On the Use of Artificial Malicious Patterns for Android Malware Detection

International audienceMalware programs currently represent the most serious threat to computer information systems. Despite the performed efforts of researchers in this field, detection tools still have limitations for one main reason. Actually, malware developers usually use obfuscation techniques consisting in a set of transformations that make the code and/or its execution difficult to analyze by hindering both manual and automated inspections. These techniques allow the malware to escape the detection tools, and hence to be seen as a benign program. To solve the obfuscation issue, many researchers have proposed to extract frequent Application Programming Interface (API) call sequences from previously encountered malware programs using pattern mining techniques and hence, build a base of fraudulent behaviors. Based on this process, it is worth mentioning that the performance of the detection process heavily depends on the base of examples of malware behaviors; also called malware patterns. In order to deal with this shortcoming, a dynamic detection method called Artificial Malware-based Detection (AMD) is proposed in this paper. AMD makes use of not only extracted malware patterns but also artificially generated ones. The artificial malware patterns are generated using an evolutionary (genetic) algorithm. The latter evolves a population of API call sequences with the aim to find new malware behaviors following a set of well-defined evolution rules. The artificial fraudulent behaviors are subsequently inserted into the base of examples in order to enrich it with unseen malware patterns. The main motivation behind the proposed AMD approach is to diversify the base of malware examples in order to maximize the detection rate. AMD has been tested on different Android malware data sets and compared against recent prominent works using commonly employed performance metrics. The performance analysis of the obtained results shows the merits of our AMD novel approach

Recent advances in evolutionary multi-objective optimization

This book covers the most recent advances in the field of evolutionary multiobjective optimization. With the aim of drawing the attention of up-andcoming scientists towards exciting prospects at the forefront of computational intelligence, the authors have made an effort to ensure that the ideas conveyed herein are accessible to the widest audience. The book begins with a summary of the basic concepts in multi-objective optimization. This is followed by brief discussions on various algorithms that have been proposed over the years for solving such problems, ranging from classical (mathematical) approaches to sophisticated evolutionary ones that are capable of seamlessly tackling practical challenges such as non-convexity, multi-modality, the presence of multiple constraints, etc. Thereafter, some of the key emerging aspects that are likely to shape future research directions in the field are presented. These include:< optimization in dynamic environments, multi-objective bilevel programming, handling high dimensionality under many objectives, and evolutionary multitasking. In addition to theory and methodology, this book describes several real-world applications from various domains, which will expose the readers to the versatility of evolutionary multi-objective optimization

Solving combinatorial bi-level optimization problems using multiple populations and migration schemes

In many decision making cases, we may have a hierarchical situation between different optimization tasks. For instance, in production scheduling, the evaluation of the tasks assignment to a machine requires the determination of their optimal sequencing on this machine. Such situation is usually modeled as a Bi-Level Optimization Problem (BLOP). The latter consists in optimizing an upper-level (a leader) task, while having a lower-level (a follower) optimization task as a constraint. In this way, the evaluation of any upper-level solution requires finding its corresponding lower-level (near) optimal solution, which makes BLOP resolution very computationally costly. Evolutionary Algorithms (EAs) have proven their strength in solving BLOPs due to their insensitivity to the mathematical features of the objective functions such as non-linearity, non-differentiability, and high dimensionality. Moreover, EAs that are based on approximation techniques have proven their strength in solving BLOPs. Nevertheless, their application has been restricted to the continuous case as most approaches are based on approximating the lower-level optimum using classical mathematical programming and machine learning techniques. Motivated by this observation, we tackle in this paper the discrete case by proposing a Co-Evolutionary Migration-Based Algorithm, called CEMBA, that uses two populations in each level and a migration scheme; with the aim to considerably minimize the number of Function Evaluations (FEs) while ensuring good convergence towards the global optimum of the upper-level. CEMBA has been validated on a set of bi-level combinatorial production-distribution planning benchmark instances. The statistical analysis of the obtained results shows the effectiveness and efficiency of CEMBA when compared to existing state-of-the-art combinatorial bi-level EAs

