87 research outputs found
Reliable Malware Analysis and Detection using Topology Data Analysis
Increasingly, malwares are becoming complex and they are spreading on
networks targeting different infrastructures and personal-end devices to
collect, modify, and destroy victim information. Malware behaviors are
polymorphic, metamorphic, persistent, able to hide to bypass detectors and
adapt to new environments, and even leverage machine learning techniques to
better damage targets. Thus, it makes them difficult to analyze and detect with
traditional endpoint detection and response, intrusion detection and prevention
systems. To defend against malwares, recent work has proposed different
techniques based on signatures and machine learning. In this paper, we propose
to use an algebraic topological approach called topological-based data analysis
(TDA) to efficiently analyze and detect complex malware patterns. Next, we
compare the different TDA techniques (i.e., persistence homology, tomato, TDA
Mapper) and existing techniques (i.e., PCA, UMAP, t-SNE) using different
classifiers including random forest, decision tree, xgboost, and lightgbm. We
also propose some recommendations to deploy the best-identified models for
malware detection at scale. Results show that TDA Mapper (combined with PCA) is
better for clustering and for identifying hidden relationships between malware
clusters compared to PCA. Persistent diagrams are better to identify
overlapping malware clusters with low execution time compared to UMAP and
t-SNE. For malware detection, malware analysts can use Random Forest and
Decision Tree with t-SNE and Persistent Diagram to achieve better performance
and robustness on noised data
DroidDetectMW: A Hybrid Intelligent Model for Android Malware Detection
Malicious apps specifically aimed at the Android platform have increased in tandem with the proliferation of mobile devices. Malware is now so carefully written that it is difficult to detect. Due to the exponential growth in malware, manual methods of malware are increasingly ineffective. Although prior writers have proposed numerous high-quality approaches, static and dynamic assessments inherently necessitate intricate procedures. The obfuscation methods used by modern malware are incredibly complex and clever. As a result, it cannot be detected using only static malware analysis. As a result, this work presents a hybrid analysis approach, partially tailored for multiple-feature data, for identifying Android malware and classifying malware families to improve Android malware detection and classification. This paper offers a hybrid method that combines static and dynamic malware analysis to give a full view of the threat. Three distinct phases make up the framework proposed in this research. Normalization and feature extraction procedures are used in the first phase of pre-processing. Both static and dynamic features undergo feature selection in the second phase. Two feature selection strategies are proposed to choose the best subset of features to use for both static and dynamic features. The third phase involves applying a newly proposed detection model to classify android apps; this model uses a neural network optimized with an improved version of HHO. Application of binary and multi-class classification is used, with binary classification for benign and malware apps and multi-class classification for detecting malware categories and families. By utilizing the features gleaned from static and dynamic malware analysis, several machine-learning methods are used for malware classification. According to the results of the experiments, the hybrid approach improves the accuracy of detection and classification of Android malware compared to the scenario when considering static and dynamic information separately
Explainable Malware Detection System Using Transformers-Based Transfer Learning and Multi-Model Visual Representation
Android has become the leading mobile ecosystem because of its accessibility and adaptability. It has also become the primary target of widespread malicious apps. This situation needs the immediate implementation of an effective malware detection system. In this study, an explainable malware detection system was proposed using transfer learning and malware visual features. For effective malware detection, our technique leverages both textual and visual features. First, a pre-trained model called the Bidirectional Encoder Representations from Transformers (BERT) model was designed to extract the trained textual features. Second, the malware-to-image conversion algorithm was proposed to transform the network byte streams into a visual representation. In addition, the FAST (Features from Accelerated Segment Test) extractor and BRIEF (Binary Robust Independent Elementary Features) descriptor were used to efficiently extract and mark important features. Third, the trained and texture features were combined and balanced using the Synthetic Minority Over-Sampling (SMOTE) method; then, the CNN network was used to mine the deep features. The balanced features were then input into the ensemble model for efficient malware classification and detection. The proposed method was analyzed extensively using two public datasets, CICMalDroid 2020 and CIC-InvesAndMal2019. To explain and validate the proposed methodology, an interpretable artificial intelligence (AI) experiment was conducted
