Cross-temporal Detection of Novel Ransomware Campaigns: A Multi-Modal Alert Approach

We present a novel approach to identify ransomware campaigns derived from attack timelines representations within victim networks. Malicious activity profiles developed from multiple alert sources support the construction of alert graphs. This approach enables an effective and scalable representation of the attack timelines where individual nodes represent malicious activity detections with connections describing the potential attack paths. This work demonstrates adaptability to different attack patterns through implementing a novel method for parsing and classifying alert graphs while maintaining efficacy despite potentially low-dimension node features.Comment: Preprint. Under Revie

Detection of Crypto-Ransomware Attack Using Deep Learning

The number one threat to the digital world is the exponential increase in ransomware attacks. Ransomware is malware that prevents victims from accessing their resources by locking or encrypting the data until a ransom is paid. With individuals and businesses growing dependencies on technology and the Internet, researchers in the cyber security field are looking for different measures to prevent malicious attackers from having a successful campaign. A new ransomware variant is being introduced daily, thus behavior-based analysis of detecting ransomware attacks is more effective than the traditional static analysis. This paper proposes a multi-variant classification to detect ransomware I/O operations from benign applications. The deep learning models implemented in the proposed approach are Bi-directional Long Short-Term Memory (Bi-LSTM) and Convolutional Neural Networks (CNN). The deep learning models are compared against a classic machine learning model such as Logistic Regression (LR), Support Vector Machine (SVM), and Random Forest (RF). The ransomware samples contain 70 binaries from 30 different ransomware extracted during the encryption of an extensive network shared directory. The benign samples came from network traffic traces recorded in a campus LAN where staff users access files from shared servers. A sample contains I/O operations (short Control Commands, bytes being read, and written) per second over a period of T seconds. The proposed deep learning models are tested with Zero-day ransomware samples as well. Both Bi-LSTM and CNN achieved above 98% in accurately classifying ransomware and benign samples

Multi-level analysis of Malware using Machine Learning

Multi-level analysis of Malware using Machine Learnin

An efficient combined deep neural network based malware detection framework in 5G environment

While Android smartphones are widely used in 5G networks, third-party application platforms are facing a rapid increase in the screening of applications for market launch. However, on the one hand, due to the receipt of excessive applications for listing, the review requires a lot of time and computing resources. On the other hand, due to the multi-selectivity of Android application features, it is difficult to determine the best feature combination as a criterion for distinguishing benign and malicious software. To address these challenges, this paper proposes an efficient malware detection framework based on deep neural network called DLAMD that can face large-scale samples. An efficient detection framework is designed, which combines the pre-detection phase of rapid detection and the deep detection phase of deep detection. The Android application package (APK) is analyzed in detail, and the permissions and opcodes feature that can distinguish benign from malicious are quickly extracted from the APK. Besides, to obtain the feature subset that can distinguish the attributes most, the random forest with good effect is selected for importance selection and the convolutional neural network (CNN) which automatically extracted the hidden pattern inside features is selected for feature selection. In the experiment, real data from shared malware collection and third-party application download platforms are used to verify the high efficiency of the proposed method. The results show that the comprehensive classification index F1-score of DLAMD can reach 95.69%

Convolutional neural networks for malware classification

According to AV vendors malicious software has been growing exponentially last years. One of the main reasons for these high volumes is that in order to evade detection, malware authors started using polymorphic and metamorphic techniques. As a result, traditional signature-based approaches to detect malware are being insufficient against new malware and the categorization of malware samples had become essential to know the basis of the behavior of malware and to fight back cybercriminals. During the last decade, solutions that fight against malicious software had begun using machine learning approaches. Unfortunately, there are few opensource datasets available for the academic community. One of the biggest datasets available was released last year in a competition hosted on Kaggle with data provided by Microsoft for the Big Data Innovators Gathering (BIG 2015). This thesis presents two novel and scalable approaches using Convolutional Neural Networks (CNNs) to assign malware to its corresponding family. On one hand, the first approach makes use of CNNs to learn a feature hierarchy to discriminate among samples of malware represented as gray-scale images. On the other hand, the second approach uses the CNN architecture introduced by Yoon Kim [12] to classify malware samples according their x86 instructions. The proposed methods achieved an improvement of 93.86% and 98,56% with respect to the equal probability benchmark

