102 research outputs found
Comparison of Deep Learning and the Classical Machine Learning Algorithm for the Malware Detection
Recently, Deep Learning has been showing promising results in various
Artificial Intelligence applications like image recognition, natural language
processing, language modeling, neural machine translation, etc. Although, in
general, it is computationally more expensive as compared to classical machine
learning techniques, their results are found to be more effective in some
cases. Therefore, in this paper, we investigated and compared one of the Deep
Learning Architecture called Deep Neural Network (DNN) with the classical
Random Forest (RF) machine learning algorithm for the malware classification.
We studied the performance of the classical RF and DNN with 2, 4 & 7 layers
architectures with the four different feature sets, and found that irrespective
of the features inputs, the classical RF accuracy outperforms the DNN.Comment: 11 Pages, 1 figur
An investigation of a deep learning based malware detection system
We investigate a Deep Learning based system for malware detection. In the
investigation, we experiment with different combination of Deep Learning
architectures including Auto-Encoders, and Deep Neural Networks with varying
layers over Malicia malware dataset on which earlier studies have obtained an
accuracy of (98%) with an acceptable False Positive Rates (1.07%). But these
results were done using extensive man-made custom domain features and investing
corresponding feature engineering and design efforts. In our proposed approach,
besides improving the previous best results (99.21% accuracy and a False
Positive Rate of 0.19%) indicates that Deep Learning based systems could
deliver an effective defense against malware. Since it is good in automatically
extracting higher conceptual features from the data, Deep Learning based
systems could provide an effective, general and scalable mechanism for
detection of existing and unknown malware.Comment: 13 Pages, 4 figure
A Threat to Cyber Resilience : A Malware Rebirthing Botnet
This paper presents a threat to cyber resilience in the form of a conceptual model of a malware rebirthing botnet which can be used in a variety of scenarios. It can be used to collect existing malware and rebirth it with new functionality and signatures that will avoid detection by AV software and hinder analysis. The botnet can then use the customized malware to target an organization with an orchestrated attack from the member machines in the botnet for a variety of malicious purposes, including information warfare applications. Alternatively, it can also be used to inject known malware signatures into otherwise non malicious code and traffic to overloading the sensors and processing systems employed by intrusion detection and prevention systems to create a denial of confidence of the sensors and detection systems. This could be used as a force multiplier in asymmetric warfare applications to create confusion and distraction whilst attacks are made on other defensive fronts
Visualization Techniques For Malware Behavior Analysis
Malware spread via Internet is a great security threat, so studying their behavior is important to identify and classify them. Using SSDT hooking we can obtain malware behavior by running it in a controlled environment and capturing interactions with the target operating system regarding file, process, registry, network and mutex activities. This generates a chain of events that can be used to compare them with other known malware. In this paper we present a simple approach to convert malware behavior into activity graphs and show some visualization techniques that can be used to analyze malware behavior, individually or grouped. © 2011 SPIE.8019The Society of Photo-Optical Instrumentation Engineers (SPIE)Tufte, E.R., (2001) The Visual Display of Quantitative Information, , Graphic PressKeim, D., Visual data mining. Tutorial (1997) Proc. 23rd International Conference on Very Large Data BasesCleveland, W.S., (1993) Visualizing Data, , Hobart PressGrégio, A.R.A., Aplicação de técnicas de data mining para a análise de logs de tráfego tcp/ip (2007) Applied Computing at INPE - Brazilian Institute for Space Research, , Masters dissertationInselberg, A., The plane with parallel coordinates (1985) The Visual Computer, 1 (2), pp. 69-91Inselberg, A., (2009) Parallel Coordinates - Visual Multidimensional Geometry and its Applications, , SpringerKohonen, T., (1997) Self-Organizing Maps, , SpringerBeddow, J., Shape coding of multidimensional data on a mircocomputer display (1990) Proc. of the First IEEE Conference on Visualization, pp. 238-246Keim, D.A., Kriegel, H.-P., Using visualization to support data mining of large existing databases (1993) Proc. IEEE Visualization '93 WorkshopShneiderman, B., Tree visualization with tree-maps: A 2-D space-filling approach (1991) ACM Transactions on Graphics, 11, pp. 92-99www.shadowserver.orgwww.cert.brwww.cert.br/docs/whitepapers/spambotsCalais, P.H., Pires, D.E.V., Guedes, D.O., Meira Jr., W., Hoepers, C., Steding-Jessen, K., A campaign-based characterization of spamming strategies (2008) Proc. of Fifth Conference on E-mail and Anti-Spa
Effective methods to detect metamorphic malware: A systematic review
The succeeding code for metamorphic Malware is routinely rewritten to
remain stealthy and undetected within infected environments. This characteristic is
maintained by means of encryption and decryption methods, obfuscation through
garbage code insertion, code transformation and registry modification which makes
detection very challenging. The main objective of this study is to contribute an
evidence-based narrative demonstrating the effectiveness of recent proposals. Sixteen
primary studies were included in this analysis based on a pre-defined protocol. The
majority of the reviewed detection methods used Opcode, Control Flow Graph (CFG)
and API Call Graph. Key challenges facing the detection of metamorphic malware
include code obfuscation, lack of dynamic capabilities to analyse code and application
difficulty. Methods were further analysed on the basis of their approach, limitation,
empirical evidence and key parameters such as dataset, Detection Rate (DR) and
False Positive Rate (FPR)
- …