• International Journal of Computer Science & Network Security
• /
• 제23권7호
• /
• pp.202-209
• /
• 2023

Android malware is now on the rise, because of the rising interest in the Android operating system. Machine learning models may be used to classify unknown Android malware utilizing characteristics gathered from the dynamic and static analysis of an Android applications. Anti-virus software simply searches for the signs of the virus instance in a specific programme to detect it while scanning. Anti-virus software that competes with it keeps these in large databases and examines each file for all existing virus and malware signatures. The proposed model aims to provide a machine learning method that depend on the malware detection method for Android inability to detect malware apps and improve phone users' security and privacy. This system tracks numerous permission-based characteristics and events collected from Android apps and analyses them using a classifier model to determine whether the program is good ware or malware. This method used the machine learning techniques KNN-SVM, DBN, and GRU in which help to find the accuracy which gives the different values like KNN gives 87.20 percents accuracy, SVM gives 91.40 accuracy, Naive Bayes gives 85.10 and DBN-GRU Gives 97.90. Furthermore, in this paper, we simply employ standard machine learning techniques; but, in future work, we will attempt to improve those machine learning algorithms in order to develop a better detection algorithm.

• Journal of Information Processing Systems
• /
• 제16권4호
• /
• pp.882-895
• /
• 2020

The amount of malware increases exponentially every day and poses a threat to networks and operating systems. Most new malware is a variant of existing malware. It is difficult to deal with numerous malware variants since they bypass the existing signature-based malware detection method. Thus, research on automated methods of detecting and processing variant malware has been continuously conducted. This report proposes a method of extracting feature data from files and detecting malware using machine learning. Feature data were extracted from 7,000 malware and 3,000 benign files using static and dynamic malware analysis tools. A malware classification model was constructed using multiple DNN, XGBoost, and RandomForest layers and the performance was analyzed. The proposed method achieved up to 96.3% accuracy.

• International Journal of Computer Science & Network Security
• /
• 제23권8호
• /
• pp.177-189
• /
• 2023

Malware detection is an increasingly important operational focus in cyber security, particularly given the fast pace of such threats (e.g., new malware variants introduced every day). There has been great interest in exploring the use of machine learning techniques in automating and enhancing the effectiveness of malware detection and analysis. In this paper, we present a deep recurrent neural network solution as a stacked Long Short-Term Memory (LSTM) with a pre-training as a regularization method to avoid random network initialization. In our proposal, we use global and short dependencies of the inputs. With pre-training, we avoid random initialization and are able to improve the accuracy and robustness of malware threat hunting. The proposed method speeds up the convergence (in comparison to stacked LSTM) by reducing the length of malware OpCode or bytecode sequences. Hence, the complexity of our final method is reduced. This leads to better accuracy, higher Mattews Correlation Coefficients (MCC), and Area Under the Curve (AUC) in comparison to a standard LSTM with similar detection time. Our proposed method can be applied in real-time malware threat hunting, particularly for safety critical systems such as eHealth or Internet of Military of Things where poor convergence of the model could lead to catastrophic consequences. We evaluate the effectiveness of our proposed method on Windows, Ransomware, Internet of Things (IoT), and Android malware datasets using both static and dynamic analysis. For the IoT malware detection, we also present a comparative summary of the performance on an IoT-specific dataset of our proposed method and the standard stacked LSTM method. More specifically, of our proposed method achieves an accuracy of 99.1% in detecting IoT malware samples, with AUC of 0.985, and MCC of 0.95; thus, outperforming standard LSTM based methods in these key metrics.

• International Journal of Computer Science & Network Security
• /
• 제23권12호
• /
• pp.107-114
• /
• 2023

The attack technique by the malware distribution form is a dangerous, difficult to detect and prevent attack method. Current malware detection studies and proposals are often based on two main methods: using sign sets and analyzing abnormal behaviors using machine learning or deep learning techniques. This paper will propose a method to detect malware on Endpoints based on Event IDs using deep learning. Event IDs are behaviors of malware tracked and collected on Endpoints' operating system kernel. The malware detection proposal based on Event IDs is a new research approach that has not been studied and proposed much. To achieve this purpose, this paper proposes to combine different data mining methods and deep learning algorithms. The data mining process is presented in detail in section 2 of the paper.

