☆ 4.6 Article

Leveraging Compression-Based Graph Mining for Behavior-Based Malware Detection

IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING (2019)

Journal

IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING

Volume 16, Issue 1, Pages 99-112

Publisher

IEEE COMPUTER SOC

DOI: 10.1109/TDSC.2017.2675881

Keywords

Malware detection; quantitative data flow analysis; data mining; graph mining; machine learning

Categories

Computer Science, Hardware & Architecture Computer Science, Information Systems Computer Science, Software Engineering

Ask authors/readers for more resources

Protocol

Community support

Reagent

Community support

Abstract

Behavior-based detection approaches commonly address the threat of statically obfuscated malware. Such approaches often use graphs to represent process or system behavior and typically employ frequency-based graph mining techniques to extract characteristic patterns from collections of malware graphs. Recent studies in the molecule mining domain suggest that frequency-based graph mining algorithms often perform sub-optimally in finding highly discriminating patterns. We propose a novel malware detection approach that uses so-called compression-based mining on quantitative data flow graphs to derive highly accurate detection models. Our evaluation on a large and diverse malware set shows that our approach outperforms frequency-based detection models in terms of detection effectiveness by more than 600 percent.

Authors

I am an author on this paper

Click your name to claim this paper and add it to your profile.

Reviews

Primary Rating

4.6

Not enough ratings

Secondary Ratings

Novelty

-

Significance

-

Scientific rigor

-

Rate this paper

Recommended

Article Computer Science, Artificial Intelligence

Cryptocurrency malware detection in real-world environment: Based on multi-results stacking learning

Rui Zheng, Qiuyun Wang, Zhuopang Lin, Zhengwei Jiang, Jianming Fu, Guojun Peng

Summary: This paper proposes a cryptocurrency mining malware detection method called CMalHunt, which integrates heuristic rule features as a domain knowledge component in an ensemble learning framework. Experimental results show that CMalHunt outperforms baseline machine learning models, validating the effectiveness of feature type integration.

APPLIED SOFT COMPUTING (2022)

Add to Collection

Article Chemistry, Multidisciplinary

Malware Detection Using Memory Analysis Data in Big Data Environment

Murat Dener, Gokce Ok, Abdullah Orman

Summary: The study suggests using memory data in malware detection and applying deep learning and machine learning approaches in a big data environment. Results show that the Logistic Regression algorithm achieved the most successful malware detection in memory analysis.

APPLIED SCIENCES-BASEL (2022)

Add to Collection

Article Computer Science, Information Systems

Malware Detection by Control-Flow Graph Level Representation Learning With Graph Isomorphism Network

Yun Gao, Hirokazu Hasegawa, Yukiko Yamaguchi, Hajime Shimada

Summary: This study proposes a malware classification system based on Control-Flow Graph (CFG) and Graph Isomorphism Network (GIN) using machine learning methods to process large-scale data. Experimental results show that the method achieves high accuracy and AUC in malware detection.

IEEE ACCESS (2022)

Add to Collection

Article Computer Science, Hardware & Architecture

DBank: Predictive Behavioral Analysis of Recent Android Banking Trojans

Chongyang Bai, Qian Han, Ghita Mezzour, Fabio Pierazzi, V. S. Subrahmanian

Summary: The study introduces the DBank system utilizing novel TSG features to predict whether an Android APK is a banking trojan with high accuracy and defensive capabilities against attackers; By analyzing five major ABT families, the study identifies the features that best separate them from goodware and other malware.

IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING (2021)

Add to Collection

Review Computer Science, Theory & Methods

A study on malicious software behaviour analysis and detection techniques: Taxonomy, current trends and challenges

Pascal Maniriho, Abdun Naser Mahmood, Mohammad Jabed Morshed Chowdhury

Summary: There has been a growing trend of malware release, which has raised concerns among security professionals worldwide. Understanding different types of malware and their detection techniques is challenging but crucial for researchers and the security community. Malware analysis, including static analysis, code analysis, dynamic analysis, memory analysis, and hybrid analysis techniques, is a crucial step towards detecting malware. Machine learning and deep learning methods have gained attention for their ability to develop sophisticated malware detection models that can handle known and unknown malicious activities. This survey provides a comprehensive study and analysis of current malware and detection techniques using the snowball approach, covering topics such as malware analysis testbeds, dynamic malware analysis, memory analysis, malware behavior analysis tools, datasets repositories, feature selection, machine learning, and deep learning techniques. The study also includes comparisons of behavior-based malware detection techniques grouped by categories of machine learning and deep learning techniques, as well as discussion on performance evaluation metrics, current research challenges, and future directions.

FUTURE GENERATION COMPUTER SYSTEMS-THE INTERNATIONAL JOURNAL OF ESCIENCE (2022)

Add to Collection

Article Computer Science, Artificial Intelligence

An ensemble framework for interpretable malicious code detection

Jieren Cheng, Jiachen Zheng, Xiaomei Yu

Summary: This paper provides an overview of the prevalent methods for detecting malicious codes, including signature-based, behavioral-based, and machine learning approaches. The effective malicious features are summarized and novel machine learning methods are discussed in depth. Furthermore, an ensemble interpretable framework is explored for automatic and efficient detection of malicious codes.

