Analisis Ekstraksi Fitur dan Klasifikasi Data Keluarga Malware Menggunakan Convolutional Neural Network

Malware merupakan perangkat lunak berbahaya yang dapat mengganggu kinerja dari suatu sistem, dan telah menjadi salah satu cyber threat yang perlu mendapat perhatian khusus. Semakin hari perkembangan malware semakin berbagai macam dan mengalami evolusi semakin canggih, sehingga mempunyai kemampuan untuk melindungi diri dari suatu acaman baik itu antivirus atau sistem pengamanan yang lain, Salah satu upaya awal yang dapat dilakukan adalah melakukan analisis terhadap malware – malware yang ada, analisis dalam hal ini merupakan suatu proses untuk melakukan identifikasi terhadap perilaku malware, mulai dari apa yang dilakukan, apa yang diinginkan, dan apa tujuan utama dari malware tersebut, deep learning yang merupakan cabang ilmu dari kecerdasan buatan untuk melakukan penelitian terhadap karakteristik malware, dengan melakukan analisis terhadap karakteristik dari suatu varian malware, seperti menggunakan metode klasifikasi diharapkan hal tersebut dapat memberikan referensi untuk pembuatan sistem pengamanan terhadap malware yang lebih baik. Pada penelitian yang akan dilakukan peneliti mencoba untuk melakukan analisis terhadap data malware yang diambil dari Canadian Institute for Cybersecurity. Dalam hasil analisis tersebut didapatkan hasil precission dan recal 75%

Unveiling Zeus

Malware family classification is an age old problem that many Anti-Virus (AV) companies have tackled. There are two common techniques used for classification, signature based and behavior based. Signature based classification uses a common sequence of bytes that appears in the binary code to identify and detect a family of malware. Behavior based classification uses artifacts created by malware during execution for identification. In this paper we report on a unique dataset we obtained from our operations and classified using several machine learning techniques using the behavior-based approach. Our main class of malware we are interested in classifying is the popular Zeus malware. For its classification we identify 65 features that are unique and robust for identifying malware families. We show that artifacts like file system, registry, and network features can be used to identify distinct malware families with high accuracy---in some cases as high as 95%.Comment: Accepted to SIMPLEX 2013 (a workshop held in conjunction with WWW 2013

Eight years of rider measurement in the Android malware ecosystem: evolution and lessons learned

Despite the growing threat posed by Android malware, the research community is still lacking a comprehensive view of common behaviors and trends exposed by malware families active on the platform. Without such view, the researchers incur the risk of developing systems that only detect outdated threats, missing the most recent ones. In this paper, we conduct the largest measurement of Android malware behavior to date, analyzing over 1.2 million malware samples that belong to 1.2K families over a period of eight years (from 2010 to 2017). We aim at understanding how the behavior of Android malware has evolved over time, focusing on repackaging malware. In this type of threats different innocuous apps are piggybacked with a malicious payload (rider), allowing inexpensive malware manufacturing. One of the main challenges posed when studying repackaged malware is slicing the app to split benign components apart from the malicious ones. To address this problem, we use differential analysis to isolate software components that are irrelevant to the campaign and study the behavior of malicious riders alone. Our analysis framework relies on collective repositories and recent advances on the systematization of intelligence extracted from multiple anti-virus vendors. We find that since its infancy in 2010, the Android malware ecosystem has changed significantly, both in the type of malicious activity performed by the malicious samples and in the level of obfuscation used by malware to avoid detection. We then show that our framework can aid analysts who attempt to study unknown malware families. Finally, we discuss what our findings mean for Android malware detection research, highlighting areas that need further attention by the research community.Accepted manuscrip