• Title/Summary/Keyword: Malware detection

Search Result 308, Processing Time 0.019 seconds

SPRT-based Collaboration Construction for Malware Detection in IoT

  • Jun-Won Ho
    • International journal of advanced smart convergence
    • /
    • v.12 no.1
    • /
    • pp.64-69
    • /
    • 2023
  • We devise a collaboration construction method based on the SPRT (Sequential Probability Ratio Test) for malware detection in IoT. In our method, high-end IoT nodes having capable of detecting malware and generating malware signatures harness the SPRT to give a reward of malware signatures to low-end IoT nodes providing useful data for malware detection in IoT. We evaluate our proposed method through simulation. Our simulation results indicate that the number of malware signatures provided for collaboration is varied in accordance with the threshold for fraction of useful data.

BM3D and Deep Image Prior based Denoising for the Defense against Adversarial Attacks on Malware Detection Networks

  • Sandra, Kumi;Lee, Suk-Ho
    • International journal of advanced smart convergence
    • /
    • v.10 no.3
    • /
    • pp.163-171
    • /
    • 2021
  • Recently, Machine Learning-based visualization approaches have been proposed to combat the problem of malware detection. Unfortunately, these techniques are exposed to Adversarial examples. Adversarial examples are noises which can deceive the deep learning based malware detection network such that the malware becomes unrecognizable. To address the shortcomings of these approaches, we present Block-matching and 3D filtering (BM3D) algorithm and deep image prior based denoising technique to defend against adversarial examples on visualization-based malware detection systems. The BM3D based denoising method eliminates most of the adversarial noise. After that the deep image prior based denoising removes the remaining subtle noise. Experimental results on the MS BIG malware dataset and benign samples show that the proposed denoising based defense recovers the performance of the adversarial attacked CNN model for malware detection to some extent.

A Secure Encryption-Based Malware Detection System

  • Lin, Zhaowen;Xiao, Fei;Sun, Yi;Ma, Yan;Xing, Cong-Cong;Huang, Jun
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.12 no.4
    • /
    • pp.1799-1818
    • /
    • 2018
  • Malware detections continue to be a challenging task as attackers may be aware of the rules used in malware detection mechanisms and constantly generate new breeds of malware to evade the current malware detection mechanisms. Consequently, novel and innovated malware detection techniques need to be investigated to deal with this circumstance. In this paper, we propose a new secure malware detection system in which API call fragments are used to recognize potential malware instances, and these API call fragments together with the homomorphic encryption technique are used to construct a privacy-preserving Naive Bayes classifier (PP-NBC). Experimental results demonstrate that the proposed PP-NBC can successfully classify instances of malware with a hit-rate as high as 94.93%.

Intelligent Android Malware Detection Using Radial Basis Function Networks and Permission Features

  • Abdulrahman, Ammar;Hashem, Khalid;Adnan, Gaze;Ali, Waleed
    • International Journal of Computer Science & Network Security
    • /
    • v.21 no.6
    • /
    • pp.286-293
    • /
    • 2021
  • Recently, the quick development rate of apps in the Android platform has led to an accelerated increment in creating malware applications by cyber attackers. Numerous Android malware detection tools have utilized conventional signature-based approaches to detect malware apps. However, these conventional strategies can't identify the latest apps on whether applications are malware or not. Many new malware apps are periodically discovered but not all malware Apps can be accurately detected. Hence, there is a need to propose intelligent approaches that are able to detect the newly developed Android malware applications. In this study, Radial Basis Function (RBF) networks are trained using known Android applications and then used to detect the latest and new Android malware applications. Initially, the optimal permission features of Android apps are selected using Information Gain Ratio (IGR). Appropriately, the features selected by IGR are utilized to train the RBF networks in order to detect effectively the new Android malware apps. The empirical results showed that RBF achieved the best detection accuracy (97.20%) among other common machine learning techniques. Furthermore, RBF accomplished the best detection results in most of the other measures.

Bayesian Game Theoretic Model for Evasive AI Malware Detection in IoT

  • Jun-Won Ho
    • International journal of advanced smart convergence
    • /
    • v.13 no.3
    • /
    • pp.41-47
    • /
    • 2024
  • In this paper, we deal with a game theoretic problem to explore interactions between evasive Artificial Intelligence (AI) malware and detectors in Internet of Things (IoT). Evasive AI malware is defined as malware having capability of eluding detection by exploiting artificial intelligence such as machine learning and deep leaning. Detectors are defined as IoT devices participating in detection of evasive AI malware in IoT. They can be separated into two groups such that one group of detectors can be armed with detection capability powered by AI, the other group cannot be armed with it. Evasive AI malware can take three strategies of Non-attack, Non-AI attack, AI attack. To cope with these strategies of evasive AI malware, detector can adopt three strategies of Non-defense, Non-AI defense, AI defense. We formulate a Bayesian game theoretic model with these strategies employed by evasive AI malware and detector. We derive pure strategy Bayesian Nash Equilibria in a single stage game from the formulated Bayesian game theoretic model. Our devised work is useful in the sense that it can be used as a basic game theoretic model for developing AI malware detection schemes.