INTERNATIONAL JOURNAL OF INTELLIGENT SYSTEMS (2022)

Add to Collection

Article Computer Science, Theory & Methods

A Survey on Data-driven Network Intrusion Detection

Dylan Chou, Meng Jiang

Summary: This survey presents the challenges faced by data-driven network intrusion detection, including the authenticity and representativeness of datasets. Trends in the past decade are analyzed, and future directions are proposed, including the application of NID in cloud-based environments, designing scalable models for large network data, and collecting labeled datasets from real-world networks.

ACM COMPUTING SURVEYS (2022)

Add to Collection

Article Computer Science, Artificial Intelligence

An effectiveness analysis of transfer learning for the concept drift problem in malware detection

David Escudero Garcia, Noemi DeCastro-Garcia, Angel Luis Munoz Castaneda

Summary: In this research, the performance of transfer learning techniques for malware detection is evaluated over different time horizons and learning settings. Experiments are conducted on unbalanced data with different file types to address additional challenges in malware detection. The goal is to determine if transfer learning can help solve the concept drift problem and build models that can detect new malware.

EXPERT SYSTEMS WITH APPLICATIONS (2023)

Add to Collection

Article Computer Science, Information Systems

Malware detection employed by visualization and deep neural network

Anson Pinhero, M. L. Anupama, P. Vinod, C. A. Visaggio, N. Aneesh, S. Abhijith, S. AnanthaKrishnan

Summary: With the rapid growth of malware, automatic classification faces challenges, this study explores a new approach combining malware visualization and deep learning classification, successfully improving classification accuracy and efficiency.

COMPUTERS & SECURITY (2021)

Add to Collection

Article Computer Science, Artificial Intelligence

Fast & Furious: On the modelling of malware detection as an evolving data stream

Fabricio Ceschin, Marcus Botacin, Heitor Murilo Gomes, Felipe Pinage, Luiz S. Oliveira, Andre Gregio

Summary: Malware poses a major threat to computer systems, and the constant evolution of malware samples causes concept drift, which directly affects the detection rates of machine learning models. This study evaluates the impact of concept drift on malware classifiers and proposes a novel data stream pipeline to mitigate the issue.

EXPERT SYSTEMS WITH APPLICATIONS (2023)

Add to Collection

Article Computer Science, Hardware & Architecture

Intelligent malware detection based on graph convolutional network

Shanxi Li, Qingguo Zhou, Rui Zhou, Qingquan Lv

Summary: Malware has been a serious threat to computer systems for a long time, and traditional detection methods have limited effectiveness. AI-based malware detection has gained popularity due to its better predictive performance. A malware classifier based on graph convolutional network has been designed to adapt to the diversity of malware characteristics, showing superior performance in detection, with high accuracy and stability.

JOURNAL OF SUPERCOMPUTING (2022)

Add to Collection

Article Computer Science, Information Systems

A malware detection system using a hybrid approach of multi-heads attention-based control flow traces and image visualization

Farhan Ullah, Gautam Srivastava, Shamsher Ullah

Summary: Android, being the most widely used mobile platform, is a prime target for malicious attacks. This study proposes a novel malware detection method that combines API-Call Graphs with byte-level image representation, resulting in effective detection and classification of malware.

JOURNAL OF CLOUD COMPUTING-ADVANCES SYSTEMS AND APPLICATIONS (2022)

Add to Collection

Article Computer Science, Information Systems

A Malware Detection Approach Based on Feature Engineering and Behavior Analysis

Manuel Torres, Rafael Alvarez, Miguel Cazorla

Summary: Cybercriminals constantly develop new techniques to evade security measures, resulting in rapid evolution of malware. Detecting malware across multiple systems is challenging due to unique characteristics of each computing environment. Traditional signature-based malware detection has been replaced by modern approaches, such as machine learning and behavior-based threat detection. Researchers use these techniques to extract features from various data sources and feed them to models for accurate prediction.

IEEE ACCESS (2023)

Add to Collection

Article Computer Science, Theory & Methods

MalProtect: Stateful Defense Against Adversarial Query Attacks in ML-Based Malware Detection

Aqib Rashid, Jose Such

Summary: ML models are vulnerable to adversarial query attacks, and this paper presents a stateful defense system called MalProtect that can reduce the evasion rate of adversarial attacks in the malware detection domain.

IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY (2023)

Add to Collection

Article Computer Science, Information Systems

On the relativity of time: Implications and challenges of data drift on long-term effective android malware detection

Alejandro Guerra-Manzanares, Hayretdin Bahsi

Summary: This study evaluates the machine learning models in the Android malware detection domain and highlights the significance of timestamp selection in concept drift modeling and long-term performance of the model.

