Artificial intelligence-based antivirus in order to detect malware preventively

Lima, Sidney Marlon Lopes de; Silva, Heverton K. de L.; Luz, João Henrique da Silva; Lima, Hercília Juliana do Nascimento; Silva, Samuel L. de P.; Andrade, Anna Beatriz Augusta de; Silva, Alisson M. da

doi:10.1007/s13748-020-00220-4

Cited by 21 publications

(17 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There is the evaluation of two architectures; they employ 100 and 500 neurons in their respective hidden layers. These architectures have a background of excellent accuracy in the application of ELM networks in the area of Biomedical Engineering [10].…”

Section: Results Of Elm Networkmentioning

confidence: 99%

“…LIMA, et al(2021) created an antivirus capable of detecting PE file (Windows) malwares with an average accuracy of 98.32% [10]. The executable file will be submitted to the disassembly process.…”

Section: State-of-the-artmentioning

confidence: 99%

“…The state-of-the-art antivirus recommends extracting features of suspicious files in a preventive manner before executing [10]. The executable file will be submitted to the reverse engineering process.…”

Section: Introductionmentioning

confidence: 99%

“…The features from assembly code are used as input attributes of the artificial neural network used as the classifier. Neural networkbased antivirus accomplishes an average performance of more than 90% in distinguishing benign and malware samples [10].…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Antivirus Applied to Jar Malware Detection based on Runtime Behaviors

Pinheiro¹,

Lima²,

Souza³

et al. 2021

Preprint

View full text Add to dashboard Cite

Background and Objective: Java vulnerabilities correspond to 91% of all exploits observed on the World Wide Web. Then, this present work aims to create an antivirus software with machine learning and artificial intelligence, master in Java malwares detection.. Methods: Within the proposed methodology, the suspect Jar sample is executed in order to infect, intentionally, Windows OS monitored in a controlled environment. In all, our antivirus monitors and ponders, statistically, 6,824 actions that the suspected Jar file can do when executed. Results: Our antivirus achieves an average performance of 91.58% in the distinction between benign and malwares Jar files. Different initial conditions, learning functions and architectures of our antivirus are investigated in order to maximize their accuracy.Conclusions: The limitations of commercial antiviruses can be supplied by intelligent antiviruses.Instead of blacklist-based models, our antivirus allows Jar malware detection in a preventive way and not in a reactive manner as Oracle's Java and traditional antivirus modus operandi.

show abstract

Section: Results Of Elm Networkmentioning

confidence: 99%

Section: State-of-the-artmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Antivirus Applied to Jar Malware Detection based on Runtime Behaviors

Pinheiro¹,

Lima²,

Souza³

et al. 2021

Preprint

View full text Add to dashboard Cite

show abstract

“…Recently, to increase the capabilities of antivirus systems, the use of machine learning algorithms using artificial intelligence (AI) has been introduced [26][27][28]. The inclusion of these techniques allows for a large-scale data analysis, the identification of patterns and trends, as well as the automatic and rapid formulation of predictions.…”

Section: Actual Antivirus Threat Detection and Classification Systemsmentioning

confidence: 99%

Evaluation of Local Security Event Management System vs. Standard Antivirus Software

Pérez-Sánchez

Hielscher

2022

Applied Sciences

View full text Add to dashboard Cite

The detection and classification of threats in computer systems has been one of the main problems researched in Cybersecurity. As technology evolves, the tactics employed by adversaries have also become more sophisticated to evade detection systems. In consequence, systems that previously detected and classified those threats are now outdated. This paper proposes a detection system based on the analysis of events and matching the risk level with the MITRE ATT&CK matrix and Cyber Kill Chain. Extensive testing of attacks, using nine malware codes and applying three different obfuscation techniques, was performed. Each malicious code was analyzed using the proposed event management system and also executed in a controlled environment to examine if commercial malware detection systems (antivirus) were successful. The results show that evading techniques such as obfuscation and in-memory extraction of malicious payloads, impose unexpected difficulties to standard antivirus software.

show abstract