14 research outputs found
Cross-temporal Detection of Novel Ransomware Campaigns: A Multi-Modal Alert Approach
We present a novel approach to identify ransomware campaigns derived from
attack timelines representations within victim networks. Malicious activity
profiles developed from multiple alert sources support the construction of
alert graphs. This approach enables an effective and scalable representation of
the attack timelines where individual nodes represent malicious activity
detections with connections describing the potential attack paths. This work
demonstrates adaptability to different attack patterns through implementing a
novel method for parsing and classifying alert graphs while maintaining
efficacy despite potentially low-dimension node features.Comment: Preprint. Under Revie
Detection of Crypto-Ransomware Attack Using Deep Learning
The number one threat to the digital world is the exponential increase in ransomware attacks. Ransomware is malware that prevents victims from accessing their resources by locking or encrypting the data until a ransom is paid. With individuals and businesses growing dependencies on technology and the Internet, researchers in the cyber security field are looking for different measures to prevent malicious attackers from having a successful campaign. A new ransomware variant is being introduced daily, thus behavior-based analysis of detecting ransomware attacks is more effective than the traditional static analysis. This paper proposes a multi-variant classification to detect ransomware I/O operations from benign applications. The deep learning models implemented in the proposed approach are Bi-directional Long Short-Term Memory (Bi-LSTM) and Convolutional Neural Networks (CNN). The deep learning models are compared against a classic machine learning model such as Logistic Regression (LR), Support Vector Machine (SVM), and Random Forest (RF). The ransomware samples contain 70 binaries from 30 different ransomware extracted during the encryption of an extensive network shared directory. The benign samples came from network traffic traces recorded in a campus LAN where staff users access files from shared servers. A sample contains I/O operations (short Control Commands, bytes being read, and written) per second over a period of T seconds. The proposed deep learning models are tested with Zero-day ransomware samples as well. Both Bi-LSTM and CNN achieved above 98% in accurately classifying ransomware and benign samples
Multi-level analysis of Malware using Machine Learning
Multi-level analysis of Malware using Machine Learnin
An efficient combined deep neural network based malware detection framework in 5G environment
While Android smartphones are widely used in 5G networks, third-party application platforms are facing a rapid increase in the screening of applications for market launch. However, on the one hand, due to the receipt of excessive applications for listing, the review requires a lot of time and computing resources. On the other hand, due to the multi-selectivity of Android application features, it is difficult to determine the best feature combination as a criterion for distinguishing benign and malicious software. To address these challenges, this paper proposes an efficient malware detection framework based on deep neural network called DLAMD that can face large-scale samples. An efficient detection framework is designed, which combines the pre-detection phase of rapid detection and the deep detection phase of deep detection. The Android application package (APK) is analyzed in detail, and the permissions and opcodes feature that can distinguish benign from malicious are quickly extracted from the APK. Besides, to obtain the feature subset that can distinguish the attributes most, the random forest with good effect is selected for importance selection and the convolutional neural network (CNN) which automatically extracted the hidden pattern inside features is selected for feature selection. In the experiment, real data from shared malware collection and third-party application download platforms are used to verify the high efficiency of the proposed method. The results show that the comprehensive classification index F1-score of DLAMD can reach 95.69%
Convolutional neural networks for malware classification
According to AV vendors malicious software has been growing exponentially
last years. One of the main reasons for these high volumes is that in order
to evade detection, malware authors started using polymorphic and metamorphic
techniques. As a result, traditional signature-based approaches to
detect malware are being insufficient against new malware and the categorization
of malware samples had become essential to know the basis of the
behavior of malware and to fight back cybercriminals.
