Analysis of Feature Categories for Malware Visualization

It is important to know which features are more effective for certain visualization types. Furthermore, selecting an appropriate visualization tool plays a key role in descriptive, diagnostic, predictive and prescriptive analytics. Moreover, analyzing the activities of malicious scripts or codes is dependent on the extracted features. In this paper, the authors focused on reviewing and classifying the most common extracted features that have been used for malware visualization based on specified categories. This study examines the features categories and its usefulness for effective malware visualization. Additionally, it focuses on the common extracted features that have been used in the malware visualization domain. Therefore, the conducted literature review finding revealed that the features could be categorized into four main categories, namely, static, dynamic, hybrid, and application metadata. The contribution of this research paper is about feature selection for illustrating which features are effective with which visualization tools for malware visualization

IDENTIFIKASI MALWARE ANDROID MENGGUNAKAN PENDEKATAN ANALISIS HIBRID DENGAN DEEP LEARNING

Android merupakan sistem operasi mobile yang paling populer digunakan saat ini. Bagaimana pun dibalik kepopuleran ini muncul ancaman penyebaran malware pada platform Android. Pada pertengan tahun 2021 peneliti keamanan dari Quick Heal Security Labs mendeteksi setidaknya ada delapan aplikasi di Google Play Store yang disusupi oleh malware Joker. Malware ini dapat secara sembunyi-sembunyi membuat ponsel korbannya berlangganan dan membayar konten premium tanpa sepengetahuan korban. Untuk itu, deteksi malware Android ini sangat penting untuk menjaga keamanan dan privasi pengguna. Bagaimana pun karena proses identifikasi malware yang semakin rumit, maka perlu digunakan pendekatan deep learning untuk klasifikasi malware. Makalah ini menggabungkan fitur analisis statis dan dinamis dari aplikasi malware dan aplikasi bukan malware. Fitur dinamis diambil dari panggilan API pada aplikasi sedangkan fitur statis didapatkan melalui permission, system call dan intent. Model deep learning dengan arsitektur LSTM (Long Short-Term Memory) dikembangkan untuk mengidentifikasi malware. Hasil pengujian pada data uji menunjukkan model yang dikembangkan memiliki akurasi 98,7%, recall 97,9% dan presisi 99,6% serta skor F1 98,7%

CICMalDroid2020 Veri Kümesi Kullanılarak Kötü Amaçlı Yazılım Tespiti için Makine Öğrenimi Algoritmalarının Performans Analizi

Teknolojideki gelişmelere paralel olarak bilgiye erişim kolaylaşmıştır. Bu durumun hayatımıza pozitif etkisi olsa da bilginin hedef haline geldiği kaçınılmaz bir gerçektir. Kötü amaçlı kişiler tarafından bilgilerin çalınması, tehdit unsuru olarak kullanılması bilgi güvenliği konusunda endişelere sebep olmuştur. Bu amaçlarla geliştirilen kötücül yazılımlar, bilginin güvenliği açısından büyük bir tehlike oluşturmaktadır. Bilgiye erişim kolaylaştıkça artan bu durum karşısında araştırmacılar, kötücül yazılımların tespiti, engellenmesi ve bilgi güvenliğinin sağlanması konusunda çalışmalarına hız kazandırmışlardır. Literatürde, farklı çalışmalar ile kötücül yazılımların tespiti gerçekleştirildiği görülmektedir. Bu çalışmada ise, kötücül yazılım tespiti WEKA programı kullanarak gerçekleştirilmiştir. CICMalDroid2020 veri seti ile yapılan analizlerde, farklı makine öğrenmesi sınıflandırıcılarının, özellik çıkarımının ve en iyi sonucu veren sınıflandırmanın performansını etkileyen parametrelerin etkisi incelenmiştir. Sonuçlar, detaylı bir şekilde aktarılmıştır

MDEA: Malware Detection with Evolutionary Adversarial Learning

Malware detection have used machine learning to detect malware in programs. These applications take in raw or processed binary data to neural network models to classify as benign or malicious files. Even though this approach has proven effective against dynamic changes, such as encrypting, obfuscating and packing techniques, it is vulnerable to specific evasion attacks where that small changes in the input data cause misclassification at test time. This paper proposes a new approach: MDEA, an Adversarial Malware Detection model uses evolutionary optimization to create attack samples to make the network robust against evasion attacks. By retraining the model with the evolved malware samples, its performance improves a significant margin.Comment: 8 pages, 6 figure

MDEA : malware detection with evolutionary adversarial learning

Many applications have used machine learning as a tool to detect malware. These applications take in raw or processed binary data to feed neural network models to classify benign or malicious files. Even though this approach has proved effective against dynamic changes, such as encrypting, obfuscating and packing techniques, it is vulnerable to specific evasion attacks to where that small changes to the input data cause misclassification at test time. In this paper, I propose MDEA, an Adversarial Malware Detection model that combines a neural network and evolutionary optimization attack samples to make the network robust against evasion attacks. By retraining the model with the evolved malware samples, network performance improves a big margin.Computer Science