A Sense of ‘Danger’ for Windows Processes

Manzoor, Salman; Shafiq, M. Zubair; Tabish, S. Momina; Farooq, Muddassar

doi:10.1007/978-3-642-03246-2_22

Cited by 18 publications

(14 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The 4-perm algorithm will produce more features, so the information gain value is used to measure the classification performance of feature and screen features [28]. Random variable Y represents the classification results, and random variable X i represents features i corresponding random variable.…”

Section: Mark Characteristicmentioning

confidence: 99%

An Android Malicious Code Detection Method Based on Improved DCA Algorithm

Wang

Gong

et al. 2017

Entropy

View full text Add to dashboard Cite

Abstract:Recently, Android malicious code has increased dramatically and the technology of reinforcement is increasingly powerful. Due to the development of code obfuscation and polymorphic deformation technology, the current Android malicious code static detection method whose feature selected is the semantic of application source code can not completely extract malware's code features. The Android malware static detection methods whose features used are only obtained from the AndroidManifest.xml file are easily affected by useless permissions. Therefore, there are some limitations in current Android malware static detection methods. The current Android malware dynamic detection algorithm is mostly required to customize the system or needs system root permissions. Based on the Dendritic Cell Algorithm (DCA), this paper proposes an Android malware algorithm that has a higher detection rate, does not need to modify the system, and reduces the impact of code obfuscation to a certain degree. This algorithm is applied to an Android malware detection method based on oriented Dalvik disassembly sequence and application interface (API) calling sequence. Through the designed experiments, the effectiveness of this method is verified for the detection of Android malware.

show abstract

Section: Mark Characteristicmentioning

confidence: 99%

An Android Malicious Code Detection Method Based on Improved DCA Algorithm

Wang

Gong

et al. 2017

Entropy

View full text Add to dashboard Cite

show abstract

“…The model is using a portable executable file representation and API call logs extracted from windows environment because of the wide spread of this type of files in different platforms. The data set used in this research was downloaded from a well known research group website in the computer security field [18], [19]. The use of this data set in many research projects in malware detection will make it a suitable way to evaluate our results with others models.…”

Section: Dynamic Innate Immune System Modelmentioning

confidence: 99%

Dynamic Innate Immune System Model for Malware Detection

Ali

Maarof

2013

2013 International Conference on IT Convergence and Security (ICITCS)

View full text Add to dashboard Cite

Malware stand for Malicious Software became a major threat facing the massive amount of data transmitted through the internet and the systems holding that data. Malware detection is the process of identifying the malicious behavior or object as malware. Many methods used to do the detection process, these methods are varied depending on the process used by the detector -anti virus or anti malware is a commercial name of detectors. Signature base, behavior base and specification base. Increasing the detection accuracy is the main goal of researchers in the last decade. In this paper we introduce a dynamic malware detection model by applying the innate immune system to improve the detection accuracy. The proposed model applied to the portable executable file representation by extracting the API call logs from new installed windows environment due to the wide spread of this type of files in different platforms. The results of the experiments show a better detection accuracy of the proposed model for known malware and promising improvement on the new unknown malware and polymorphic malware.Keywords-dynamic malware detection; artificial immune system; innate immune system I.

show abstract

“…Danger theory is a bio-inspired method that replicates how the human body fights pathogens and the literature has shown that it can solve problems mainly related to the detection process. While not many works that apply danger theory have addressed the outbreak detection problem, danger theory has been successfully applied in intrusion [37,38], fraud [39,40], and fault detection problems [41] with good detection performance. Since the capability of danger theory as a good detector is proven in other areas, it motivates us to adapt the artificial immune system (AIS) as an outbreak detection model.…”

Section: Introductionmentioning

confidence: 99%

Outbreak detection model based on danger theory

Mohsin

Bakar

Hamdan

2014

Applied Soft Computing

View full text Add to dashboard Cite

a b s t r a c tIn outbreak detection, one of the key issues is the need to deal with the weakness of early outbreak signals because this causes the detection model to have has less capability in terms of robustness when unseen outbreak patterns vary from those in the trained model. As a result, an imbalance between high detection rate and low false alarm rate occurs. To solve this problem, this study proposes a novel outbreak detection model based on danger theory; a bio-inspired method that replicates how the human body fights pathogens. We propose a signal formalization approach based on cumulative sum and a cumulative mature antigen contact value to suit the outbreak characteristic and danger theory. Two outbreak diseases, dengue and SARS, are subjected to a danger theory algorithm; namely the dendritic cell algorithm. To evaluate the model, four measurement metrics are applied: detection rate, specificity, false alarm rate, and accuracy. From the experiment, the proposed model outperforms the other detection approaches and shows a significant improvement for both diseases outbreak detection. The findings reveal that the robustness of the proposed immune model increases when dealing with inconsistent outbreak signals. The model is able to detect new unknown outbreak patterns and can discriminate between outbreak and non-outbreak cases with a consistent high detection rate, high sensitivity, and lower false alarm rate even without a training phase.

show abstract

A Sense of ‘Danger’ for Windows Processes

Cited by 18 publications

References 11 publications

An Android Malicious Code Detection Method Based on Improved DCA Algorithm

An Android Malicious Code Detection Method Based on Improved DCA Algorithm

Dynamic Innate Immune System Model for Malware Detection

Outbreak detection model based on danger theory

Contact Info

Product

Resources

About