• 한국컴퓨터정보학회논문지
• /
• 제10권6호
• /
• pp.127-136
• /
• 2005

최근 악성코드에 의한 피해는 상업용 백신의 지속적인 개발에도 불구하고 급격히 증가되고 있다. 일반적으로 백신은 이미 알려진 악성코드는 효과적으로 탐색이 가능하지만 아무런 정보가 없는 악성코드를 탐색하기는 어려우며, 또한 최근의 악성코드들은 백신의 갱신속도보다 훨씬 빨리 새로운 변종들을 만들어내고 있기 때문에 백신의 대응이 늦게 되는 경향이 있다. 본 논문에서는 이러한 악성코드들을 효과적으로 탐색할 수 있는 탐색도구의 설계 및 개발에 관하여 기술한다 본 연구의 도구는 악성코드의 기능을 분석하여 특정한 시그너처를 추출함으로서 기존의 악성코드들 뿐 아니라 새로운 악성코드와 그 변종들에 대해서도 능동적으로 대처할 수 있다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제9권7호
• /
• pp.2736-2754
• /
• 2015

Android dominates the mobile operating system market, which stimulates the rapid spread of mobile malware. It is quite challenging to detect mobile malware. System call sequence analysis is widely used to identify malware. However, the malware detection accuracy of existing approaches is not satisfactory since they do not consider correlation of system calls in the sequence. In this paper, we propose a new scheme called Artificial Neural Networks (ANNs) on Co-occurrence Matrices Droid (ANNCMDroid), using co-occurrence matrices to mine correlation of system calls. Our key observation is that correlation of system calls is significantly different between malware and benign software, which can be accurately expressed by co-occurrence matrices, and ANNs can effectively identify anomaly in the co-occurrence matrices. Thus at first we calculate co-occurrence matrices from the system call sequences and then convert them into vectors. Finally, these vectors are fed into ANN to detect malware. We demonstrate the effectiveness of ANNCMDroid by real experiments. Experimental results show that only 4 applications among 594 evaluated benign applications are falsely detected as malware, and only 18 applications among 614 evaluated malicious applications are not detected. As a result, ANNCMDroid achieved an F-Score of 0.981878, which is much higher than other methods.

• International Journal of Computer Science & Network Security
• /
• 제23권7호
• /
• pp.186-192
• /
• 2023

Malwares are becoming a major problem nowadays all around the world in android operating systems. The malware is a piece of software developed for harming or exploiting certain other hardware as well as software. The term Malware is also known as malicious software which is utilized to define Trojans, viruses, as well as other kinds of spyware. There have been developed many kinds of techniques for protecting the android operating systems from malware during the last decade. However, the existing techniques have numerous drawbacks such as accuracy to detect the type of malware in real-time in a quick manner for protecting the android operating systems. In this article, the authors developed a hybrid model for android malware detection using a decision tree and KNN (k-nearest neighbours) technique. First, Dalvik opcode, as well as real opcode, was pulled out by using the reverse procedure of the android software. Secondly, eigenvectors of sampling were produced by utilizing the n-gram model. Our suggested hybrid model efficiently combines KNN along with the decision tree for effective detection of the android malware in real-time. The outcome of the proposed scheme illustrates that the proposed hybrid model is better in terms of the accurate detection of any kind of malware from the Android operating system in a fast and accurate manner. In this experiment, 815 sample size was selected for the normal samples and the 3268-sample size was selected for the malicious samples. Our proposed hybrid model provides pragmatic values of the parameters namely precision, ACC along with the Recall, and F1 such as 0.93, 0.98, 0.96, and 0.99 along with 0.94, 0.99, 0.93, and 0.99 respectively. In the future, there are vital possibilities to carry out more research in this field to develop new methods for Android malware detection.