Bi-level decision-making modeling for an autonomous driver agent: Application in the car-following driving behavior

International audienc

Malware Evolution and Detection Based on the Variable Precision Rough Set Model

International audienceTo offer innovative malware evolution techniques, it is appealing to integrate approaches that handle imperfect data and knowledge. In fact, malware writers tend to target some precise features within the app's code to camouflage the malicious content. Those features may sometimes present conflictual information about the true nature of the content of the app (malicious/benign). In this paper, we show how the Variable Precision Rough Set (VPRS) model can be combined with optimization techniques, in particular Bilevel-Optimization-Problems (BLOPs), in order to establish a detection model capable of following the crazy race of malware evolution initiated among malware-developers. We propose a new malware detection technique, based on such hybridization, named Variable Precision Rough set Malware Detection (ProRSDet), that offers robust detection rules capable of revealing the new nature of a given app. ProRSDet attains encouraging results when tested against various state-of-the-art malware detection systems using common evaluation metrics

Multi-agent cooperation for an active perception based on driving behavior: Application in a car-following behavior

International audienc

Multi-agent cooperation for an active perception based on driving behavior: Application in a car-following behavior

International audienc

Anticipation model based on a modified fuzzy logic approach

International audienceCar-following behaviour is an important problem in terms of road safety, since it represents, alone, almost 70% of road accidents caused by not maintaining a safe braking distance between the moving cars. The inappropriate anticipation of drivers to keep safety distance is the main reason for accidents. In this study, the authors present an artificial intelligence anticipation model for car-following problem based on a fuzzy logic approach. This system will estimate the velocity of the leading vehicle in the near future. Moreover, they have replaced the old methods used in the third step of fuzzy logical approach, the defuzzification, by a novel method based on a metaheuristic algorithm, i.e. Tabu search, in order to adapt effectively to the environment's instability. The results of experiments, conducted using the next generation simulation dataset to validate the proposed model, indicate that the vehicle trajectories simulated based on the new model are in compliance with the actual vehicle trajectories in terms of deviation and estimated velocities. Moreover, they show that the proposed model guarantees road safety in terms of harmonisation between the gap distance and the calculated safety distance

Many-Objective Optimization of Wireless Sensor Network Deployment

International audienceRecently, the efficient deployment of Wireless Sensor Networks (WSNs) has become a leading field of research in WSN design optimization. Practical scenarios related to WSN deployment are often considered as optimization models with multiple conflicting objectives that are simultaneously enhanced. In the related literature, it had been shown that moving from monoobjective to multi-objective resolution of WSN deployment is beneficial. However, since the deployment of real-world WSNs encompasses more than three objectives, a multi-objective optimization may harm other deployment criteria that are conflicting with the already considered ones. Thus, our aim is to go further, explore the modeling and the resolution of WSN deployment in a many-objective (i.e., optimization with more than three objectives) fashion and especially, exhibit its added value. In this context, we first propose a manyobjective deployment model involving seven conflicting objectives, and then we solve it using an adaptation of the Decomposition-based Evolutionary Algorithm "θ-DEA". The developed adaptation is named "WSN-θ-DEA" and is validated through a detailed experimental study

Malware Detection Using Rough Set Based Evolutionary Optimization

International audienceDespite the existing anti-malware techniques and their interesting achieved results to "hook" attacks, the unstoppable evolution of malware makes the need for more capable malware detection systems overriding. In this paper, we propose a new malware detection technique named Bilevel-Roughset based Malware Detection (BLRDetect) that is based on, and exploits the benefits of, Bilevel optimization and Rough Set Theory. The upper-level of the Bilevel optimization component uses a Genetic Programming Algorithm in its chase of generating powerful detection rules while the lower-level leans on both a Genetic Algorithm and a Rough-Set module to produce high quality, and reliable, malware samples that escape, to their best, the upper-level's generated detection rules. Both levels interact with each other in a competitive way in order to produce populations that depend on one another. Our detection technique has proven its outperformance when tested against various stateof-the-art malware detection systems using common evaluation metrics