Behavior-based anomaly detection on big data

Recently, cyber-targeted attacks such as APT (Advanced Persistent Threat) are rapidly growing as a social and national threat. It is an intelligent cyber-attack that infiltrates the target organization and enterprise clandestinely using various methods and causes considerable damage by making a final attack after long-term and through preparations. These attacks are threatening cyber worlds such as Internet by infecting and attacking the devices on this environment with the malicious code, and by destroying them or gaining their authorities. Detecting these attacks requires collecting and analysing data from various sources (network, host, security equipment, and devices) over the long haul. Therefore, we propose the method that can recognize the cyber-targeted attack and detect the abnormal behavior based on Big Data. The proposed approach analyses faster and precisely various logs and monitoring data using Big Data storage and processing technology. In particular, we evaluated that the suspicious behavior analysis using MapReduce is effective in analysing large-scale behavior monitoring and log data from various sources

Analysis of Feature Categories for Malware Visualization

It is important to know which features are more effective for certain visualization types. Furthermore, selecting an appropriate visualization tool plays a key role in descriptive, diagnostic, predictive and prescriptive analytics. Moreover, analyzing the activities of malicious scripts or codes is dependent on the extracted features. In this paper, the authors focused on reviewing and classifying the most common extracted features that have been used for malware visualization based on specified categories. This study examines the features categories and its usefulness for effective malware visualization. Additionally, it focuses on the common extracted features that have been used in the malware visualization domain. Therefore, the conducted literature review finding revealed that the features could be categorized into four main categories, namely, static, dynamic, hybrid, and application metadata. The contribution of this research paper is about feature selection for illustrating which features are effective with which visualization tools for malware visualization

Ensemble Method for Mobile Malware Detection using N-Gram Sequences of System Calls

Mobile device has become an essential tool among the community across the globe and has turned into a necessity in daily life. An extensive usage of mobile devices for everyday life tasks such as online banking, online shopping and exchanging e-mails has enable mobile devices to become data storage for users. The data stored in these mobile devices can contain sensitive and critical information to the users. Hence, making mobile devices as the prime target for cybercriminal. To date, Android based mobile devices is one of the mobile devices that are dominating the phone market. Moreover, the ease of use and open-source feature has made Android based mobile devices popular. However, the widely used Android mobile devices has encourage malware author to write malicious application. In a short duration of time mobile malware has rapidly evolve and have the capability to bypass signature detection approach which requires a constant signature update to detect mobile malware. To overcome this drawback an anomaly detection approach can be used to mitigate this issue. Yet, using a single classifier in an anomaly detection approach will not improve the classification detection performance. Based on this reason, this research formulates an ensemble classification method of different n-gram system call sequence features to improve the accuracy of mobile malware detection. This research proposes n-number of classifier models for each different n-gram sequence call feature. The probability output of each classifier is then combined to produce a better classification performance which is better compared to a single classifier

Modeling the C(o)urse of Privacy-critical Location-based Services – Exposing Dark Side Archetypes of Location Tracking

With the ubiquitous use of mobile devices, location-based services (LBS) have rapidly pervaded daily life. By providing context- and location-specific information, LBS enable a myriad of opportunities for individuals and organizations. However, the manifold advantages come along with a radical increase in location privacy concerns and non-transparent data flows between the various actors involved. While research often focuses on protecting the dyadic relation between the user and LBS provider, the entirety of dark sides constituting privacy violations remains hidden. In this paper, we follow the paradigm of architectural thinking to shed light on the diverse dark sides emerging in today’s LBS. By drawing on a multiple case study and developing a notation for architectural maps that help understand LBS from a socio-technical and privacy-oriented perspective, we reveal six dark side archetypes of LBS

Machine Learning Techniques for Malware Detection with Challenges and Future Directions