• 인터넷정보학회논문지
• /
• 제23권1호
• /
• pp.87-93
• /
• 2022

군(軍) PC의 99%는 윈도우 운영체제를 사용하고 있어 안전한 국방사이버공간을 유지하기 위해서는 윈도우 기반 악성코드의 탐지 및 대응이 상당히 중요하다. 본 연구에서는 윈도우 PE(Portable Executable) 포맷의 악성코드를 탐지할 수 있는 모델을 제안한다. 탐지모델을 구축함에 있어서는 탐지의 정확도보다는 급증하는 악성코드에 효율적으로 대처하기 위한 탐지모델의 신속한 업데이트에 중점을 두었다. 이에 학습 속도를 향상시키기 위해 복잡한 전처리 과정 없이 최소한의 시퀀스 데이터만으로도 악성코드 탐지가 가능한 Bidirectional LSTM(Long Short Term Memory) 네트워크를 기반으로 탐지모델을 설계하였다. 실험은 EMBER2018 데이터셋을 활용하여 진행하였으며, 3가지의 시퀀스 데이터(Byte-Entropy Histogram, Byte Histogram, String Distribution)로 구성된 특성 집합을 모델에 학습시킨 결과 90.79%의 Accuracy를 달성하였다. 한편, 학습 소요시간은 기존 탐지모델 대비 1/4로 단축되어 급증하는 신종 악성코드에 대응하기 위한 탐지모델의 신속한 업데이트가 가능함을 확인하였다.

• 정보처리학회논문지:컴퓨터 및 통신 시스템
• /
• 제6권3호
• /
• pp.159-168
• /
• 2017

스마트폰 사용자가 증가하고 스마트폰이 다양한 서비스와 함께 일상생활에서 널리 사용됨에 따라 스마트폰 사용자를 노리는 악성코드 또한 증가하고 있다. 안드로이드는 2012년 이후로 가장 많이 사용되고 있는 스마트폰 운영체제이지만, 안드로이드 마켓의 개방성으로 인해 수많은 악성 앱이 마켓에 존재하며 사용자에게 위협이 되고 있다. 현재 대부분의 안드로이드 악성 앱 탐지 프로그램이 사용하는 규칙 기반의 탐지 방법은 쉽게 우회가 가능할 뿐만 아니라, 새로운 악성 앱에 대해서는 대응이 어렵다는 문제가 존재한다. 본 논문에서는 앱의 정적 분석과 딥러닝을 결합하여 스마트폰에서 직접 악성 앱을 탐지할 수 있는 방법을 제안한다. 수집한 6,120개의 악성 앱과 7,000개의 정상 앱 데이터 셋을 가지고 제안하는 방법을 평가한 결과 98.05%의 정확도로 악성 앱과 정상 앱을 분류하였고, 학습하지 않은 악성 앱 패밀리의 탐지에서도 좋은 성능을 보였으며, 스마트폰 환경에서 평균 10초 내외로 분석을 수행하였다.

• 정보보호학회논문지
• /
• 제32권2호
• /
• pp.381-390
• /
• 2022

기계학습 이미지 인식 기술의 발전에 따라 이를 악성코드 검출에 적용하는 방법이 연구되고 있다. 그 대표적인 접근법으로 악성코드 파일을 이미지로 변환하고 이를 CNN과 같은 딥러닝 네트워크에 학습시켜 악성코드 검출과 분류를 수행하는 연구가 진행되어 의미 있는 결과가 발표되고 있다. 본 연구에서는 기계학습을 사용한 악성코드 검출에 효과적인 이미지 생성방법을 제시하고자 한다. 이를 위하여 이미지 생성의 여러 선택 요소에 따른 악성코드 검출의 성능을 실험하고 분석하였으며, 그 결과를 반영하여 명령어 흐름의 특성을 좀 더 명확하게 나타낼 수 있는 선형적 이미지 생성방법을 제시하고 이 방법이 악성코드 검출의 정밀도를 높일 수 있음을 실험을 통하여 보였다.