detects and defends the intelligent malware that is pouring out in the paper. The proposed model learns by imaging the characteristics of malware based on deeplearning, and detects newly detected malware variants using the learned model. It was shown that the proposed model detects not only the existing malware but also most of the variants that transform the existing malware.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.24 no.4
• /
• pp.522-528
• /
• 2020

Rapidly spreading malware, such as ransomware, trojans and Internet worms, have become one of the new major threats of the Internet recently. In order to resist against their malicious behaviors, it is essential to comprehend how malware propagate and how main factors affect spreads of them. In this paper, we aim to develop a spread prediction tool based on the modeling of malware epidemics. So we surveyed the related studies, and described the system design and implementation. In addition, we experimented on the spread of malware with major factors of malware using the developed spread prediction tool. If you make good use of the proposed prediction tool, it is possible to predict the malware spread at major factors and explore under various responses from a macro perspective with only basic knowledge of the recently wormable malware.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.05a
• /
• pp.555-556
• /
• 2021

In this paper, we propose a malware family classification scheme using malware visualization and transfer learning. The malware can be easily reused or modified. However, traditional malware detection techniques are vulnerable to detecting variants of malware. Malware belonging to the same class are converted into images that are similar to each other. Therefore, the proposed method can classify malware with a deep learning model that has been verified in the field of image classification. As a result of an experiment using the VGG-16 model on the Malimg dataset, the classification accuracy was over 98%.

• International journal of advanced smart convergence
• /
• v.12 no.1
• /
• pp.59-63
• /
• 2023

We create a malware detector classification method with using the Sequential Probability Ratio Test (SPRT) in IoT. More specifically, we adapt the SPRT to classify malware detectors into two categories of basic and advanced in line with malware detection capability. We perform evaluation of our scheme through simulation. Our simulation results show that the number of advanced detectors is changed in line with threshold for fraction of advanced malware information, which is used to judge advanced detectors in the SPRT.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.8
• /
• pp.2964-2983
• /
• 2015

As the Android operating system has become a key target for malware authors, Android protection has become a thriving research area. Beside the proved importance of system permissions for malware analysis, there is a lot of overlapping in permissions between malware apps and goodware apps. The exploitation of them effectively in malware detection is still an open issue. In this paper, to investigate the feasibility of neuro-fuzzy techniques to Android protection based on system permissions, we introduce a self-adaptive neuro-fuzzy inference system to classify the Android apps into malware and goodware. According to the framework introduced, the most significant permissions that characterize optimally malware apps are identified using Information Gain Ratio method and encapsulated into patterns of features. The patterns of features data is used to train and test the system using stratified cross-validation methodologies. The experiments conducted conclude that the proposed classifier can be effective in Android protection. The results also underline that the neuro-fuzzy techniques are feasible to employ in the field.

• International journal of advanced smart convergence
• /
• v.10 no.3
• /
• pp.163-171
• /
• 2021

Recently, Machine Learning-based visualization approaches have been proposed to combat the problem of malware detection. Unfortunately, these techniques are exposed to Adversarial examples. Adversarial examples are noises which can deceive the deep learning based malware detection network such that the malware becomes unrecognizable. To address the shortcomings of these approaches, we present Block-matching and 3D filtering (BM3D) algorithm and deep image prior based denoising technique to defend against adversarial examples on visualization-based malware detection systems. The BM3D based denoising method eliminates most of the adversarial noise. After that the deep image prior based denoising removes the remaining subtle noise. Experimental results on the MS BIG malware dataset and benign samples show that the proposed denoising based defense recovers the performance of the adversarial attacked CNN model for malware detection to some extent.

• Journal of KIISE
• /
• v.42 no.5
• /
• pp.558-565
• /
• 2015

Recently, the number of new malware and malware variants has dramatically increased. As a result, the time for analyzing malware and the efforts of malware analyzers have also increased. Therefore, malware classification helps malware analyzers decrease the overhead of malware analysis, and the classification is useful in studying the malware's genealogy. In this paper, we proposed a set of key opcode to classify the malware. In our experiments, we selected the top 10-opcode as key opcode, and the key opcode decreased the training time of a Supervised learning algorithm by 91% with preserving classification accuracy.

• Journal of the Korea Society of Computer and Information
• /
• v.20 no.6
• /
• pp.37-42
• /
• 2015

In this paper, we propose malware database in mobile memory for realtime malware URL detection and we support realtime malware URL detection engine, that is control the web service for more secure mobile service. Recently, mobile malware is on the rise and to be new threat on mobile environment. In particular the mobile characteristics, the damage of malware is more important, because it leads to monetary damages for the user. There are many researches in cybercriminals prevention and malware detection, but it is still insufficient. Additionally we propose the method for prevention Smishing within SMS, MMS. In the near future, mobile venders must build the secure mobile environment with fundamental measures based on our research.

• International Journal of Computer Science & Network Security
• /
• v.23 no.7
• /
• pp.202-209
• /
• 2023

Android malware is now on the rise, because of the rising interest in the Android operating system. Machine learning models may be used to classify unknown Android malware utilizing characteristics gathered from the dynamic and static analysis of an Android applications. Anti-virus software simply searches for the signs of the virus instance in a specific programme to detect it while scanning. Anti-virus software that competes with it keeps these in large databases and examines each file for all existing virus and malware signatures. The proposed model aims to provide a machine learning method that depend on the malware detection method for Android inability to detect malware apps and improve phone users' security and privacy. This system tracks numerous permission-based characteristics and events collected from Android apps and analyses them using a classifier model to determine whether the program is good ware or malware. This method used the machine learning techniques KNN-SVM, DBN, and GRU in which help to find the accuracy which gives the different values like KNN gives 87.20 percents accuracy, SVM gives 91.40 accuracy, Naive Bayes gives 85.10 and DBN-GRU Gives 97.90. Furthermore, in this paper, we simply employ standard machine learning techniques; but, in future work, we will attempt to improve those machine learning algorithms in order to develop a better detection algorithm.