194 research outputs found
Deep Learning Models for Detecting Malware Attacks
Malware is one of the most common and severe cyber-attack today. Malware
infects millions of devices and can perform several malicious activities
including mining sensitive data, encrypting data, crippling system performance,
and many more. Hence, malware detection is crucial to protect our computers and
mobile devices from malware attacks. Deep learning (DL) is one of the emerging
and promising technologies for detecting malware. The recent high production of
malware variants against desktop and mobile platforms makes DL algorithms
powerful approaches for building scalable and advanced malware detection models
as they can handle big datasets. This work explores current deep learning
technologies for detecting malware attacks on the Windows, Linux, and Android
platforms. Specifically, we present different categories of DL algorithms,
network optimizers, and regularization methods. Different loss functions,
activation functions, and frameworks for implementing DL models are presented.
We also present feature extraction approaches and a review of recent DL-based
models for detecting malware attacks on the above platforms. Furthermore, this
work presents major research issues on malware detection including future
directions to further advance knowledge and research in this field.Comment: Revised figures 2 and 3, revised title, remove typos page 1
Malware Detection Approaches based on Operational Codes (OpCodes) of Executable Programs: A Review
A malicious software, or Malware for a short, poses a threat to computer systems, which need to be analyzed, detected, and eliminated. Generally, malware is analyzed in two ways: dynamic malware analysis and static malware analysis. The former collects features dataset during running of the malware, and involves malware APIs, registry activities, file activities, process activities, and network activities based features. The latter collects features dataset prior and without running the malware, and involves Operational Codes (OpCodes) and text based (Bytecodes) features. However, several previous researchers addressed and reviewed malware detection approaches based on various aspects, but none of them addressed and reviewed the approaches merely based on malware OpCodes. Therefore, this paper aims to review Malware Detection Approaches based on OpCodes. The review explores, demonstrates, and compares the existing approaches for detecting malware according to their OpCodes only, and finally presents a comprehensive comparable envisage about them
Op2Vec: An Opcode Embedding Technique and Dataset Design for End-to-End Detection of Android Malware
Android is one of the leading operating systems for smart phones in terms of
market share and usage. Unfortunately, it is also an appealing target for
attackers to compromise its security through malicious applications. To tackle
this issue, domain experts and researchers are trying different techniques to
stop such attacks. All the attempts of securing Android platform are somewhat
successful. However, existing detection techniques have severe shortcomings,
including the cumbersome process of feature engineering. Designing
representative features require expert domain knowledge. There is a need for
minimizing human experts' intervention by circumventing handcrafted feature
engineering. Deep learning could be exploited by extracting deep features
automatically. Previous work has shown that operational codes (opcodes) of
executables provide key information to be used with deep learning models for
detection process of malicious applications. The only challenge is to feed
opcodes information to deep learning models. Existing techniques use one-hot
encoding to tackle the challenge. However, the one-hot encoding scheme has
severe limitations. In this paper, we introduce; (1) a novel technique for
opcodes embedding, which we name Op2Vec, (2) based on the learned Op2Vec we
have developed a dataset for end-to-end detection of android malware.
Introducing the end-to-end Android malware detection technique avoids
expert-intensive handcrafted features extraction, and ensures automation. Some
of the recent deep learning-based techniques showed significantly improved
results when tested with the proposed approach and achieved an average
detection accuracy of 97.47%, precision of 0.976 and F1 score of 0.979
MDFRCNN: Malware Detection using Faster Region Proposals Convolution Neural Network
Technological advancement of smart devices has opened up a new trend: Internet of Everything (IoE), where all devices are connected to the web. Large scale networking benefits the community by increasing connectivity and giving control of physical devices. On the other hand, there exists an increased âThreatâ of an âAttackâ. Attackers are targeting these devices, as it may provide an easier âbackdoor entry to the usersâ networkâ.MALicious softWARE (MalWare) is a major threat to user security. Fast and accurate detection of malware attacks are the sine qua non of IoE, where large scale networking is involved. The paper proposes use of a visualization technique where the disassembled malware code is converted into gray images, as well as use of Image Similarity based Statistical Parameters (ISSP) such as Normalized Cross correlation (NCC), Average difference (AD), Maximum difference (MaxD), Singular Structural Similarity Index Module (SSIM), Laplacian Mean Square Error (LMSE), MSE and PSNR. A vector consisting of gray image with statistical parameters is trained using a Faster Region proposals Convolution Neural Network (F-RCNN) classifier. The experiment results are promising as the proposed method includes ISSP with F-RCNN training. Overall training time of learning the semantics of higher-level malicious behaviors is less. Identification of malware (testing phase) is also performed in less time. The fusion of image and statistical parameter enhances system performance with greater accuracy. The benchmark database from Microsoft Malware Classification challenge has been used to analyze system performance, which is available on the Kaggle website. An overall average classification accuracy of 98.12% is achieved by the proposed method
Enhancing cloud security through the integration of deep learning and data mining techniques: A comprehensive review