During the last decade, solutions that fight against malicious software had
begun using machine learning approaches. Unfortunately, there are few opensource
datasets available for the academic community. One of the biggest
datasets available was released last year in a competition hosted on Kaggle
with data provided by Microsoft for the Big Data Innovators Gathering
(BIG 2015). This thesis presents two novel and scalable approaches using
Convolutional Neural Networks (CNNs) to assign malware to its corresponding
family. On one hand, the first approach makes use of CNNs to learn a
feature hierarchy to discriminate among samples of malware represented as
gray-scale images. On the other hand, the second approach uses the CNN
architecture introduced by Yoon Kim [12] to classify malware samples according
their x86 instructions. The proposed methods achieved an improvement
of 93.86% and 98,56% with respect to the equal probability benchmark
3D Medical Image Segmentation based on multi-scale MPU-Net
The high cure rate of cancer is inextricably linked to physicians' accuracy
in diagnosis and treatment, therefore a model that can accomplish
high-precision tumor segmentation has become a necessity in many applications
of the medical industry. It can effectively lower the rate of misdiagnosis
while considerably lessening the burden on clinicians. However, fully automated
target organ segmentation is problematic due to the irregular stereo structure
of 3D volume organs. As a basic model for this class of real applications,
U-Net excels. It can learn certain global and local features, but still lacks
the capacity to grasp spatial long-range relationships and contextual
information at multiple scales. This paper proposes a tumor segmentation model
MPU-Net for patient volume CT images, which is inspired by Transformer with a
global attention mechanism. By combining image serialization with the Position
Attention Module, the model attempts to comprehend deeper contextual
dependencies and accomplish precise positioning. Each layer of the decoder is
also equipped with a multi-scale module and a cross-attention mechanism. The
capability of feature extraction and integration at different levels has been
enhanced, and the hybrid loss function developed in this study can better
exploit high-resolution characteristic information. Moreover, the suggested
architecture is tested and evaluated on the Liver Tumor Segmentation Challenge
2017 (LiTS 2017) dataset. Compared with the benchmark model U-Net, MPU-Net
shows excellent segmentation results. The dice, accuracy, precision,
specificity, IOU, and MCC metrics for the best model segmentation results are
92.17%, 99.08%, 91.91%, 99.52%, 85.91%, and 91.74%, respectively. Outstanding
indicators in various aspects illustrate the exceptional performance of this
framework in automatic medical image segmentation.Comment: 37 page
Ransomware detection using the dynamic analysis and machine learning: A survey and research directions
Ransomware is an ill-famed malware that has received recognition because of its lethal and irrevocable effects on its victims. The irreparable loss caused due to ransomware requires the timely detection of these attacks. Several studies including surveys and reviews are conducted on the evolution, taxonomy, trends, threats, and countermeasures of ransomware. Some of these studies were specifically dedicated to IoT and android platforms. However, there is not a single study in the available literature that addresses the significance of dynamic analysis for the ransomware detection studies for all the targeted platforms. This study also provides the information about the datasets collection from its sources, which were utilized in the ransomware detection studies of the diverse platforms. This study is also distinct in terms of providing a survey about the ransomware detection studies utilizing machine learning, deep learning, and blend of both techniques while capitalizing on the advantages of dynamic analysis for the ransomware detection. The presented work considers the ransomware detection studies conducted from 2019 to 2021. This study provides an ample list of future directions which will pave the way for future research
Recommended from our members
Ransomware detection using deep learning based unsupervised feature extraction and a cost sensitive Pareto Ensemble classifier
Ransomware attacks pose a serious threat to Internet resources due to their far-reaching effects. It's Zero-day variants are even more hazardous, as less is known about them. In this regard, when used for ransomware attack detection, conventional machine learning approaches may become data-dependent, insensitive to error cost, and thus may not tackle zero-day ransomware attacks. Zero-day ransomware have normally unseen underlying data distribution. This paper presents a Cost-Sensitive Pareto Ensemble strategy, CSPE-R to detect novel Ransomware attacks. Initially, the proposed framework exploits the unsupervised deep Contractive Auto Encoder (CAE) to transform the underlying varying feature space to a more uniform and core semantic feature space. To learn the robust features, the proposed CSPE-R ensemble technique explores different semantic spaces at various levels of detail. Heterogeneous base estimators are then trained over these extracted subspaces to find the core relevance between the various families of the ransomware attacks. Then, a novel Pareto Ensemble-based estimator selection strategy is implemented to achieve a cost-sensitive compromise between false positives and false negatives. Finally, the decision of selected estimators are aggregated to improve the detection against unknown ransomware attacks. The experimental results show that the proposed CSPE-R framework performs well against zero-day ransomware attacks
Tight Arms Race: Overview of Current Malware Threats and Trends in Their Detection
Cyber attacks are currently blooming, as the attackers reap significant profits from them and face a limited risk when compared to committing the "classical" crimes. One of the major components that leads to the successful compromising of the targeted system is malicious software. It allows using the victim's machine for various nefarious purposes, e.g., making it a part of the botnet, mining cryptocurrencies, or holding hostage the data stored there. At present, the complexity, proliferation, and variety of malware pose a real challenge for the existing countermeasures and require their constant improvements. That is why, in this paper we first perform a detailed meta-review of the existing surveys related to malware and its detection techniques, showing an arms race between these two sides of a barricade. On this basis, we review the evolution of modern threats in the communication networks, with a particular focus on the techniques employing information hiding. Next, we present the bird's eye view portraying the main development trends in detection methods with a special emphasis on the machine learning techniques. The survey is concluded with the description of potential future research directions in the field of malware detection