Metamorphic malware detection based on support vector machine classification of malware sub-signatures

Achieving accurate and efficient metamorphic malware detection remains a challenge. Metamorphic malware is able to mutate and alter its code structure in each infection that can circumvent signature matching detection. However, some vital functionalities and code segments remain unchanged between mutations. We exploit these unchanged features by the mean of classification using Support Vector Machine (SVM). N-gram features are extracted directly from malware binaries to avoid disassembly, which these features are then masked with the extracted known malware signature n-grams. These masked features reduce the number of selected n-gram features considerably. Our method is capable to accurately detect metamorphic malware with ~99 accuracy and low false positive rate. The proposed method is also superior to commercially available anti-viruses for detecting metamorphic malware

Metamorphic Malware Detection Based on Support Vector Machine Classification of Malware Sub-Signatures

Achieving accurate and efficient metamorphic malware detection remains a challenge. Metamorphic malware is able to mutate and alter its code structure in each infection, with some vital functionality and codesegment remain unchanged. We exploit these unchanged features for detecting metamorphic malware detection using Support Vector Machine(SVM) classifier. n-gram features are extracted directly from sample malware binaries to avoid disassembly, which are then masked with the extracted Snort signature n-grams. These masked features reduce considerably the number of selected n-gram features. Our method is capable to accurately detect metamorphic malware with ~99 % accuracy and low false positive rate. The proposed method is also superior than commercially available anti-viruses in detecting metamorphicmalware

Zero-Day Aware Decision Fusion-Based Model for Crypto-Ransomware Early Detection

Crypto-ransomware employs the cryptography to lock user personal files and demands ransom to release them. By utilizing several technological utilities like cyber-currency and cloud-based developing platforms, crypto-ransomware has gained high popularity among adversaries. Motivated by the monetary revenue, crypto-ransomware developers continuously produce many variants of such malicious programs to evade the detection. Consequently, the rate of crypto-ransomware novel attacks is continuously increasing. As such, it is imperative for detection solutions to be able to discover these novel attacks, also called zero-day attacks. While anomaly detection-based solutions are able to deal with this problem, they suffer the high rate of false alarms. Thus, this paper puts forward a detection model that incorporates anomaly with behavioral detection approaches. In this model, two types of detection estimators were built. The first type is an ensemble of behavioral-based classifiers whereas the second type is an anomaly-based estimator. The decisions of both types of estimators were combined using fusion technique. The proposed model is able to detect the novel attack while maintaining low false alarms rate. By applying the proposed model, the detection rate was increased from 96% to 99% and the false positive rate was as low as 2.4 %

MDEA : malware detection with evolutionary adversarial learning

Many applications have used machine learning as a tool to detect malware. These applications take in raw or processed binary data to feed neural network models to classify benign or malicious files. Even though this approach has proved effective against dynamic changes, such as encrypting, obfuscating and packing techniques, it is vulnerable to specific evasion attacks to where that small changes to the input data cause misclassification at test time. In this paper, I propose MDEA, an Adversarial Malware Detection model that combines a neural network and evolutionary optimization attack samples to make the network robust against evasion attacks. By retraining the model with the evolved malware samples, network performance improves a big margin.Computer Science

Permission based Mobile Malware Detection System using Machine Learning Techniques

Mobile technology has grown dramatically around the world. Nowadays smart mobile devices are ubiquitous, i.e. they serve multiple purposes such as personal mobile communication, data storage, multimedia and entertainment etc. They have become important part of life. Implementing secure mobile and wireless networks is crucial for enterprises operating in the Internet-based business environment. Mobile market share has grown significantly in past few years so that we need to think about mobile security. Mobile security can be compromised due to design flaws, vulnerabilities, and protocol failures in any mobile applications, viruses, spyware, malware and other threats. In this paper we will more focus on mobile malware. Many tools are available in the market to detect malware but new research trend in the mobile security is users should be aware of app before he/she installs from the app store. Hence we propose a novel approach for permission based mobile malware detection system. It is based on static analysis. It has 3 major parts in it 1) a signature database for storing analysis results of training and testing. 2) An Android client who is used by end users for making analysis requests, and 3) a central server plays important role as it communicates with both signature database and smartphone client. We can say that he is the manager of whole analysis process. It alerts user if the app is malicious or the benign based on it user can proceed whether to continue with it or not

An ensemble-based anomaly-behavioural crypto-ransomware pre-encryption detection model