Protecting Android Devices from Malware Attacks: A State-of-the-Art Report of Concepts, Modern Learning Models and Challenges
Advancements in microelectronics have increased the popularity of mobile devices like
cellphones, tablets, e-readers, and PDAs. Android, with its open-source platform, broad device support,
customizability, and integration with the Google ecosystem, has become the leading operating system for
mobile devices. While Android's openness brings benefits, it has downsides like a lack of official support,
fragmentation, complexity, and security risks if not maintained. Malware exploits these vulnerabilities for
unauthorized actions and data theft. To enhance device security, static and dynamic analysis techniques can
be employed. However, current attackers are becoming increasingly sophisticated, and they are employing
packaging, code obfuscation, and encryption techniques to evade detection models. Researchers prefer
flexible artificial intelligence methods, particularly deep learning models, for detecting and classifying
malware on Android systems. In this survey study, a detailed literature review was conducted to investigate
and analyze how deep learning approaches have been applied to malware detection on Android systems. The
study also provides an overview of the Android architecture, datasets used for deep learning-based detection,
and open issues that will be studied in the future
Inner-Eye: Appearance-based Detection of Computer Scams
As more and more inexperienced users gain Internet access, fraudsters are attempting to take advantage of them in new ways. Instead of sophisticated exploitation techniques, simple confidence tricks can be used to create malware that is both very effective and likely to evade
detection by traditional security software.
Heuristics that detect complex malicious behavior are powerless against some common frauds. This work explores the use of imaging and text-matching techniques to detect typical computer scams such as pharmacy and rogue antivirus frauds.
The Inner-Eye system implements the chosen approach in a scalable and efficient manner through the use of virtualization
A Taxonomy for Social Engineering attacks
As the technology to secure information improves, hackers will employ less technical means to get access to unauthorized data. The use of Social Engineering as a non tech method of hacking has been increasingly used during the past few years. There are different types of social engineering methods reported but what is lacking is a unifying effort to understand these methods in the aggregate. This paper aims to classify these methods through taxonomy so that organizations can gain a better understanding of these attack methods and accordingly be vigilant against them
Insights into user behavior in dealing with common Internet attacks
Ankara : The Department of Computer Engineering and the Graduate School of Engineering and Science of Bilkent University, 2011.Thesis (Master's) -- Bilkent University, 2011.Includes bibliographical references leaves 45-50.The Internet’s immense popularity has made it an attractive medium for attackers.
Today, criminals often make illegal profits by targeting Internet users. Most
common Internet attacks require some form of user interaction such as clicking
on an exploit link, or dismissing a security warning dialogue. Hence, the security
problem at hand is not only a technical one, but it also has a strong human
aspect. Although the security community has proposed many technical solutions
to mitigate common Internet attacks, the behavior of users when they face these
attacks remains a largely unexplored area.
In this work, we describe an online experiment platform we built for testing
the behavior of users when they are confronted with common, concrete attack
scenarios such as reflected cross-site scripting, session fixation, scareware and
file sharing scams. We conducted experiments with more than 160 Internet users
with diverse backgrounds. Our findings show that non-technical users can exhibit
comparable performance to knowledgeable users at averting relatively simple and
well-known threats (e.g., email scams). While doing so, they do not consciously
perceive the risk, but solely depend on their intuition and past experience (i.e.,
there is a training effect). However, in more sophisticated attacks, these nontechnical
users often rely on misleading cues such as the “size” and “length” of
artifacts (e.g., URLs), and fail to protect themselves. Our findings also show that
trick banners that are common in file sharing websites and shortened URLs have
high success rates of deceiving non-technical users, thus posing a severe security
risk.Yılmaz, Utku OzanM.S
- …