Article
Computer Science, Artificial Intelligence
Marcus Botacin, Marco Zanata Alves, Daniela Oliveira, Andre Gregio
Summary: HEAVEN is a framework that combines hardware and software to improve the performance of antivirus software, achieving efficient malware detection with minimal performance overhead.
EXPERT SYSTEMS WITH APPLICATIONS
(2022)
Article
Mathematics
Asma A. Alhashmi, Abdulbasit A. Darem, Abdullah M. Alashjaee, Sultan M. Alanazi, Tareq M. Alkhaldi, Shouki A. Ebad, Fuad A. Ghaleb, Aloyoun M. Almadani
Summary: This study proposes a novel Similarity-Based Hybrid API Malware Detection Model (HAPI-MDM) that leverages the combined strengths of static and dynamic analysis of API calls to enhance the accuracy of malware detection. The model utilizes a two-stage learning approach with XGBoost algorithm as a feature extractor feeding into an Artificial Neural Network (ANN). The key innovation of HAPI-MDM is the similarity-based feature, which improves the detection accuracy of dynamic analysis and enables reliable detection even in the presence of obfuscation. Experimental results demonstrate HAPI-MDM's superior performance, achieving an overall accuracy of 97.91% and the lowest false-positive and false-negative rates compared to related works. The findings highlight the importance of integrating dynamic and static API-based features and utilizing similarity-based features for effective malware detection.
Article
Computer Science, Information Systems
Yinwei Wu, Meijin Li, Qi Zeng, Tao Yang, Junfeng Wang, Zhiyang Fang, Luyu Cheng
Summary: Due to the open-source nature of Android, malware attacks are becoming more exploitable. Machine learning has significantly improved Android malware detection in recent years, especially in the classification phase. However, traditional ranking-based feature selection algorithms often ignore the correlation between features, making wrapper-based feature selection models worth investigating.
COMPUTERS & SECURITY
(2023)
Article
Computer Science, Artificial Intelligence
Namita Prachi, Namita Dabas, Prabha Sharma
Summary: Continuously evolving malware and their variants pose severe threats to information systems. To address these concerns, researchers propose a novel and lightweight API call sequence-based Windows malware detection system, MalAnalyser. MalAnalyer extracts frequent API call subsequences, applies a particle swarm optimization algorithm, and enriches malware patterns using genetic algorithm. Experimental results demonstrate high accuracy and outperformance compared to similar approaches.
EXPERT SYSTEMS WITH APPLICATIONS
(2023)
Article
Computer Science, Information Systems
Ce Li, Qiujian Lv, Ning Li, Yan Wang, Degang Sun, Yuanyuan Qiao
Summary: This paper proposes a novel malware detection framework using deep learning models to capture and combine intrinsic features of API sequences. Experimental results show that the proposed model achieves high accuracy and F1-score on a large real dataset, outperforming baseline models.
COMPUTERS & SECURITY
(2022)
Review
Chemistry, Multidisciplinary
Faitouri A. Aboaoja, Anazida Zainal, Fuad A. Ghaleb, Bander Ali Saleh Al-rimy, Taiseer Abdalla Elfadil Eisa, Asma Abbas Hassan Elnour
Summary: The increasing use of digital services has led to the evolution of malicious software, resulting in a higher probability of malware attacks that can corrupt data, steal information, or conduct other cybercrimes. Researchers have proposed various malware detection solutions, but they face challenges in effectively detecting different types of malware, especially zero-day attacks, due to the obfuscation and evasion techniques employed. This survey paper aims to bridge the gap by providing a comprehensive review of malware detection models, introducing a feature representation taxonomy, and linking each detection approach with commonly used data types.
APPLIED SCIENCES-BASEL
(2022)
Article
Computer Science, Information Systems
Satheesh Kumar Sasidharan, Ciza Thomas
Summary: This paper introduces a new behavioral method for Android malware detection and classification, which decompiles the Android malware dataset to identify suspicious API classes/methods and generates an encoded list. It creates multiple sequence alignment for different malware families using the encoded patterns and applies it to generate profile hidden Markov model. The model classifies unknown applications as benign or malicious based on the log likelihood score, achieving an accuracy of 94.5%.
