Article
Computer Science, Information Systems
Eslam Amer, Ivan Zelinka, Shaker El-Sappagh
Summary: The widespread development of the malware industry poses a major threat to electronic society, hence the need for intelligent heuristic tools in malware analysis; studies show that generic behavioral graph models can effectively characterize the differences in behaviors between malicious and non-malicious processes.
COMPUTERS & SECURITY
(2021)
Article
Computer Science, Artificial Intelligence
Namita Prachi, Namita Dabas, Prabha Sharma
Summary: Continuously evolving malware and their variants pose severe threats to information systems. To address these concerns, researchers propose a novel and lightweight API call sequence-based Windows malware detection system, MalAnalyser. MalAnalyer extracts frequent API call subsequences, applies a particle swarm optimization algorithm, and enriches malware patterns using genetic algorithm. Experimental results demonstrate high accuracy and outperformance compared to similar approaches.
EXPERT SYSTEMS WITH APPLICATIONS
(2023)
Article
Chemistry, Multidisciplinary
Sanfeng Zhang, Jiahao Wu, Mengzhe Zhang, Wang Yang
Summary: The existing dynamic malware detection methods based on API call sequences lack consideration of semantic information of functions. Simply mapping APIs to numerical values fails to reflect critical aspects such as query/mutation operations and their relation to network communication, file system, and more. Moreover, performance is hindered by large API sequences. To address this, Mal-ASSF model is proposed, which combines semantic and sequential features of API calls. It uses API2Vec embedding for dimenstionality reduction and Balts to extract behavioral features of sequential segments. Implicit semantic information, operation, and resource type of API functions are extracted, and these features are then fused and processed using attention-related modules. Mal-ASSF outperforms existing solutions by 3% to 5% in detection accuracy, as proven through evaluation with a malware dataset.
APPLIED SCIENCES-BASEL
(2023)
Article
Computer Science, Information Systems
Tieming Chen, Huan Zeng, Mingqi Lv, Tiantian Zhu
Summary: In this paper, the authors propose a deep learning based dynamic malware detection method called CTIMD, which integrates threat knowledge from CTIs into the learning process of API call sequences with runtime parameters. Experimental results show that CTIMD outperforms existing methods in terms of performance.
COMPUTERS & SECURITY
(2024)
Article
Chemistry, Analytical
Yang Zhao, Alifu Kuerban
Summary: This paper proposes an IoT malware detection approach based on PaaS, which intercepts system calls generated by virtual machines in the host operating system as dynamic features and uses the K Nearest Neighbors classification model to detect cross-architecture IoT malware. Experimental results showed that the method achieves an average accuracy of 97.18% and a recall rate of 99.01% in detecting samples in ELF format. Compared with the best cross-architecture detection method that uses network traffic as the only dynamic feature, our method uses fewer features and achieves higher accuracy.
Article
Computer Science, Information Systems
Ce Li, Qiujian Lv, Ning Li, Yan Wang, Degang Sun, Yuanyuan Qiao
Summary: This paper proposes a novel malware detection framework using deep learning models to capture and combine intrinsic features of API sequences. Experimental results show that the proposed model achieves high accuracy and F1-score on a large real dataset, outperforming baseline models.
COMPUTERS & SECURITY
(2022)
Article
Computer Science, Software Engineering
Xin Chen, Haihua Yu, Dongjin Yu, Jie Chen, Xiaoxiao Sun
Summary: This study proposes a new method that combines permission information and API call sequence information to effectively distinguish malicious applications. By extracting features and using Random Forest and Convolutional Neural Networks for classification, this method outperforms existing methods, achieving excellent results in terms of precision, recall, F1-score, and accuracy.
SOFTWARE QUALITY JOURNAL
(2023)
Article
Computer Science, Information Systems
Juan Carlos Prieto, Alberto Fernandez-Isabel, Isaac Martin De Diego, Felipe Ortega, Javier M. Moguerza
Summary: The paper introduces the DOmains Classifier based on RIsky Websites (DOCRIW) framework for detecting domains that contain possible fraud or malicious content, involving a knowledge base, binary classifier, and the application of similarity measures, supervised learning algorithms, and optimization methods to enhance performance. The experimental work yields promising outcomes.
Article
Computer Science, Software Engineering
Deqing Zou, Yueming Wu, Siru Yang, Anki Chauhan, Wei Yang, Jiangying Zhong, Shihan Dou, Hai Jin
Summary: Android, the most popular mobile operating system, has attracted millions of users around the world. Meanwhile, the number of new Android malware instances has grown exponentially in recent years. This article aims to combine the high accuracy of traditional graph-based method with the high scalability of social-network-analysis-based method for Android malware detection.