Cloud computing is crucial in all areas of data storage and online service delivery. It adds various benefits to the conventional storage and sharing system, such as simple access, on-demand storage, scalability, and cost savings. The employment of its rapidly expanding technologies may give several benefits in protecting the Internet of Things (IoT) and physical cyber systems (CPS) from various cyber threats, with IoT and CPS providing facilities for people in their everyday lives. Because malware (malware) is on the rise and there is no well-known strategy for malware detection, leveraging the cloud environment to identify malware might be a viable way forward. To avoid detection, a new kind of malware employs complex jamming and packing methods. Because of this, it is very hard to identify sophisticated malware using typical detection methods. The article presents a detailed assessment of cloud-based malware detection technologies, as well as insight into understanding the cloud's use in protecting the Internet of Things and critical infrastructure from intrusions. This study examines the benefits and drawbacks of cloud environments in malware detection, as well as presents a methodology for detecting cloud-based malware using deep learning and data extraction and highlights new research on the issues of propagating existing malware. Finally, similarities and variations across detection approaches will be exposed, as well as detection technique flaws. The findings of this work may be utilized to highlight the current issue being tackled in malware research in the future
A Survey on Malware Detection with Graph Representation Learning
Malware detection has become a major concern due to the increasing number and
complexity of malware. Traditional detection methods based on signatures and
heuristics are used for malware detection, but unfortunately, they suffer from
poor generalization to unknown attacks and can be easily circumvented using
obfuscation techniques. In recent years, Machine Learning (ML) and notably Deep
Learning (DL) achieved impressive results in malware detection by learning
useful representations from data and have become a solution preferred over
traditional methods. More recently, the application of such techniques on
graph-structured data has achieved state-of-the-art performance in various
domains and demonstrates promising results in learning more robust
representations from malware. Yet, no literature review focusing on graph-based
deep learning for malware detection exists. In this survey, we provide an
in-depth literature review to summarize and unify existing works under the
common approaches and architectures. We notably demonstrate that Graph Neural
Networks (GNNs) reach competitive results in learning robust embeddings from
malware represented as expressive graph structures, leading to an efficient
detection by downstream classifiers. This paper also reviews adversarial
attacks that are utilized to fool graph-based detection methods. Challenges and
future research directions are discussed at the end of the paper.Comment: Preprint, submitted to ACM Computing Surveys on March 2023. For any
suggestions or improvements, please contact me directly by e-mai
Machine-Learning Classifiers for Malware Detection Using Data Features
The spread of ransomware has risen exponentially over the past decade, causing huge financial damage to multiple organizations. Various anti-ransomware firms have suggested methods for preventing malware threats. The growing pace, scale and sophistication of malware provide the anti-malware industry with more challenges. Recent literature indicates that academics and anti-virus organizations have begun to use artificial learning as well as fundamental modeling techniques for the research and identification of malware. Orthodox signature-based anti-virus programs struggle to identify unfamiliar malware and track new forms of malware. In this study, a malware evaluation framework focused on machine learning was adopted that consists of several modules: dataset compiling in two separate classes (malicious and benign software), file disassembly, data processing, decision making, and updated malware identification. The data processing module uses grey images, functions for importing and Opcode n-gram to remove malware functionality. The decision making module detects malware and recognizes suspected malware. Different classifiers were considered in the research methodology for the detection and classification of malware. Its effectiveness was validated on the basis of the accuracy of the complete process
Discovering Malicious Signatures in Software from Structural Interactions
Malware represents a significant security concern in today's digital
landscape, as it can destroy or disable operating systems, steal sensitive user
information, and occupy valuable disk space. However, current malware detection
methods, such as static-based and dynamic-based approaches, struggle to
identify newly developed (``zero-day") malware and are limited by customized
virtual machine (VM) environments. To overcome these limitations, we propose a
novel malware detection approach that leverages deep learning, mathematical
techniques, and network science. Our approach focuses on static and dynamic
analysis and utilizes the Low-Level Virtual Machine (LLVM) to profile
applications within a complex network. The generated network topologies are
input into the GraphSAGE architecture to efficiently distinguish between benign
and malicious software applications, with the operation names denoted as node
features. Importantly, the GraphSAGE models analyze the network's topological
geometry to make predictions, enabling them to detect state-of-the-art malware
and prevent potential damage during execution in a VM. To evaluate our
approach, we conduct a study on a dataset comprising source code from 24,376
applications, specifically written in C/C++, sourced directly from
widely-recognized malware and various types of benign software. The results
show a high detection performance with an Area Under the Receiver Operating
Characteristic Curve (AUROC) of 99.85%. Our approach marks a substantial
improvement in malware detection, providing a notably more accurate and
efficient solution when compared to current state-of-the-art malware detection
methods.Comment: ICASSP 2024, Accepte
Mobile Malware Behaviour through Opcode Analysis
As the popularity of mobile devices are on the rise, millions of users are now exposed to mobile malware threats. Malware is known for its ability in causing damage to mobile devices. Attackers often use it as a way to use the resources available and for other cybercriminal benefits such stealing usersâ data, credentials and credit card number. Various detection techniques have been introduced in mitigating mobile malware, yet the malware author has its own method to overcome the detection method. This paper presents mobile malware analysis approaches through opcode analysis. Opcode analysis on mobile malware reveals the behaviour of malicious application in the binary level. The comparison made between the numbers of opcode occurrence from a malicious application and benign shows a significance traits. These differences can be used in classifying the malicious and benign mobile application
- âŠ