Crypto-ransomware is a malware that leverages cryptography to encrypt files for extortion purposes. Even after neutralizing such attacks, the targeted files remain encrypted. This irreversible effect on the target is what distinguishes crypto-ransomware attacks from traditional malware. Thus, it is imperative to detect such attacks during pre-encryption phase. However, existing crypto-ransomware early detection solutions are not effective due to inaccurate definition of the pre-encryption phase boundaries, insufficient data at that phase and the misuse-based approach that the solutions employ, which is not suitable to detect new (zero-day) attacks. Consequently, those solutions suffer from low detection accuracy and high false alarms. Therefore, this research addressed these issues and developed an Ensemble-Based Anomaly-Behavioural Pre-encryption Detection Model (EABDM) to overcome data insufficiency and improve detection accuracy of known and novel crypto-ransomware attacks. In this research, three phases were used in the development of EABDM. In the first phase, a Dynamic Pre-encryption Boundary Definition and Features Extraction (DPBD-FE) scheme was developed by incorporating Rocchio feedback and vector space model to build a pre-encryption boundary vector. Then, an improved term frequency-inverse document frequency technique was utilized to extract the features from runtime data generated during the pre-encryption phase of crypto-ransomware attacks’ lifecycle. In the second phase, a Maximum of Minimum-Based Enhanced Mutual Information Feature Selection (MM-EMIFS) technique was used to select the informative features set, and prevent overfitting caused by high dimensional data. The MM-EMIFS utilized the developed Redundancy Coefficient Gradual Upweighting (RCGU) technique to overcome data insufficiency during pre-encryption phase and improve feature’s significance estimation. In the final phase, an improved technique called incremental bagging (iBagging) built incremental data subsets for anomaly and behavioural-based detection ensembles. The enhanced semi-random subspace selection (ESRS) technique was then utilized to build noise-free and diverse subspaces for each of these incremental data subsets. Based on the subspaces, the base classifiers were trained for each ensemble. Both ensembles employed the majority voting to combine the decisions of the base classifiers. After that, the decision of the anomaly ensemble was combined into behavioural ensemble, which gave the final decision. The experimental evaluation showed that, DPBD-FE scheme reduced the ratio of crypto-ransomware samples whose pre-encryption boundaries were missed from 18% to 8% as compared to existing works. Additionally, the features selected by MM-EMIFS technique improved the detection accuracy from 89% to 96% as compared to existing techniques. Likewise, on average, the EABDM model increased detection accuracy from 85% to 97.88% and reduced the false positive alarms from 12% to 1% in comparison to existing early detection models. These results demonstrated the ability of the EABDM to improve the detection accuracy of crypto-ransomware attacks early and before the encryption takes place to protect files from being held to ransom

GUIDE FOR THE COLLECTION OF INSTRUSION DATA FOR MALWARE ANALYSIS AND DETECTION IN THE BUILD AND DEPLOYMENT PHASE

During the COVID-19 pandemic, when most businesses were not equipped for remote work and cloud computing, we saw a significant surge in ransomware attacks. This study aims to utilize machine learning and artificial intelligence to prevent known and unknown malware threats from being exploited by threat actors when developers build and deploy applications to the cloud. This study demonstrated an experimental quantitative research design using Aqua. The experiment\u27s sample is a Docker image. Aqua checked the Docker image for malware, sensitive data, Critical/High vulnerabilities, misconfiguration, and OSS license. The data collection approach is experimental. Our analysis of the experiment demonstrated how unapproved images were prevented from running anywhere in our environment based on known vulnerabilities, embedded secrets, OSS licensing, dynamic threat analysis, and secure image configuration. In addition to the experiment, the forensic data collected in the build and deployment phase are exploitable vulnerability, Critical/High Vulnerability Score, Misconfiguration, Sensitive Data, and Root User (Super User). Since Aqua generates a detailed audit record for every event during risk assessment and runtime, we viewed two events on the Audit page for our experiment. One of the events caused an alert due to two failed controls (Vulnerability Score, Super User), and the other was a successful event meaning that the image is secure to deploy in the production environment. The primary finding for our study is the forensic data associated with the two events on the Audit page in Aqua. In addition, Aqua validated our security controls and runtime policies based on the forensic data with both events on the Audit page. Finally, the study’s conclusions will mitigate the likelihood that organizations will fall victim to ransomware by mitigating and preventing the total damage caused by a malware attack

Selected Computing Research Papers Volume 5 June 2016

An Analysis of Current Computer Assisted Learning Techniques Aimed at Boosting Pass Rate Level and Interactivity of Students (Gilbert Bosilong) ........................................ 1 Evaluating the Ability of Anti-Malware to Overcome Code Obfuscation (Matthew Carson) .................................................................................................................................. 9 Evaluation of Current Research in Machine Learning Techniques Used in Anomaly-Based Network Intrusion Detection (Masego Chibaya) ..................................................... 15 A Critical Evaluation of Current Research on Techniques Aimed at Improving Search Efficiency over Encrypted Cloud Data (Kgosi Dickson) ........................................ 21 A Critical Analysis and Evaluation of Current Research on Credit Card Fraud Detection Methods (Lebogang Otto Gaboitaolelwe) .......................................................... 29 Evaluation of Research in Automatic Detection of Emotion from Facial Expressions (Olorato D. Gaonewe) ......................................................................................................... 35 A Critical Evaluation on Methods of Increasing the Detection Rate of Anti-Malware Software (Thomas Gordon) ................................................................................................ 43 An Evaluation of the Effectiveness of the Advanced Intrusion Detection Systems Utilizing Optimization on System Security Technologies (Carlos Lee) ............................ 49 An Evaluation of Current Research on Data Mining Techniques in Decision Support (Keamogetse Mojapelo) ...................................................................................................... 57 A Critical Investigation of the Cognitive Appeal and Impact of Video Games on Players (Kealeboga Charlie Mokgalo) ................................................................................ 65 Evaluation of Computing Research Aimed at Improving Virtualization Implementation in the Cloud (Keletso King Mooketsane) ................................................. 73 A Critical Evaluation of the Technology Used In Robotic Assisted Surgeries (Botshelo Keletso Mosekiemang) ....................................................................................... 79 An Evaluation of Current Bio-Metric Fingerprint Liveness Detection (George Phillipson) ........................................................................................................................... 85 A Critical Evaluation of Current Research into Malware Detection Using Neural-Network Classification (Tebogo Duduetsang Ramatebele) ................................................ 91 Evaluating Indirect Detection of Obfuscated Malware (Benjamin Stuart Roberts) ......... 101 Evaluation of Current Security Techniques for Online Banking Transactions (Annah Vickerman) ....................................................................................................................... 10