Machine Learning Aided Static Malware Analysis: A Survey and Tutorial

Malware analysis and detection techniques have been evolving during the last decade as a reflection to development of different malware techniques to evade network-based and host-based security protections. The fast growth in variety and number of malware species made it very difficult for forensics investigators to provide an on time response. Therefore, Machine Learning (ML) aided malware analysis became a necessity to automate different aspects of static and dynamic malware investigation. We believe that machine learning aided static analysis can be used as a methodological approach in technical Cyber Threats Intelligence (CTI) rather than resource-consuming dynamic malware analysis that has been thoroughly studied before. In this paper, we address this research gap by conducting an in-depth survey of different machine learning methods for classification of static characteristics of 32-bit malicious Portable Executable (PE32) Windows files and develop taxonomy for better understanding of these techniques. Afterwards, we offer a tutorial on how different machine learning techniques can be utilized in extraction and analysis of a variety of static characteristic of PE binaries and evaluate accuracy and practical generalization of these techniques. Finally, the results of experimental study of all the method using common data was given to demonstrate the accuracy and complexity. This paper may serve as a stepping stone for future researchers in cross-disciplinary field of machine learning aided malware forensics.Comment: 37 Page

Validating digital forensic evidence

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University.This dissertation focuses on the forensic validation of computer evidence. It is a burgeoning field, by necessity, and there have been significant advances in the detection and gathering of evidence related to electronic crimes. What makes the computer forensics field similar to other forensic fields is that considerable emphasis is placed on the validity of the digital evidence. It is not just the methods used to collect the evidence that is a concern. What is also a problem is that perpetrators of digital crimes may be engaged in what is called anti-forensics. Digital forensic evidence techniques are deliberately thwarted and corrupted by those under investigation. In traditional forensics the link between evidence and perpetrator's actions is often straightforward: a fingerprint on an object indicates that someone has touched the object. Anti-forensic activity would be the equivalent of having the ability to change the nature of the fingerprint before, or during the investigation, thus making the forensic evidence collected invalid or less reliable. This thesis reviews the existing security models and digital forensics, paying particular attention to anti-forensic activity that affects the validity of data collected in the form of digital evidence. This thesis will build on the current models in this field and suggest a tentative first step model to manage and detect possibility of anti-forensic activity. The model is concerned with stopping anti-forensic activity, and thus is not a forensic model in the normal sense, it is what will be called a “meta-forensic” model. A meta-forensic approach is an approach intended to stop attempts to invalidate digital forensic evidence. This thesis proposes a formal procedure and guides forensic examiners to look at evidence in a meta-forensic way

Machine Learning Approach to Mobile Forensics Framework for Cyber Crime Detection in Nigeria

The mobile Cyber Crime detection is challenged by number of mobile devices (internet of things), large and complex data, the size, the velocity, the nature and the complexity of the data and devices has become so high that data mining techniques are no more efficient since they cannot handle Big Data and internet of things. The aim of this research work was to develop a mobile forensics framework for cybercrime detection using machine learning approach. It started when call was detected and this detection is made by machine learning algorithm furthermore intelligent mass media towers and satellite that was proposed in this work has the ability to classified calls whether is a threat or not and send signal directly to Nigerian communication commission (NCC) forensic lab for necessary action

Cybersecurity and Cyber Forensics: Machine Learning Approach Systematic Review

The proliferation of cloud computing and internet of things has led to the connectivity of states and nations (developed and developing countries) worldwide in which global network provide platform for the connection.Digital forensics is a field of computer security that uses software applications and standard guidelines which support the extraction of evidences from any computer appliances which is perfectly enough for the court of law to use and make a judgment based on the comprehensiveness, authenticity and objectivity of the information obtained. Cybersecurity is of major concerned to the internet users worldwide due to the recent form of attacks,threat, viruses, intrusion among others going on every day among internet of things. However, it is noted that cybersecurity is based on confidentiality,integrity and validity of data. The aim of this work is make a systematic review on the application of machine learning algorithms to cybersecurity and cyber forensics and pave away for further research directions on the application of deep learning, computational intelligence, soft computing to cybersecurity and cyber forensics

IEEE Access special section editorial: Artificial intelligence enabled networking

With today’s computer networks becoming increasingly dynamic, heterogeneous, and complex, there is great interest in deploying artificial intelligence (AI) based techniques for optimization and management of computer networks. AI techniques—that subsume multidisciplinary techniques from machine learning, optimization theory, game theory, control theory, and meta-heuristics—have long been applied to optimize computer networks in many diverse settings. Such an approach is gaining increased traction with the emergence of novel networking paradigms that promise to simplify network management (e.g., cloud computing, network functions virtualization, and software-defined networking) and provide intelligent services (e.g., future 5G mobile networks). Looking ahead, greater integration of AI into networking architectures can help develop a future vision of cognitive networks that will show network-wide intelligent behavior to solve problems of network heterogeneity, performance, and quality of service (QoS)

Data Mining Techniques for Fraud Detection

The paper presents application of data mining techniques to fraud analysis. We present some classification and prediction data mining techniques which we consider important to handle fraud detection. There exist a number of data mining algorithms and we present statistics-based algorithm, decision tree-based algorithm and rule-based algorithm. We present Bayesian classification model to detect fraud in automobile insurance. Naïve Bayesian visualization is selected to analyze and interpret the classifier predictions. We illustrate how ROC curves can be deployed for model assessment in order to provide a more intuitive analysis of the models. Keywords: Data Mining, Decision Tree, Bayesian Network, ROC Curve, Confusion Matri