PERVASIVE AND MOBILE COMPUTING
(2021)
Article
Computer Science, Theory & Methods
Xiaohui Chen, Zhiyu Hao, Lun Li, Lei Cui, Yiran Zhu, Zhenquan Ding, Yongji Liu
Summary: In this paper, we propose CruParamer, a deep neural network based malware detection approach that learns from sequences of parameter-augmented APIs. The method evaluates parameter sensitivity, labels APIs based on sensitivity, and encodes API sequences to characterize their relationship. Experimental results show that CruParamer achieves superior performance and robustness in malware detection.
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY
(2022)
Article
Computer Science, Artificial Intelligence
Sidney M. L. de Lima, Danilo M. Souza, Ricardo P. Pinheiro, Sthefano H. M. T. Silva, Petronio G. Lopes, Rafael D. T. de Lima, Jemerson R. de Oliveira, Thyago de A. Monteiro, Sergio M. M. Fernandes, Edison de Q. Albuquerque, Washington W. A. da Silva, Wellington P. dos Santos
Summary: Exploit Kits, a type of malicious software toolkits, can be effectively detected and analyzed by our antivirus software with machine learning capabilities, which is specifically designed for JavaScript malware and equipped to overcome the limitations of current technologies, providing defense against various anti-forensics attacks.
KNOWLEDGE AND INFORMATION SYSTEMS
(2023)
Article
Computer Science, Artificial Intelligence
Yuhan Chai, Lei Du, Jing Qiu, Lihua Yin, Zhihong Tian
Summary: The continuous increase and spread of malware have caused immeasurable losses to social enterprises and even the country, especially unknown malware. Most existing methods use predefined class samples to train models, which cannot handle unknown malware detection. In this paper, we propose a Dynamic Prototype Network based on Sample Adaptation for few-shot malware detection (DPNSA) to address this issue. Our method outperforms the existing models and achieves significant improvement in malware detection.
IEEE TRANSACTIONS ON KNOWLEDGE AND DATA ENGINEERING
(2023)
Article
Computer Science, Theory & Methods
Junyang Qiu, Jun Zhang, Wei Luo, Lei Pan, Surya Nepal, Yang Xiang
Summary: Deep Learning (DL) is a disruptive technology that has revolutionized cyber security research, especially in the detection and classification of Android malware. While offering many advantages, DL faces challenges such as choice of architecture, feature extraction, and obtaining high-quality data.
ACM COMPUTING SURVEYS
(2021)
Article
Biochemical Research Methods
Lang Zhou, Tingze Feng, Shuangbin Xu, Fangluan Gao, Tommy T. Lam, Qianwen Wang, Tianzhi Wu, Huina Huang, Li Zhan, Lin Li, Yi Guan, Zehan Dai, Guangchuang Yu
Summary: The identification of conserved and variable regions in multiple sequence alignment is crucial for accelerating gene function understanding. ggmsa, an R package, provides various display methods to mine comprehensive sequence features, supports correlation analysis, and offers a new visualization method for genome alignment, aiding researchers in discovering MSA patterns and making decisions.
BRIEFINGS IN BIOINFORMATICS
(2022)
Article
Computer Science, Information Systems
Shaojie Yang, Yongjun Wang, Haoran Xu, Fangliang Xu, Mantun Chen
Summary: This study proposed a framework based on contrastive learning to reduce the impact of past knowledge and pretrain the model without the participation of labels. The method achieved high accuracy in malware identification and multiclass detection, outperforming supervised models in limited labeled samples.
COMPUTERS & SECURITY
(2022)
Article
Computer Science, Theory & Methods
Abdulbasit Darem, Jemal Abawajy, Aaisha Makkar, Asma Alhashmi, Sultan Alanazi
Summary: A semi-supervised approach integrating deep learning, feature engineering, image transformation, and processing techniques for detecting obfuscated malware achieved a 99.12% accuracy, outperforming existing methods.
FUTURE GENERATION COMPUTER SYSTEMS-THE INTERNATIONAL JOURNAL OF ESCIENCE
(2021)
Article
Computer Science, Information Systems
Ahmed Falah, Shiva Raj Pokhrel, Lei Pan, Anthony de Souza-Daw
Summary: This paper performs an in-depth analysis of a large corpus of PDF maldocs to identify important features for maldoc detection. Existing tools are inefficient and cannot prevent PDF maldocs due to their generic and signature-based approach. Academic methods also suffer from reduced effectiveness. The paper highlights essential features, such as concept drifts, that impact detectors and classifiers by examining the evolution of maldoc attacks over a decade.
MULTIMEDIA TOOLS AND APPLICATIONS
(2022)