Analysis of Feature Categories for Malware Visualization

It is important to know which features are more effective for certain visualization types. Furthermore, selecting an appropriate visualization tool plays a key role in descriptive, diagnostic, predictive and prescriptive analytics. Moreover, analyzing the activities of malicious scripts or codes is dependent on the extracted features. In this paper, the authors focused on reviewing and classifying the most common extracted features that have been used for malware visualization based on specified categories. This study examines the features categories and its usefulness for effective malware visualization. Additionally, it focuses on the common extracted features that have been used in the malware visualization domain. Therefore, the conducted literature review finding revealed that the features could be categorized into four main categories, namely, static, dynamic, hybrid, and application metadata. The contribution of this research paper is about feature selection for illustrating which features are effective with which visualization tools for malware visualization

An Analysis of the KDD99 and UNSW-NB15 Datasets for the Intrusion Detection System

The significant increase in technology development over the internet makes network security a crucial issue. An intrusion detection system (IDS) shall be introduced to protect the networks from various attacks. Even with the increased amount of works in the IDS research, there is a lack of studies that analyze the available IDS datasets. Therefore, this study presents a comprehensive analysis of the relevance of the features in the KDD99 and UNSW-NB15 datasets. Three methods were employed: a rough-set theory (RST), a back-propagation neural network (BPNN), and a discrete variant of the cuttlefish algorithm (D-CFA). First, the dependency ratio between the features and the classes was calculated, using the RST. Second, each feature in the datasets became an input for the BPNN, to measure their ability for a classification task concerning each class. Third, a feature-selection process was carried out over multiple runs, to indicate the frequency of the selection of each feature. From the result, it indicated that some features in the KDD99 dataset could be used to achieve a classification accuracy above 84%. Moreover, a few features in both datasets were found to give a high contribution to increasing the classification’s performance. These features were present in a combination of features that resulted in high accuracy; the features were also frequently selected during the feature selection process. The findings of this study are anticipated to help the cybersecurity academics in creating a lightweight and accurate IDS model with a smaller number of features for the developing technologies

Analysis of feature categories for malware visualization

It is important to know which features are more effective for certain visualization types. Furthermore, selecting an appropriate visualization tool plays a key role in descriptive,diagnostic, predictive and prescriptive analytics. Moreover,analyzing the activities of malicious scripts or codes is dependent on the extracted features. In this paper, the authors focused on reviewing and classifying the most common extracted features that have been used for malware visualization based on specified categories. This study examines the features categories and its usefulness for effective malware visualization. Additionally, it focuses on the common extracted features that have been used in the malware visualization domain. Therefore, the conducted literature review finding revealed that the features could be categorized into four main categories, namely, static, dynamic,hybrid, and application metadata. The contribution of this research paper is about feature selection for illustrating which features are effective with which visualization tools for malware visualization

Classification of malware mnalytics techniques: A systematic literature review

Malware is a variety of forms of hostile or intrusive software that being thrown around online. Data analytics is the process of examining data sets in order to draw conclusions about information they contain, increasingly with the aid of specialized systems and software. Objectives: The aims of the study are to identify the types of malware analytics and identify the purpose of malware analytics. Method: A Systematic Literature Review (SLR) was carried out and reported based on the preferred reporting itemsfor systematic reviews. 1114 papers were retrieved by manual search in six databases which are IEEE, Science Direct, Taylor and Francis, ACM, Wiley and Springer Link. 53 primary studies were finally included. Results: From these studies, 70% were conference papers and 30% were journal articles. Five classification of malware analytics techniques were identified and analysed. The classifications are (1) descriptive analytics, (2) diagnostic analytics, (3) predictive analytics, (4) prescriptive analytics and(5) visual analytics. Conclusion: This review delivers the evidence that malware analytics is an active research area. The review provides researchers with some guidelines for future research on this topic. It also provides broad information on malware analytics techniques which could be useful for practitioners