3D Medical Image Segmentation based on multi-scale MPU-Net

The high cure rate of cancer is inextricably linked to physicians' accuracy in diagnosis and treatment, therefore a model that can accomplish high-precision tumor segmentation has become a necessity in many applications of the medical industry. It can effectively lower the rate of misdiagnosis while considerably lessening the burden on clinicians. However, fully automated target organ segmentation is problematic due to the irregular stereo structure of 3D volume organs. As a basic model for this class of real applications, U-Net excels. It can learn certain global and local features, but still lacks the capacity to grasp spatial long-range relationships and contextual information at multiple scales. This paper proposes a tumor segmentation model MPU-Net for patient volume CT images, which is inspired by Transformer with a global attention mechanism. By combining image serialization with the Position Attention Module, the model attempts to comprehend deeper contextual dependencies and accomplish precise positioning. Each layer of the decoder is also equipped with a multi-scale module and a cross-attention mechanism. The capability of feature extraction and integration at different levels has been enhanced, and the hybrid loss function developed in this study can better exploit high-resolution characteristic information. Moreover, the suggested architecture is tested and evaluated on the Liver Tumor Segmentation Challenge 2017 (LiTS 2017) dataset. Compared with the benchmark model U-Net, MPU-Net shows excellent segmentation results. The dice, accuracy, precision, specificity, IOU, and MCC metrics for the best model segmentation results are 92.17%, 99.08%, 91.91%, 99.52%, 85.91%, and 91.74%, respectively. Outstanding indicators in various aspects illustrate the exceptional performance of this framework in automatic medical image segmentation.Comment: 37 page

Ransomware detection using the dynamic analysis and machine learning: A survey and research directions

Ransomware is an ill-famed malware that has received recognition because of its lethal and irrevocable effects on its victims. The irreparable loss caused due to ransomware requires the timely detection of these attacks. Several studies including surveys and reviews are conducted on the evolution, taxonomy, trends, threats, and countermeasures of ransomware. Some of these studies were specifically dedicated to IoT and android platforms. However, there is not a single study in the available literature that addresses the significance of dynamic analysis for the ransomware detection studies for all the targeted platforms. This study also provides the information about the datasets collection from its sources, which were utilized in the ransomware detection studies of the diverse platforms. This study is also distinct in terms of providing a survey about the ransomware detection studies utilizing machine learning, deep learning, and blend of both techniques while capitalizing on the advantages of dynamic analysis for the ransomware detection. The presented work considers the ransomware detection studies conducted from 2019 to 2021. This study provides an ample list of future directions which will pave the way for future research

Ransomware detection using deep learning based unsupervised feature extraction and a cost sensitive Pareto Ensemble classifier

Ransomware attacks pose a serious threat to Internet resources due to their far-reaching effects. It's Zero-day variants are even more hazardous, as less is known about them. In this regard, when used for ransomware attack detection, conventional machine learning approaches may become data-dependent, insensitive to error cost, and thus may not tackle zero-day ransomware attacks. Zero-day ransomware have normally unseen underlying data distribution. This paper presents a Cost-Sensitive Pareto Ensemble strategy, CSPE-R to detect novel Ransomware attacks. Initially, the proposed framework exploits the unsupervised deep Contractive Auto Encoder (CAE) to transform the underlying varying feature space to a more uniform and core semantic feature space. To learn the robust features, the proposed CSPE-R ensemble technique explores different semantic spaces at various levels of detail. Heterogeneous base estimators are then trained over these extracted subspaces to find the core relevance between the various families of the ransomware attacks. Then, a novel Pareto Ensemble-based estimator selection strategy is implemented to achieve a cost-sensitive compromise between false positives and false negatives. Finally, the decision of selected estimators are aggregated to improve the detection against unknown ransomware attacks. The experimental results show that the proposed CSPE-R framework performs well against zero-day ransomware attacks

Tight Arms Race: Overview of Current Malware Threats and Trends in Their Detection

Cyber attacks are currently blooming, as the attackers reap significant profits from them and face a limited risk when compared to committing the "classical" crimes. One of the major components that leads to the successful compromising of the targeted system is malicious software. It allows using the victim's machine for various nefarious purposes, e.g., making it a part of the botnet, mining cryptocurrencies, or holding hostage the data stored there. At present, the complexity, proliferation, and variety of malware pose a real challenge for the existing countermeasures and require their constant improvements. That is why, in this paper we first perform a detailed meta-review of the existing surveys related to malware and its detection techniques, showing an arms race between these two sides of a barricade. On this basis, we review the evolution of modern threats in the communication networks, with a particular focus on the techniques employing information hiding. Next, we present the bird's eye view portraying the main development trends in detection methods with a special emphasis on the machine learning techniques. The survey is concluded with the description of potential future research directions in the field of malware detection