63 Hits in 6.4 sec

A Fine-Grained Classification Approach for the Packed Malicious Code [chapter]

Shanqing Guo, Shuangshuang Li, Yan Yu, Anlei Hu, Tao Ban
2012 Lecture Notes in Computer Science  
from the target object file and then apply a String-Kernel-Based SVM Classifier to implement the fast detection of packed malicious code.We also show that our system achieves very high detection accuracy  ...  However,these universal unpackers are computationally expensive and scanning large collections of executables may take several hours or even days.In order to improve the computational efficiency, Machine  ...  String-Kernel-Based SVM Classifier Support vector machines (SVMs) are a set of related supervised learning methods that are used for classification and regression analysis.  ... 
doi:10.1007/978-3-642-34129-8_49 fatcat:btvg5wkqajeg7lnzepyjwhjszi

An Automated and Comprehensive Framework for IoT Botnet Detection and Analysis (IoT-BDA)

Tolijan Trajanovski, Ning Zhang
2021 IEEE Access  
c: Support for older kernel versions IoT botnets may be targeting vulnerable and unmaintained legacy IoT devices, hence the need to support of older kernel versions.  ...  Systemtap is more resilient to anti-tracing, but lacks support for older Linux kernels, hence the use of strace for the second VM group.  ... 
doi:10.1109/access.2021.3110188 fatcat:s374p6n37ncqdowhw4xgxlcrr4

File Packing from the Malware Perspective: Techniques, Analysis Approaches, and Directions for Enhancements

Trivikram Muralidharan, Aviad Cohen, Noa Gerson, Nir Nissim
2022 ACM Computing Surveys  
This paper provides statistics on the use of packers based on an extensive analysis of 24,000 PE files (both malicious and benign files) for the past 10 years, which allowed us to observe trends in packing  ...  The packing of executable files, which is one of the most common techniques for code protection, has been repurposed for code obfuscation by malware authors as a means of evading malware detectors (mainly  ...  ACKNOWLEDGEMENTS We would like to thank Shlomi Boutnaru for his meaningful discussions regarding packing techniques and how they are being exploited by malware authors.  ... 
doi:10.1145/3530810 fatcat:c6horhx3i5bevk5ibtu5y42rim

An Automated and Comprehensive Framework for IoT Botnet Detection and Analysis (IoT-BDA) [article]

Tolijan Trajanovski, Ning Zhang
2021 arXiv   pre-print
In this paper, we propose the IoT-BDA framework for automated capturing, analysis, identification, and reporting of IoT botnets.  ...  Furthermore, the effectiveness of the proposed sandboxes is limited by the potential use of anti-analysis techniques and the inability to identify features for effective detection and identification of  ...  c: Support for older kernel versions IoT botnets may be targeting vulnerable legacy IoT devices, hence the need to support of older kernel versions.  ... 
arXiv:2105.11061v1 fatcat:7vyksb7sxjgrxevyblzvso564u

Static Malware Analysis to Identify Ransomware Properties

Deepti Vidyarthi, CRS Kumar, Subrata Rakshit, Shailesh Chansarkar
2019 Zenodo  
The inclusion of these properties with the set of generic malware properties has shown improved classification for malware detection specifically ransomware using well-proven software verification and  ...  This has the conventional anti-malware techniques compelled to include advanced detection mechanisms for ransomware and this paper demonstrates a method to identify the properties related to such software  ...  In our previous work [10] , Random Forest, Decision Trees (J-48), Naive Bayes and Support Vector Machine (SVM) classifiers were trained towards malware classification based on the features extracted through  ... 
doi:10.5281/zenodo.3252962 fatcat:hmvcal54tbelnltpx7kqeuayti

Android Code Protection via Obfuscation Techniques: Past, Present and Future Directions [article]

Parvez Faruki (Malaviya National Institute of Technology Jaipur, India) and Hossein Fereidooni and Vijay Laxmi and Mauro Conti, Manoj Gaur (Malaviya National Institute of Technology Jaipur, India)
2016 arXiv   pre-print
We believe that, there is a need to investigate efficiency of the defense techniques used for code protection.  ...  Obfuscation is an action that modifies an application (app) code, preserving the original semantics and functionality to evade anti-malware. Code obfuscation is a contentious issue.  ...  The base of Android is Linux kernel adapted for limited processing capability, restricted memory and constrained battery availability.  ... 
arXiv:1611.10231v1 fatcat:qvx7bm553vcutfhclemlpwaozi

Identifying Ransomware - Specific Properties using Static Analysis of Executables

Deepti Vidyarthi, CRS Kumar, Subrata Rakshit
2019 IJARCCE  
The experiments show that higher accuracy of classification, using machine learning algorithms, is achieved by combining these properties with the set of generic malware properties for malware detection  ...  This paper presents the results of the study and analysis of ransomware executable files in order to identify the characteristic properties that distinguish ransomware from other malware and benign executable  ...  In our previous work [5] , Random Forest, Decision Trees (J-48), Naive Bayes and Support Vector Machine (SVM) classifiers were trained towards malware classification based on the features extracted through  ... 
doi:10.17148/ijarcce.2019.8461 fatcat:34l43o3qszf75pf65336sf5zy4

The rise of machine learning for detection and classification of malware: Research developments, trends and challenges