ACM TRANSACTIONS ON SOFTWARE ENGINEERING AND METHODOLOGY
(2021)
Article
Chemistry, Multidisciplinary
Ammar Yahya Daeef, Ali Al-Naji, Ali K. Nahar, Javaan Chahl
Summary: Malware is a significant threat to modern businesses, and it is crucial to eliminate it from computer systems. A lightweight solution using artificial intelligence at the edge of the IT system is the most responsive option. This study used visualization analysis and Jaccard similarity to uncover patterns in API calls for high malware detection rates and quick execution. The results showed that random forest (RF) performed similarly to long short-term memory (LSTM) and deep graph convolutional neural networks (DGCNNs), indicating potential for real-time inference on edge devices.
APPLIED SCIENCES-BASEL
(2023)
Article
Computer Science, Artificial Intelligence
Gianni D'Angelo, Massimo Ficco, Francesco Palmieri
Summary: The study introduces an algorithm based on recurring subsequences alignment to infer malware behaviors, which can operate within dynamic analysis scenarios and shows excellent classification performance in experiments.
APPLIED SOFT COMPUTING
(2021)
Article
Computer Science, Information Systems
Ce Li, Zijun Cheng, He Zhu, Leiqi Wang, Qiujian Lv, Yan Wang, Ning Li, Degang Sun
Summary: In this study, we propose a novel malware analysis framework called DMalNet, which extracts semantic features from API names and arguments, converts the relationship between API calls into the structural information of a graph, and achieves accurate malware detection and classification.
COMPUTERS & SECURITY
(2022)
Article
Chemistry, Multidisciplinary
Yang Li, Fei Kang, Hui Shu, Xiaobing Xiong, Yuntian Zhao, Rongbo Sun
Summary: API calls are important for analyzing program behavior, but current obfuscation methods are ineffective in preventing analysts from obtaining information from the API address space. To solve this, the proposed API call obfuscation model encrypts and moves key functions within the API for execution, breaking the relationship with the address space. Experimental results show that the approach effectively thwarts deobfuscation techniques and improves API address space obscurity. The scheme is practical with minimal increase in obfuscation overhead.
APPLIED SCIENCES-BASEL
(2023)
Article
Computer Science, Interdisciplinary Applications
Ammar Yahya Daeef, Ali Al-Naji, Javaan Chahl
Summary: Malware classification is crucial for preventing malicious attacks. This study employed API call features and traditional machine learning classifiers to classify malware, achieving better classification results compared to using neural network methods.
Article
Computer Science, Artificial Intelligence
Binayak Panda, Sudhanshu Shekhar Bisoyi, Sidhanta Panigrahy
Summary: Dependence on the internet and computer programs highlights the significance of computer programs in our daily lives. The increasing demand for computer programs motivates malware developers to create more malware. Researchers face challenges in protecting themselves from potential risks due to the usage of code obfuscation techniques by malware authors. They are interested in using deep learning approaches to analyze the behavior of a wide range of virus variants.
PEERJ COMPUTER SCIENCE
(2023)
Article
Computer Science, Artificial Intelligence
Byung Il Kwak, Mee Lan Han, Huy Kang Kim
Summary: In recent years, the advancement of vehicular technology and the increasing connectivity between vehicles and the external environment have highlighted the importance of addressing security issues. This study proposes an anomaly detection method based on cosine similarity for in-vehicle networks to detect different types of injection attacks effectively.
EXPERT SYSTEMS WITH APPLICATIONS
(2021)
Article
Engineering, Electrical & Electronic
Hyun Min Song, Huy Kang Kim
Summary: The research proposes a novel self-supervised method for IVN anomaly detection using noised pseudo normal data, consisting of two deep-learning models, the generator and the detector. The method not only significantly improves in detecting unknown attacks but also outperforms other semi-supervised learning-based methods.
IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY
(2021)
Article
Automation & Control Systems
Byung Il Kwak, Mee Lan Han, Huy Kang Kim
Summary: The modern automotive system integrates information and communication technologies to provide driver safety and convenience. Driver identification technology allows for personalized services such as healthcare or insurance. A driver-identification method based on wavelet transform was proposed and evaluated, showing XGBoost can achieve up to 96.18% accuracy on motorways and SVM can achieve up to 95.07% accuracy on urban roads.
IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS
(2021)
Article
Chemistry, Analytical
Kyung Ho Park, Eunji Park, Huy Kang Kim
Summary: A fault detection model utilizing a stacked autoencoder under unsupervised learning was proposed to address the limitations of rule-based and supervised learning approaches in recognizing faults in Unmanned Aerial Vehicles. The model distinguishes safe states and faulty states through feature extraction and reconstruction loss, showing promising fault detection performance.
Article
Computer Science, Information Systems
Ilok Jung, Jongin Lim, Huy Kang Kim
Summary: The study introduces payload feature-based transfer learning to address the lack of training data in applying machine learning to intrusion detection, improving accuracy by expanding information extraction range and providing an optimized method for creating labeled datasets.
