9,269 research outputs found
Analysis of Data Mining Tools for Android Malware Detection
There are various data mining tools available to
analyze data related android malware detection. However, the problem arises in deciding the most appropriate machine learning techniques or algorithm on particular tools to be implemented on particular data. This research is focusing only on classification techniques. Hence, the objective of this research is to identify the best machine learning technique or algorithm on selected tool for android malware detection. Five techniques: Random Forest, Naive Bayes, Support Vector Machine, Forest, K-Nearest Neighbour and Adaboost are selected and applied in selected tools namely Weka and Orange. The result shows that Adaboost technique in Weka tool and Random Forest technique in Orange tool has obtained accuracy above 80% compare to other
techniques. This result provides an option for the researcher on applying technique or algorithm on selected tool when analyzing android malware data
Harnessing the Speed and Accuracy of Machine Learning to Advance Cybersecurity
As cyber attacks continue to increase in frequency and sophistication,
detecting malware has become a critical task for maintaining the security of
computer systems. Traditional signature-based methods of malware detection have
limitations in detecting complex and evolving threats. In recent years, machine
learning (ML) has emerged as a promising solution to detect malware
effectively. ML algorithms are capable of analyzing large datasets and
identifying patterns that are difficult for humans to identify. This paper
presents a comprehensive review of the state-of-the-art ML techniques used in
malware detection, including supervised and unsupervised learning, deep
learning, and reinforcement learning. We also examine the challenges and
limitations of ML-based malware detection, such as the potential for
adversarial attacks and the need for large amounts of labeled data.
Furthermore, we discuss future directions in ML-based malware detection,
including the integration of multiple ML algorithms and the use of explainable
AI techniques to enhance the interpret ability of ML-based detection systems.
Our research highlights the potential of ML-based techniques to improve the
speed and accuracy of malware detection, and contribute to enhancing
cybersecurit
NetSec: Real-time and Scalable Malware Traffic Detection within IoT Networks
Detecting malicious network traffic in real time has become a crucial requirement at smart communities for elderly care and medical facilities with the prevalence of Internet-of-things (IoT) devices. Existing machine learning based solutions for network traffic malware detection often fail to scale with the exponential increase of IoT devices at the facility and to detect malicious traffic with desirable low latency. In this paper we seek to fill the gap by designing a scalable end-to-end network traffic analyzing system that permits real-time malware detection. By leveraging distributed systems such as Apache Kafka and Apache Spark, the system has demonstrated scalable performance as the number of IoT devices grow. Using Intel’s oneAPI software stack for both machine learning and deep learning models, the model inference speed is boosted by three-fold
Learning Fast and Slow: PROPEDEUTICA for Real-time Malware Detection
In this paper, we introduce and evaluate PROPEDEUTICA, a novel methodology
and framework for efficient and effective real-time malware detection,
leveraging the best of conventional machine learning (ML) and deep learning
(DL) algorithms. In PROPEDEUTICA, all software processes in the system start
execution subjected to a conventional ML detector for fast classification. If a
piece of software receives a borderline classification, it is subjected to
further analysis via more performance expensive and more accurate DL methods,
via our newly proposed DL algorithm DEEPMALWARE. Further, we introduce delays
to the execution of software subjected to deep learning analysis as a way to
"buy time" for DL analysis and to rate-limit the impact of possible malware in
the system. We evaluated PROPEDEUTICA with a set of 9,115 malware samples and
877 commonly used benign software samples from various categories for the
Windows OS. Our results show that the false positive rate for conventional ML
methods can reach 20%, and for modern DL methods it is usually below 6%.
However, the classification time for DL can be 100X longer than conventional ML
methods. PROPEDEUTICA improved the detection F1-score from 77.54% (conventional
ML method) to 90.25%, and reduced the detection time by 54.86%. Further, the
percentage of software subjected to DL analysis was approximately 40% on
average. Further, the application of delays in software subjected to ML reduced
the detection time by approximately 10%. Finally, we found and discussed a
discrepancy between the detection accuracy offline (analysis after all traces
are collected) and on-the-fly (analysis in tandem with trace collection). Our
insights show that conventional ML and modern DL-based malware detectors in
isolation cannot meet the needs of efficient and effective malware detection:
high accuracy, low false positive rate, and short classification time.Comment: 17 pages, 7 figure
PowerDrive: Accurate De-Obfuscation and Analysis of PowerShell Malware
PowerShell is nowadays a widely-used technology to administrate and manage
Windows-based operating systems. However, it is also extensively used by
malware vectors to execute payloads or drop additional malicious contents.
Similarly to other scripting languages used by malware, PowerShell attacks are
challenging to analyze due to the extensive use of multiple obfuscation layers,
which make the real malicious code hard to be unveiled. To the best of our
knowledge, a comprehensive solution for properly de-obfuscating such attacks is
currently missing. In this paper, we present PowerDrive, an open-source, static
and dynamic multi-stage de-obfuscator for PowerShell attacks. PowerDrive
instruments the PowerShell code to progressively de-obfuscate it by showing the
analyst the employed obfuscation steps. We used PowerDrive to successfully
analyze thousands of PowerShell attacks extracted from various malware vectors
and executables. The attained results show interesting patterns used by
attackers to devise their malicious scripts. Moreover, we provide a taxonomy of
behavioral models adopted by the analyzed codes and a comprehensive list of the
malicious domains contacted during the analysis
- …