A new approach for APT malware detection based on deep graph network for endpoint systems

Xuan, Cho Do; Huong, DT

doi:10.1007/s10489-021-03138-z

Cited by 20 publications

(11 citation statements)

References 41 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…• APT malware often runs processes to hide detection during an attack. Collecting this data is essential for detecting abnormal behaviors [104].…”

Section: G Advanced Persistent Threats (Apts)mentioning

confidence: 99%

“…They used features such as network flow, traffic statistics, and temporal patterns. Other methods include semi-supervised learning with complex network characteristics [103], real-time provenance tracking [32], real-time APT detection using an ensemble learning approach [150], decepticon techniques [151], and deep graph networks [104] to detect APTs by leveraging packet-and network-level attributes, network flow data, traffic analyses, and graph-based features. Yang et al [33] developed a data backup and recovery strategy for the APTs.…”

Section: C: Advanced Persistent Threat (Apt) Detection Approachesmentioning

confidence: 99%

“…Limitations: Many of these studies face challenges such as the need for real-world data for validation [32], [104], [127], [147], [148], [151], computational complexity [104], [126], scalability [149], [150], false positives [32], [127], [149], [151], and feature selection issues [104], [126].…”

Section: C: Advanced Persistent Threat (Apt) Detection Approachesmentioning

confidence: 99%

See 2 more Smart Citations

A Review of State-of-the-Art Malware Attack Trends and Defense Mechanisms

Ferdous,

Islam,

Mahboubi

et al. 2023

IEEE Access

View full text Add to dashboard Cite

The increasing sophistication of malware threats has led to growing concerns in the antimalware community, as malware poses a significant danger to online users despite the availability of numerous defense solutions. This study aims to comprehensively review malware evolution and current attack trends to identify effective defense mechanisms. It reviews the most recent journal articles, conference proceedings, reports, and online resources published during the last five years. We extensively review the malware landscape from 1970 to the present and analyze malware types, operational mechanisms, attack vectors, and vulnerabilities. Furthermore, we explore different defensive strategies developed in response to these evolving threats. Our findings highlight the increasing sophistication of malware attack trends, including a surge in cryptojacking, attacks on mobile devices, Internet of Things devices, ransomware, advanced persistent threats, supply chain attacks, fileless malware, cloud-based attacks, exploitation of remote employees, and attack trends on edge networks. Defense strategies have also evolved in parallel, emphasizing multilayered security measures to counter these dynamic threats. This study highlights the critical need for robust, multilayered security measures to combat dynamic malware. Despite these advancements, some open challenges and significant research gaps remain, which require further innovation. This review serves as a valuable guide for cybersecurity professionals by identifying the key trends, challenges, limitations, and future cybersecurity research opportunities.INDEX TERMS Malware evolution, malware attack trends, defense mechanisms, malware detection, machine learning, deep learning. D. INCREASED NUMBER OF TARGETED RANSOMWARE ATTACKSRecent malware trends have highlighted increased targeted ransomware attacks, in which hackers access a network or system, encrypt data, and demand a ransom to restore access. This increase in ransomware attacks is driven by several factors, including potential financial gains, easy operation, the rise of ransomware-as-a-service platforms, and the popularity of cryptocurrencies like Bitcoin [97]. Ransomware attacks are wide-ranging, targeting everything from desktops and mobile devices and increasingly involving IoT devices.

show abstract

“…• APT malware often runs processes to hide detection during an attack. Collecting this data is essential for detecting abnormal behaviors [104].…”

Section: G Advanced Persistent Threats (Apts)mentioning

confidence: 99%

Section: C: Advanced Persistent Threat (Apt) Detection Approachesmentioning

confidence: 99%

See 1 more Smart Citation

A Review of State-of-the-Art Malware Attack Trends and Defense Mechanisms

Ferdous,

Islam,

Mahboubi

et al. 2023

IEEE Access

View full text Add to dashboard Cite

show abstract

“…In recent years, different from traditional approaches given above, image(visualization)‐based methods have been started to be researched and tested for malware and advanced persistent threat (APT) detection 19‐22 . The visualization approach, first the application files converts to images, extracts important features and then uses computer vision methods.…”

Section: Introductionmentioning

confidence: 99%

“…18 In recent years, different from traditional approaches given above, image(visualization)-based methods have been started to be researched and tested for malware and advanced persistent threat (APT) detection. [19][20][21][22] The visualization approach, first the application files converts to images, extracts important features and then uses computer vision methods. This methods reduce domain expertise, source codes are analyzed from a general perspective, and it is possible to provide image-based classification using convolutional neural networks (CNN).…”

mentioning

confidence: 99%

AMD‐CNN: Android malware detection via feature graph and convolutional neural networks

Arslan

Taşyürek

2022

Concurrency and Computation

View full text Add to dashboard Cite

Summary Android malware has become a serious threat to mobile device users, and effective detection and defence architectures are needed to solve this problem. Recently, machine learning techniques have been widely used to deal with Android malicious apps. These methods are based on a simple feature set and have difficulty detecting up‐to‐date malware. Therefore, more robust and efficient classification methodologies are needed. In this article, AMD‐CNN, an Android malware detection tool, is proposed, and it uses graphical representations to detect malicious apks. In the first step, the features related to the androidmanifest.xml file are extracted and converted into a vector consisting of one or zero. The feature vector is then converted to 2D‐code images and used in training the CNN network. The model needs low‐resource consumption to run on mobile devices and allow real‐time applications to be analyzed. The experiments with 1920 malicious and benign apks show that the malware detection rate (accuracy) was 96.2% and precision, recall, and F‐score values were 97.9%, 98.2%, and 98.1%, respectively. The average time and memory space to analyze each application are 0.035 s and 3.38 MB. AMD‐CNN is an efficient and robust tool and has advantages over previous studies.

show abstract