Daniel Gibert, Carles Mateu, Jordi Planes
2020 Journal of Network and Computer Applications  
Current state-of-the-art research focus on the development and application of machine learning techniques for malware detection due to its ability to keep pace with malware evolution.  ...  This survey aims at providing a systematic and detailed overview of machine learning techniques for malware detection and in particular, deep learning techniques.  ...  Acknowledgements This research has been partially funded by the Spanish MICINN Projects TIN2015-71799-C2-2-P, ENE2015-64117-C5-1-R, and is supported by the University of Lleida.  ... 
doi:10.1016/j.jnca.2019.102526 fatcat:3bf6afjqpnb53eoeghfxjeaus4

Using Static and Dynamic Malware features to perform Malware Ascription [article]

Jashanpreet Singh Sraw, Keshav Kumar
2021 arXiv   pre-print
In this paper, we employ various Static and Dynamic features of malicious executables to classify malware based on their family.  ...  Using the features gathered from VirusTotal (static) and Cuckoo (dynamic) reports, we ran the vectorized data against Multinomial Naive Bayes, Support Vector Machine, and Bagging using Decision Trees as  ...  Mukkamala, “Identifying important features for intrusion detection using support vector machines and neural networks,” in 2003 Symposium on Applications and the Internet (SAINT 2003), 27- 31 January  ... 
arXiv:2112.02639v1 fatcat:63y3buhsbbh65mlvdzwmpmgqqu

An Automated Behaviour-Based Clustering of IoT Botnets

Tolijan Trajanovski, Ning Zhang
2021 Future Internet  
To overcome this challenge, we propose an approach for automated behaviour-based clustering of IoT botnet samples, aimed to enable automatic identification of IoT botnet variants equipped with new capabilities  ...  by malware analysts.  ...  Acknowledgments: We gratefully acknowledge the financial support by the University of Manchester in this research. Conflicts of Interest: The authors declare no conflict of interest.  ... 
doi:10.3390/fi14010006 fatcat:ry44qacvx5fxncyejoy6xpeubm

Deep Feature Extraction and Classification of Android Malware Images

Jaiteg Singh, Deepak Thakur, Farman Ali, Tanya Gera, Kyung Sup Kwak
2020 Sensors  
The softmax layer of CNN was substituted with machine learning algorithms like K-Nearest Neighbor (KNN), Support Vector Machine (SVM), and Random Forest (RF) to analyze the grayscale malware images.  ...  This manuscript proposes Summing of neurAl aRchitecture and VisualizatiOn Technology for Android Malware identification (SARVOTAM).  ...  Conflicts of Interest: The authors declare no conflict of interest.  ... 
doi:10.3390/s20247013 pmid:33302430 pmcid:PMC7762531 fatcat:put2c5xzarh3jaxkjcnmzbk2re

The Android malware detection systems between hope and reality

Khaled Bakour, Halil Murat Ünver, Razan Ghanem
2019 SN Applied Sciences  
The widespread use of Android-based smartphones made it an important target for malicious applications' developers.  ...  Also, there is no comprehensive taxonomy for all research trends in the field of analysing malicious applications targeting the Android system.  ...  Since the malware classification problem is a binary classification problem, one of the most widely used methods is SVM (Support Vector Machine).  ... 
doi:10.1007/s42452-019-1124-x fatcat:jzbb6ruykrcw3nuwps4qb4fuze

MMALE—A Methodology for Malware Analysis in Linux Environments

Jos�Javier de Vicente Mohino, Javier Bermejo Higuera, Juan Ram髇 Bermejo Higuera, Juan Antonio Sicilia Montalvo, Manuel S醤chez Rubio, Jos�Javier Mart韓ez Herraiz
2021 Computers Materials & Continua  
Furthermore, Linux-based systems have become more attractive to cybercriminals because of the increasing use of the Linux operating system in web servers and Internet of Things (IoT) devices.  ...  In order to address all mentioned challenges, this article proposed a methodology for malware analysis in the Linux operating system, which is a traditionally overlooked field compared to the other operating  ...  Acknowledgement: The authors extend their appreciation to the Software Engineering and Security research group (SES) of Universidad Internacional de La Rioja.  ... 
doi:10.32604/cmc.2021.014596 fatcat:2f5nxs7lf5ab3kpaumzadaixbu

Obfuscation Revealed: Leveraging Electromagnetic Signals for Obfuscated Malware Classification

Duy-Phuc Pham, Damien Marion, Matthieu Mastio, Annelie Heuser
2021 Annual Computer Security Applications Conference  
the binary, which makes our approach particularly useful for malware analysts.  ...  They use numerous customized firmware and hardware, without taking into consideration security issues, which make them a target for cybercriminals, especially malware authors.  ...  The work was supported by the French Agence Nationale de la Recherche (ANR) under reference ANR-18-CE39-0001 (AHMA).  ... 
doi:10.1145/3485832.3485894 fatcat:tqzl6tvwffdvxftflyzzdcyp3u


Artem Dinaburg, Paul Royal, Monirul Sharif, Wenke Lee
2008 Proceedings of the 15th ACM conference on Computer and communications security - CCS '08  
Our analyzer, Ether, is based on a novel application of hardware virtualization extensions such as Intel VT, and resides completely outside of the target OS environment.  ...  Our experiments are based on our study of obfuscation techniques used to create 25,000 recent malware samples.  ...  Additional thanks go to Robert Edmonds for his assistance in performing the malware survey and CERT-LEXSI for providing us with the in-the-wild malware sample that checks for the presence of emulated hardware  ... 
doi:10.1145/1455770.1455779 dblp:conf/ccs/DinaburgRSL08 fatcat:rhhdc34d3zfbvpkutd6wajooyy
« Previous Showing results 1 — 15 out of 63 results