Article
Computer Science, Information Systems
Sanghoon Jeon, Huy Kang Kim
Summary: With the advancement of automated hacking and analysis technologies, the researchers have proposed a deep learning-based automated vulnerability analysis system to effectively represent source code as embedding vectors, achieving lower false negative and false positive rates compared to other approaches, and successfully detecting zero-day vulnerabilities in open-source projects.
COMPUTERS & SECURITY
(2021)
Article
Computer Science, Information Systems
Kyung Ho Park, Hyun Min Song, Jeong Do Yoo, Su-Youn Hong, Byoungmo Cho, Kwangsoo Kim, Huy Kang Kim
Summary: This study proposes an unsupervised malicious domain detection method using an autoencoder, which effectively discriminates benign and malicious domains by extracting significant features. The method achieves high detection performance with reduced labeling effort and can serve as a concrete baseline for future research.
COMPUTERS & SECURITY
(2022)
Article
Engineering, Electrical & Electronic
Kyoung Ho Kim, Byung Il Kwak, Mee Lan Han, Huy Kang Kim
Summary: With the increasing reliance of critical infrastructures on advanced information and communication technology, there is a need to detect and identify abnormalities in the control system networks. This study proposes a machine learning-based method that can effectively detect and identify anomalies in an Oil Refinery's Distributed Control System network, achieving up to 99% accuracy.
IEEE TRANSACTIONS ON POWER SYSTEMS
(2022)
Article
Computer Science, Artificial Intelligence
Yuseung Noh, Seonghoon Jeong, Huy Kang Kim
Summary: Due to the widespread use of smartphones, various online games based on mobile platforms are being launched. Mobile games have the advantage of better accessibility compared to PC games, but the limitation of difficult input of specific actions exists. To overcome this limitation, game companies apply autoplay systems to support users. However, even though game companies introduced an in-game economic system to prevent profit-producing activities of gold farming groups (GFGs), GFGs still operate by abusing an auction house.
IEEE TRANSACTIONS ON GAMES
(2022)
Article
Computer Science, Theory & Methods
Mee Lan Han, Byung Il Kwak, Huy Kang Kim
Summary: Devices that ensure vehicle and driver safety generate a substantial amount of network traffic, which is transmitted to the In-Vehicle Network (IVN) depending on the defined function. To process this traffic efficiently, an advanced network protocol like Automotive Ethernet is necessary. However, vulnerabilities can be easily inherited from established Ethernet to Automotive Ethernet. This study proposes a method for detecting and identifying abnormalities in Automotive Ethernet using wavelet transform and deep convolutional neural network, which has shown effective performance and lower time-cost compared to default methods.
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY
(2023)
Article
Automation & Control Systems
Seonghoon Jeong, Huy Kang Kim, Mee Lan Han, Byung Il Kwak
Summary: This article proposes AERO, an automotive Ethernet real-time observer, for protecting in-vehicle networks. AERO can analyze automotive Ethernet traffic and detect anomalies, achieving high detection performance for different types of attacks.
IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS
(2023)
Article
Computer Science, Information Systems
Sangmin Park, Sanghoon Jeon, Huy Kang Kim
Summary: With the growing importance of cyberspace, malware poses threats to both individuals and countries. The circulation of numerous malware continues in cyberspace, and as technology advances, new or advanced malware emerge. Most existing malware detection models focus on single-platform, neglecting the need for cross-platform malware detection. In this study, we propose HMLET, a cross-platform malware detection model that utilizes content-based information to detect malware across different platforms. Experimental results show that HMLET achieves high-performance malware detection in the cross-platform scenario.
Article
Computer Science, Information Systems
Sanghoon Jeon, Minsoo Ryu, Dongyoung Kim, Huy Kang Kim
Summary: This article introduces a system called FuzzBuilderEx, which provides an automated fuzzing environment for library testing. The system analyzes the test code using a testing framework to generate seed corpus and fuzzing executables for library fuzzing. In performance evaluation, FuzzBuilderEx shows excellent results in code coverage and crash count, and successfully detects three zero-day vulnerabilities.
Review
Computer Science, Information Systems
Mee Lan Han, Byung Il Kwak, Huy Kang Kim
Summary: This systematic review provides an overview of significant studies on cheating behavior, countermeasures, and detection methods in MMORPGs. By examining the scope of cheating behavior and the key mechanisms of online games, it establishes a foundation for correctly managing the detection techniques and methods for cheating behavior in MMORPGs.
Article
Computer Science, Information Systems
Hyunjun Kim, Sunwoo Ahn, Whoi Ree Ha, Hyunjae Kang, Dong Seong Kim, Huy Kang Kim, Yunheung Paek
Summary: Recent attention has been given to the use of artificial neural networks for network intrusion detection systems by security researchers. In order to meet the demand for high accuracy, ANN-based NIDSs have become more complicated and heavy, leading some researchers to propose optimized algorithms to balance detection accuracy and runtime performance.