In the recent times Cybersecurity is the hot research topic because of its sensitivity. Especially at the times of digital world where everything is now transformed into digital medium. All the critical transactions are being carried out online with internet applications. Malware is an important issue which has the capability of stealing the privacy and funds from an ordinary person who is doing sensitive transactions through his mobile device. Researchers in the current time are striving to develop efficient techniques to detect these kinds of attacks. Not only individuals are getting offended even the governments are getting effected by these kinds of attacks and losing big amount of funds. In this work various Artificial intelligent and machine learning techniques are discussed which were implements for the detection of malware. Traditional machine learning techniques like Decision tree, K-Nearest Neighbor and Support vector machine and further to advanced machine learning techniques like Artificial neural network and convolution neural network are discussed. Among the discussed techniques, the work got the highest accuracy is 99% followed by 98.422%, 97.3% and 96% where the authors have implemented package-level API calls as feature, followed by advanced classification technique. Also, dataset details are discussed and listed which were used for the experimentation of malware detection, among the many dataset DREBIN had the most significant number of samples with 123453 Benign samples and 5560 Malware samples. Finally, open challenges are listed, and the future directions are highlighted which would encourage a new researcher to adopt this field of research and solve these open challenges with the help of future direction details provided in this paper. The paper is concluded with the limitation and conclusion sectio

Hybrid intrusion detection system based on the stacking ensemble of C5 decision tree classifier and one class support vector machine

Cyberttacks are becoming increasingly sophisticated, necessitating the efficient intrusion detection mechanisms to monitor computer resources and generate reports on anomalous or suspicious activities. Many Intrusion Detection Systems (IDSs) use a single classifier for identifying intrusions. Single classifier IDSs are unable to achieve high accuracy and low false alarm rates due to polymorphic, metamorphic, and zero-day behaviors of malware. In this paper, a Hybrid IDS (HIDS) is proposed by combining the C5 decision tree classifier and One Class Support Vector Machine (OC-SVM). HIDS combines the strengths of SIDS) and Anomaly-based Intrusion Detection System (AIDS). The SIDS was developed based on the C5.0 Decision tree classifier and AIDS was developed based on the one-class Support Vector Machine (SVM). This framework aims to identify both the well-known intrusions and zero-day attacks with high detection accuracy and low false-alarm rates. The proposed HIDS is evaluated using the benchmark datasets, namely, Network Security Laboratory-Knowledge Discovery in Databases (NSL-KDD) and Australian Defence Force Academy (ADFA) datasets. Studies show that the performance of HIDS is enhanced, compared to SIDS and AIDS in terms of detection rate and low false-alarm rates. © 2020 by the authors. Licensee MDPI, Basel, Switzerland

An Adaptive Feature Centric XG Boost Ensemble Classifier Model for Improved Malware Detection and Classification

Machine learning (ML) is often used to solve the problem of malware detection and classification and various machine learning approaches are adapted to the problem of malware classification; still  acquiring poor performance by the way of feature selection, and classification. To manage the issue, an efficient Adaptive Feature Centric XG Boost Ensemble Learner Classifier “AFC-XG Boost” novel algorithm is presented in this paper. The proposed model has been designed to handle varying data sets of malware detection obtained from Kaggle data set. The model turns the process of XG Boost classifier in several stages to optimize the performance. At preprocessing stage, the data set given has been noise removed, normalized and tamper removed using Feature Base Optimizer “FBO” algorithm. The FBO would normalize the data points as well as performs noise removal according to the feature values and their base information. Similarly, the performance of standard XG Boost has been optimized by adapting Feature selection using Class Based Principle Component Analysis “CBPCA” algorithm, which performs feature selection according to the fitness of any feature for different classes. Based on the selected features, the method generates regression tree for each feature considered. Based on the generated trees, the method performs classification by computing Tree Level Ensemble Similarity “TLES” and Class Level Ensemble Similarity “CLES”. Using both method computes the value of Class Match Similarity “CMS” based on which the malware has been classified. The proposed approach achieves 97% accuracy in malware detection and classification with the less time complexity of 34 seconds for 75000 sample