Behaviour-aware Malware Classification: Dynamic Feature Selection

Phai, Vu Dinh; Shone, Nathan; Dung, Phan Huy; Shi, Qi; Hung, Nguyen Viet; Ngọc, Trần Nguyễn

doi:10.1109/kse.2019.8919491

Cited by 8 publications

(2 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Malware developers continually try to find new ways to evade detection or incorrectly classify their intent. At least 10 methods of attack are typically employed by malware developers in each sample [28], which is why malware analysts must be aware of these evasive techniques [29]. Feature extraction relies primarily on domain expertise and is conducted manually.…”

Section: Background and Related Workmentioning

confidence: 99%

Memory Forensics-Based Malware Detection Using Computer Vision and Machine Learning

et al. 2022

View full text Add to dashboard Cite

Malware has recently grown exponentially in recent years and poses a serious threat to individual users, corporations, banks, and government agencies. This can be seen from the growth of Advanced Persistent Threats (APTs) that make use of advance and sophisticated malware. With the wide availability of computer-automated tools such as constructors, email flooders, and spoofers. Thus, it is now easy for users who are not technically inclined to create variations in existing malware. Researchers have developed various defense techniques in response to these threats, such as static and dynamic malware analyses. These techniques are ineffective at detecting new malware in the main memory of the computer and otherwise require considerable effort and domain-specific expertise. Moreover, recent techniques of malware detection require a long time for training and occupy a large amount of memory due to their reliance on multiple factors. In this paper, we propose a computer vision-based technique for detecting malware that resides in the main computer memory in which our technique is faster or memory efficient. It works by taking portable executables in a virtual environment to extract memory dump files from the volatile memory and transform them into a particular image format. The computer vision-based contrast-limited adaptive histogram equalization and the wavelet transform are used to improve the contrast of neighboring pixel and to reduce the entropy. We then use the support vector machine, random forest, decision tree, and XGBOOST machine learning classifiers to train the model on the transformed images with dimensions of 112 × 112 and 56 × 56. The proposed technique was able to detect and classify malware with an accuracy rate of 97.01%. Its precision, recall, and F1-score were 97.36%, 95.65%, and 96.36%, respectively. Our finding shows that our technique in preparing dataset with more efficient features to be trained by the Machine Learning classifiers has resulted in significant performance in terms of accuracy, precision, recall, F1-score, speed and memory consumption. The performance has superseded most of the existing techniques in its unique approach.

show abstract

Section: Background and Related Workmentioning

confidence: 99%

Memory Forensics-Based Malware Detection Using Computer Vision and Machine Learning

et al. 2022

View full text Add to dashboard Cite

show abstract

“…The dynamics of the social field is a hot research, e.g., the dynamical behavioral mining [27], [28]. The Appendix details the dynamics model used in sensing data dynamics system mining.…”

Section: Physical System and Stabilitymentioning

confidence: 99%

Dynamic Data Mining of Sensor Data

2020

View full text Add to dashboard Cite

The research of data mining has aroused widespread concern in academia and industry. However, an important mark of the Internet of Things era is that sensor data replaces artificially compiled data. How to extract valuable knowledge and patterns from a large amount of data generated by sensors is a meaningful research topic. This paper proposes a dynamic data mining framework for processing sensor data. A sensor data mining model which can be used in the process of dynamic change is constructed. In this model, different sensor network environments are considered as different physical systems. The physical system and its parameters are trained by collecting and mining historical changes in sensor data; the associations between different sensor network environments are discovered by mining the associations between the parameters of different physical systems. In our limited experimental environment, the physical quantities considered included transmission distance, transmission delay, sensor data, data changes, and so on. Experiments were carried out on the designated experimental platform, and the results showed that the model could mine the dynamic data and find stable patterns. Through the analysis of the experimental results, it was found that the model had reference value for the dynamic mining of sensor data, and was expected to construct new methods for industrial big data analysis. INDEX TERMS Clustering, dynamic characteristics, dynamic data mining, IoT, sensors.

show abstract