An Analysis of Malware Trends in Enterprise Networks

Acar, Abbas; Lu, Long; Uluagac, A. Selcuk; Kirda, Engin

doi:10.1007/978-3-030-30215-3_18

Cited by 15 publications

(7 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In reference to the dataset in Figure 2 for example, malware attacks were primarily responsible for 48.0 percent of major cybersecurity incidents while phishing attacks accounts for 19.7 percent of them. The percent of major incidents caused by malware attacks as reported in this study is very likely to be the result of the computerization of many enterprises and the user interaction with these computer attacks [56], [57]. DoS/DDoS on the other hand, caused 13.5 percent of the major cybersecurity incidents identified in this study.…”

Section: ) Additional Insights From Common Attack Techniquesmentioning

confidence: 74%

Threat Actors’ Tenacity to Disrupt: Examination of Major Cybersecurity Incidents

et al. 2022

View full text Add to dashboard Cite

show abstract

Section: ) Additional Insights From Common Attack Techniquesmentioning

confidence: 74%

Threat Actors’ Tenacity to Disrupt: Examination of Major Cybersecurity Incidents

et al. 2022

View full text Add to dashboard Cite

show abstract

“…In this paper, we focus on malware detection on the Java platform as the widespread application of Java in enterprise platforms and the rapidly increasing of malware in the wild [32]. Android applications, written in Java, have received much attention for their malicious detection [33].…”

Section: Related Workmentioning

confidence: 99%

BejaGNN: Behavior-based Java Malware Detection via Graph Neural Network

Feng

Yang

et al. 2022

Preprint

View full text Add to dashboard Cite

As a popular platform-independent language, Java is widely used in enterprise applications. In the past few years, language vulnerabilities exploited by Java malware have become increasingly prevalent, which cause threats for multi-platform. Security researchers continuously propose various approaches for fighting against Java malware programs. However, the presence of complex hidden techniques, such as code obfuscation, makes identifying complicated Java malware become challenging. Therefore, there is an urgent need to develop new approaches for resisting hidden techniques. In this paper, we present BejaGNN, a novel behavior-based Java malware detection method using static analysis, word embedding technique, and graph neural network. Specifically, BejaGNN leverages static analysis techniques to extract ICFGs from Java program files and then prunes these ICFGs to remove noisy instructions. Then, work embedding techniques are adopted to learn semantic representations for Java bytecode instructions. Finally, BejaGNN builds a graph neural network classifier to determine the maliciousness of Java programs. Experimental results on a public Java bytecode benchmark demonstrate that BejaGNN achieves high F1 98.8% and is superior to existing Java malware detection approaches, which verifies the promise of graph neural network in Java malware detection.

show abstract

“…The existence of malware that uses DoH to communicate with C&C servers has been confirmed [11]. Many large-scale malware attacks have also been reported [18] and cyber-attacks will not stop on their own. Therefore, the fact that network traffic cannot be monitored because of encryption is a critical issue for network administrators.…”

Section: Introductionmentioning

confidence: 99%

Identifying Malicious DNS Tunnel Tools from DoH Traffic Using Hierarchical Machine Learning Classification

Mitsuhashi

Satoh

Jin

et al. 2021

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Although the DNS over HTTPS (DoH) protocol has desirable properties for Internet users such as privacy and security, it also causes a problem in that network administrators are prevented from detecting suspicious network traffic generated by malware and malicious tools. To support their efforts in maintaining network security, in this paper, we propose a novel system that identifies malicious DNS tunnel tools through a hierarchical classification method that uses machine-learning technology on DoH traffic. We implemented a prototype of the proposed system and evaluated its performance on the CIRA-CIC-DoHBrw-2020 dataset, obtaining 99.81% accuracy in DoH traffic filtering, 99.99% accuracy in suspicious DoH traffic detection, and 97.22% accuracy in identification of malicious DNS tunnel tools.

show abstract

An Analysis of Malware Trends in Enterprise Networks

Cited by 15 publications

References 9 publications

Threat Actors’ Tenacity to Disrupt: Examination of Major Cybersecurity Incidents

Threat Actors’ Tenacity to Disrupt: Examination of Major Cybersecurity Incidents

BejaGNN: Behavior-based Java Malware Detection via Graph Neural Network

Identifying Malicious DNS Tunnel Tools from DoH Traffic Using Hierarchical Machine Learning Classification

Contact Info

Product

Resources

About