A Study on Malware Identification System Using Static Analysis Based Machine Learning Technique (정적 분석 기반 기계학습 기법을 활용한 악성코드 식별 시스템 연구)

  • Kim, Su-jeong;Ha, Ji-hee;Oh, Soo-hyun;Lee, Tae-jin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.29 no.4
    • /
    • pp.775-784
    • /
    • 2019
  • Malware infringement attacks are continuously increasing in various environments such as mobile, IOT, windows and mac due to the emergence of new and variant malware, and signature-based countermeasures have limitations in detection of malware. In addition, analytical performance is deteriorating due to obfuscation, packing, and anti-VM technique. In this paper, we propose a system that can detect malware based on machine learning by using similarity hashing-based pattern detection technique and static analysis after file classification according to packing. This enables more efficient detection because it utilizes both pattern-based detection, which is well-known malware detection, and machine learning-based detection technology, which is advantageous for detecting new and variant malware. The results of this study were obtained by detecting accuracy of 95.79% or more for benign sample files and malware sample files provided by the AI-based malware detection track of the Information Security R&D Data Challenge 2018 competition. In the future, it is expected that it will be possible to build a system that improves detection performance by applying a feature vector and a detection method to the characteristics of a packed file.

A Chi-Square-Based Decision for Real-Time Malware Detection Using PE-File Features

  • Belaoued, Mohamed;Mazouzi, Smaine
    • Journal of Information Processing Systems
    • /
    • v.12 no.4
    • /
    • pp.644-660
    • /
    • 2016
  • The real-time detection of malware remains an open issue, since most of the existing approaches for malware categorization focus on improving the accuracy rather than the detection time. Therefore, finding a proper balance between these two characteristics is very important, especially for such sensitive systems. In this paper, we present a fast portable executable (PE) malware detection system, which is based on the analysis of the set of Application Programming Interfaces (APIs) called by a program and some technical PE features (TPFs). We used an efficient feature selection method, which first selects the most relevant APIs and TPFs using the chi-square ($KHI^2$) measure, and then the Phi (${\varphi}$) coefficient was used to classify the features in different subsets, based on their relevance. We evaluated our method using different classifiers trained on different combinations of feature subsets. We obtained very satisfying results with more than 98% accuracy. Our system is adequate for real-time detection since it is able to categorize a file (Malware or Benign) in 0.09 seconds.

A Study of Realtime Malware URL Detection & Prevention in Mobile Environment (모바일 환경에서 실시간 악성코드 URL 탐지 및 차단 연구)

  • Park, Jae-Kyung
    • Journal of the Korea Society of Computer and Information
    • /
    • v.20 no.6
    • /
    • pp.37-42
    • /
    • 2015
  • In this paper, we propose malware database in mobile memory for realtime malware URL detection and we support realtime malware URL detection engine, that is control the web service for more secure mobile service. Recently, mobile malware is on the rise and to be new threat on mobile environment. In particular the mobile characteristics, the damage of malware is more important, because it leads to monetary damages for the user. There are many researches in cybercriminals prevention and malware detection, but it is still insufficient. Additionally we propose the method for prevention Smishing within SMS, MMS. In the near future, mobile venders must build the secure mobile environment with fundamental measures based on our research.

Malware Detection with Directed Cyclic Graph and Weight Merging

  • Li, Shanxi;Zhou, Qingguo;Wei, Wei
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.15 no.9
    • /
    • pp.3258-3273
    • /
    • 2021
  • Malware is a severe threat to the computing system and there's a long history of the battle between malware detection and anti-detection. Most traditional detection methods are based on static analysis with signature matching and dynamic analysis methods that are focused on sensitive behaviors. However, the usual detections have only limited effect when meeting the development of malware, so that the manual update for feature sets is essential. Besides, most of these methods match target samples with the usual feature database, which ignored the characteristics of the sample itself. In this paper, we propose a new malware detection method that could combine the features of a single sample and the general features of malware. Firstly, a structure of Directed Cyclic Graph (DCG) is adopted to extract features from samples. Then the sensitivity of each API call is computed with Markov Chain. Afterward, the graph is merged with the chain to get the final features. Finally, the detectors based on machine learning or deep learning are devised for identification. To evaluate the effect and robustness of our approach, several experiments were adopted. The results showed that the proposed method had a good performance in most tests, and the approach also had stability with the development and growth of malware.

DroidVecDeep: Android Malware Detection Based on Word2Vec and Deep Belief Network

  • Chen, Tieming;Mao, Qingyu;Lv, Mingqi;Cheng, Hongbing;Li, Yinglong
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.13 no.4
    • /
    • pp.2180-2197
    • /
    • 2019
  • With the proliferation of the Android malicious applications, malware becomes more capable of hiding or confusing its malicious intent through the use of code obfuscation, which has significantly weaken the effectiveness of the conventional defense mechanisms. Therefore, in order to effectively detect unknown malicious applications on the Android platform, we propose DroidVecDeep, an Android malware detection method using deep learning technique. First, we extract various features and rank them using Mean Decrease Impurity. Second, we transform the features into compact vectors based on word2vec. Finally, we train the classifier based on deep learning model. A comprehensive experimental study on a real sample collection was performed to compare various malware detection approaches. Experimental results demonstrate that the proposed method outperforms other Android malware detection techniques.