Advanced Windows Methods on Malware Detection and Classification

Rabadi, Dima; Teo, Sin G.

doi:10.1145/3427228.3427242

Cited by 28 publications

(10 citation statements)

References 39 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…From the above section, the rest of the document is devoted to describe and evaluate the new version of R-Locker. We shall see that the proposal is effective and efficient, while novel in comparison with others in the literature where the typical parameterisation and monitoring-based detection methodologies previously described are considered [44][45][46].…”

Section: Related Workmentioning

confidence: 98%

Inhibiting crypto‐ransomware on windows platforms through a honeyfile‐based approach with R‐Locker

Gómez-Hernández

Sánchez-Fernández

García-Teodoro

2021

IET Information Security

View full text Add to dashboard Cite

After several years, crypto‐ransomware attacks still constitute a principal threat for individuals and organisations worldwide. Despite the fact that a number of solutions are deployed to fight against this plague, one main challenge is that of early reaction, as merely detecting its occurrence can be useless to avoid the pernicious effects of the malware. With this aim, the authors introduced in a previous work a novel anti‐ransomware tool for Unix platforms named R‐Locker. The proposal is supported on a honeyfile‐based approach, where ‘infinite’ trap files are disseminated around the target filesystem for early detection and to effectively block the ransomware action. The authors extend here the tool with three main new contributions. First, R‐Locker is migrated to Windows platforms, where specific differences exist regarding FIFO handling. Second, the global management of the honeyfiles around the target filesystem is now improved to maximise protection. Finally, blocking suspicious ransomware is (semi)automated through the dynamic use of white‐/black‐lists. As in the original work for Unix systems, the new Windows version of R‐Locker shows high effectivity and efficiency in thwarting ransomware action.

show abstract

Section: Related Workmentioning

confidence: 98%

Inhibiting crypto‐ransomware on windows platforms through a honeyfile‐based approach with R‐Locker

Gómez-Hernández

Sánchez-Fernández

García-Teodoro

2021

IET Information Security

View full text Add to dashboard Cite

show abstract

“…Their results showed that Fisher Score (FS) performed better than other methods with multiple classifiers. Unlike previous methods, Rabadiet al [23] used dynamic features in their experiment as they execute samples in an isolated virtual machine using Cuckoo Sandbox [24] to extract API-based features that were used in the detection phase. Nevertheless, the authors' work targeted only Windows 7 and as a result of depending on Cuckoo Sandbox, their method is limited to Cuckoo's hooked API calls only.…”

Section: Computer-basedmentioning

confidence: 99%

“…• Anti-analysis Techniques: In order to dynamically analyze a sample, it must be run on an isolated environment, for example Virtual Machines (VM) or sandboxes [23]. As a result, Malware developers began to use methods to evade from being run on a VM, sandbox, by detecting whether there exists analysis tools on the system and in addition check if the system is on debug mode or not.…”

Section: Challenges and Limitationsmentioning

confidence: 99%

A Survey on Artificial Intelligence Techniques for Malware Detection

Faisal¹,

Hindy²,

Gaber³

et al. 2022

Artificial Intelligence, Soft Computing and Applications

View full text Add to dashboard Cite

The rapid evolution of technology in the past years largely contributed to the digital transformation, however, attackers took advantage of it to spread malicious software (malware). Nowadays, malware has become more sophisticated, which makes it harder to be detected with traditional techniques. Over the years, attacks became, not only limited to computer-based operating systems, but also to that of mobilebased, which makes it even harder for analysts. Furthermore, this increases the need for more research in this direction. The technological evolution also gives researchers the chance to utilize Artificial Intelligence widely and leverage its capabilities in many fields in general and in the field of malware detection in particular. This paper provides a literature review on malware detection using Artificial Intelligence techniques and specifically, Machine Learning and Deep Learning techniques. The paper helps researchers to have a broad idea of the latest malware detection techniques, available datasets, challenges, and limitations.

show abstract

“…Many detection systems based on artificial intelligence (AI) have been proposed in security tasks such as network intrusion detections (NIDSs) [1]- [3], malware detections [4], [5] and spam detections [6]. Nevertheless, numerous studies have revealed that AI-based systems are vulnerable to adversarial attacks [7]- [9].…”

Section: Introductionmentioning

confidence: 99%

“…There is less research on the adversarial robustness evaluation of ensemble models than linear and neural networks models [14]- [16], despite the fact that many security-related applications use ensemble learning techniques because of their flexibility, resilience and competitive performance [5], [17], [18]. Moreover, some studies showed model ensembles [19], [20] and ensemble defenses [21], [22] will also enhance the robustness of models, while other researchers have challenged this claim [23]- [25].…”

Section: Introductionmentioning

confidence: 99%