Malware variants are the major emerging threats that face cybersecurity due to the potential damage to computer systems. Many solutions have been proposed for detecting malware variants. However, accurate detection is challenging due to the constantly evolving nature of the malware variants that cause concept drift. Existing malware detection solutions assume that the mapping learned from historical malware features will be valid for new and future malware. The relationship between input features and the class label has been considered stationary, which doesn't hold for the ever-evolving nature of malware variants. Malware features change dynamically due to code obfuscations, mutations, and the modification made by malware authors to change the features' distribution and thus evade the detection rendering the detection model obsolete and ineffective. This study presents an Adaptive behavioral-based Incremental Batch Learning Malware Variants Detection model using concept drift detection and sequential deep learning (AIBL-MVD) to accommodate the new malware variants. Malware behavior were extracted using dynamic analysis by running the malware files in a sandbox environment and collecting their Application Programming Interface (API) traces. According to the malware first-time appearance, the malware samples were sorted to capture the malware variants' change characteristics. The base classifier was then trained based on a subset of historical malware samples using a sequential deep learning model. The new malware samples were mixed with a subset of old data and gradually introduced to the learning model in an adaptive batch size incremental learning manner to address the catastrophic forgetting dilemma of the incremental learning. The statistical process control technique has been used to detect the concept drift as indication for incrementally updating the model as well as reducing the frequency of model updates. Results from extensive experiments show that the proposed model is superior in terms of detection rate and the efficiency compared with the static model, periodic retraining approaches, and the fixed batch size incremental learning approach. The model maintains an average of 99.41% detection accuracy of new and variants malware with a low updating frequency of 1.35 times per month.
Malicious software (“malware”) has become one of the serious cybersecurity issues in Android ecosystem. Given the fast evolution of Android malware releases, it is practically not feasible to manually detect malware apps in the Android ecosystem. As a result, machine learning has become a fledgling approach for malware detection. Since machine learning performance is largely influenced by the availability of high quality and relevant features, feature selection approaches play key role in machine learning based detection of malware. In this paper, we formulate the feature selection problem as a quadratic programming problem and analyse how commonly used filter-based feature selection methods work with emphases on Android malware detection. We compare and contrast several feature selection methods along several factors including the composition of relevant features selected. We empirically evaluate the predictive accuracy of the feature subset selection algorithms and compare their predictive accuracy and the execution time using several learning algorithms. The results of the experiments confirm that feature selection is necessary for improving accuracy of the learning models as well decreasing the run time. The results also show that the performance of the feature selection algorithms vary from one learning algorithm to another and no one feature selection approach performs better than the other approaches all the time.
Software obfuscation techniques are increasingly being used to prevent attackers from exploiting security flaws and launching successful attacks. With research on software obfuscation techniques rapidly growing, many software obfuscation techniques with varying quality and strength have been proposed in the literature. However, the literature on obfuscation techniques has not yet been coherently collated and reviewed. This research paper aims to present an overview of state-of-the-art software obfuscation techniques, focusing on quality and strength. A systematic analysis and synthesis of literature published between 2010 and April 2021 has been performed to identify the common measures to quantify obfuscation and their measures, the publication venue, and the home country of the researchers. We have identified the obfuscation quality attributes, such as potency, resilience, cost, stealth, and similarity, that are the most widely used metrics to evaluate the quality of obfuscation techniques. In addition, different measures have been used to quantify these qualities, such as complexity (to measure potency), human effort (to measure resilience), efficiency (to estimate cost), and multiclass performance metrics, distance measures, and matching method (to quantify similarity). These measures were then categorized into sub-measures. The literature lacks research in the following two areas: empirical research using a case study strategy, i.e., realworld datasets, and measurements of obfuscation stealth. Researchers did not address stealth as clearly as they addressed potency, cost, and similarity.
With mobile phones becoming integral part of modern life, the popularity of mobile social networking has tremendously increased over the past few years, bringing with it many benefits but also new trepidations. In particular, privacy issues in mobile social networking has recently become a significant concern. In this paper we present our study on the privacy vulnerability of the mobile social network data publication with emphases on a re-identification and disclosure attacks. We present a new technique for uniquely identifying a targeted individual in the anonymized social network graph and empirically demonstrate the capability of the proposed approach using a very large social network datasets. The results show that the proposed approach can uniquely re-identify a target on anonymized social network data with high success rate.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.