COMPUTERS & SECURITY (2022)

Add to Collection

Article Computer Science, Software Engineering

Practical static analysis of context leaks in Android applications

Flavio Toffalini, Jun Sun, Martin Ochoa

SOFTWARE-PRACTICE & EXPERIENCE (2019)

Add to Collection

Article Computer Science, Theory & Methods

Insight Into Insiders and IT: A Survey of Insider Threat Taxonomies, Analysis, Modeling, and Countermeasures

Ivan Homoliak, Flavio Toffalini, Juan Guarnizo, Yuval Elovici, Martin Ochoa

ACM COMPUTING SURVEYS (2019)

Add to Collection

Article Computer Science, Information Systems

CIMA: Compiler-Enforced Resilience Against Memory Safety Attacks in Cyber-Physical Systems

Eyasu Getahun Chekole, Sudipta Chattopadhyay, Martin Ochoa, Huaqun Guo, Unnikrishnan Cheramangalath

COMPUTERS & SECURITY (2020)

Add to Collection

Article Computer Science, Information Systems

Combining behavioral biometrics and session context analytics to enhance risk-based static authentication in web applications

Jesus Solano, Luis Camacho, Alejandro Correa, Claudio Deiro, Javier Vargas, Martin Ochoa

Summary: Combining fingerprinting and behavioral dynamics can enhance the security of login mechanisms. Context analysis and behavioral analysis individually achieve around 0.7 accuracy, but a combined approach can reach up to 0.9 accuracy using a linear combination of the outcomes of the single models.

INTERNATIONAL JOURNAL OF INFORMATION SECURITY (2021)

Add to Collection

Proceedings Paper Computer Science, Information Systems

Detection of Threats to IoT Devices using Scalable VPN-forwarded Honeypots

Amit Tambe, Yan Lin Aung, Ragav Sridharan, Martin Ochoa, Nils Ole Tippenhauer, Asaf Shabtai, Yuval Elovici

PROCEEDINGS OF THE NINTH ACM CONFERENCE ON DATA AND APPLICATION SECURITY AND PRIVACY (CODASPY '19) (2019)

Add to Collection

Proceedings Paper Computer Science, Information Systems

Careful-Packing: A Practical and Scalable Anti-Tampering Software Protection enforced by Trusted Computing

Flavio Toffalini, Martin Ochoa, Sun Jun, Jianying Zhou

PROCEEDINGS OF THE NINTH ACM CONFERENCE ON DATA AND APPLICATION SECURITY AND PRIVACY (CODASPY '19) (2019)

Add to Collection

Proceedings Paper Computer Science, Information Systems

Location Proximity Attacks Against Mobile Targets: Analytical Bounds and Attacker Strategies

Xueou Wang, Xiaolu Hou, Ruben Rios, Per Hallgren, Nils Ole Tippenhauer, Martin Ochoa

COMPUTER SECURITY (ESORICS 2018), PT II (2018)

Add to Collection

Proceedings Paper Computer Science, Information Systems

Finding Dependencies between Cyber-Physical Domains for Security Testing of Industrial Control Systems

John H. Castellanos, Martin Ochoa, Jianying Zhou

34TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE (ACSAC 2018) (2018)

Add to Collection

Proceedings Paper Computer Science, Information Systems

Enforcing Full-Stack Memory-Safety in Cyber-Physical Systems

Eyasu Getahun Chekole, Sudipta Chattopadhyay, Martin Ochoa, Guo Huaqun

ENGINEERING SECURE SOFTWARE AND SYSTEMS, ESSOS 2018 (2018)

Add to Collection

Proceedings Paper Computer Science, Theory & Methods

Enforcing Memory Safety in Cyber-Physical Systems

Eyasu Getahun Chekole, John Henry Castellanos, Martin Ochoa, David K. Y. Yau

COMPUTER SECURITY, 2017 (2018)

Add to Collection

Article Computer Science, Information Systems

Assuring BetterTimes

Per Hallgren, Ravi Kishore, Martin Ochoa, Andrei Sabelfeld

JOURNAL OF COMPUTER SECURITY (2018)

Add to Collection

Proceedings Paper Computer Science, Information Systems

Reasoning about Probabilistic Defense Mechanisms against Remote Attacks

Martin Ochoa, Sebastian Banescu, Cynthia Disenfeld, Gilles Barthe, Vijay Ganesh

2017 IEEE EUROPEAN SYMPOSIUM ON SECURITY AND PRIVACY (EUROS&P) (2017)

Add to Collection

Proceedings Paper Computer Science, Information Systems

TWOS: A Dataset of Malicious Insider Threat Behavior Based on a Gamified Competition

Athul Harilal, Flavio Toffalini, John Castellanos, Juan Guarnizo, Ivan Homoliak, Martin Ochoa

PROCEEDINGS OF THE 2017 INTERNATIONAL WORKSHOP ON MANAGING INSIDER SECURITY THREATS (MIST'17) (2017)

Add to Collection

Proceedings Paper Computer Science, Theory & Methods

Generating Behavior-based Malware Detection Models with Genetic Programming

Tobias Wuechner, Martin Ochoa, Enrico Lovat, Alexander Pretschner

2016 14TH ANNUAL CONFERENCE ON PRIVACY, SECURITY AND TRUST (PST) (2016)

Add to Collection

No Data Available

© Peeref 2019-2024. All rights reserved.