Catch them alive: A malware detection approach through memory forensics, manifold learning and computer vision

Bozkır, Ahmet Selman; Tahıllıoğlu, Erşan; Aydos, Murat; Kara, İ̇lker

doi:10.1016/j.cose.2020.102166

Cited by 81 publications

(45 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Observe que Zero 2 -SMELL e UMAP estimam um novo espac ¸o de representac ¸ão para classificar malware desconhecido. Assim, além do nosso trabalho, apenas UMAP [Bozkir et al 2021] também é capaz de realizar ZSL sem outras adaptac ¸ões.…”

Section: Resultsunclassified

“…Abordagens que podem classificar malwares desconhecidos (que não estavam no conjunto de treinamento) são promissoras para essa tarefa. [Bozkir et al 2021] estima uma nova representac ¸ão dos dados com base em uma transformac ¸ão linear para reduc ¸ão de dimensão (chamada UMAP) no domínio do problema e avalia sua contribuic ¸ão para problemas de detecc ¸ão de malware desconhecidos (ZSL).…”

Section: Trabalhos Relacionadosunclassified

See 1 more Smart Citation

Zero^2-SMELL: Uma nova abordagem de aprendizado zero-shot para detectar vulnerabilidades de dia zero

Barros¹,

Gomes²,

Barbosa³

et al. 2021

Anais Do XXI Simpósio Brasileiro De Segurança Da Informação E De Sistemas Computacionais (SBSeg 2021)

View full text Add to dashboard Cite

Um dos problemas de segurança mais relevantes é inferir se um programa tem intenções maliciosas (software malware). Mesmo que o antivírus seja uma das abordagens mais populares para detecção de malware, novos tipos de malware são lançados em um ritmo acelerado, tornando a maioria das técnicas para detectá-los rapidamente obsoletas. Portanto, o antivírus normalmente falha em detectar novos malwares até que sua assinatura seja incorporada ao banco de dados. No entanto, novas técnicas para identificar malwares desconhecidos são necessárias para proteger os sistemas mesmo no dia zero do lançamento de um malware. O aprendizado few-shot é uma abordagem que consiste em usar alguns poucos exemplos de cada classe durante o treinamento de um modelo. Um caso interessante desse tipo de abordagem é a classificação de objetos que ainda não foram usados no conjunto de treinamento, ou seja, aprendizagem Zero-shot (ZSL). No presente trabalho, propomos um novo método de ZSL para classificar malware usando representação visual. Propomos um novo espaço de representação para calcular a similaridade entre pares de objetos, denominado espaço-S. Avaliamos nossa proposta em conjuntos de dados do mundo real compostos de exemplos de malware. Nossa proposta atingiu 81 na medida Recall@K e supera outros métodos em uma proporção de 14.81% em um modelo de classificação para vulnerabilidades de dia zero.

show abstract

Section: Resultsunclassified

Section: Trabalhos Relacionadosunclassified

Zero^2-SMELL: Uma nova abordagem de aprendizado zero-shot para detectar vulnerabilidades de dia zero

Barros¹,

Gomes²,

Barbosa³

et al. 2021

Anais Do XXI Simpósio Brasileiro De Segurança Da Informação E De Sistemas Computacionais (SBSeg 2021)

View full text Add to dashboard Cite

show abstract

“…Various machine learning models were used and compared. Note that other lesser dataset includes Malimg [8], MaleVis [9], Dumpware10 [10], and Virus-MNIST [11]. Most of the dataset have varying sizes except for Virus-MNIST which have a size of 32x32x1.…”

Section: A Related Workmentioning

confidence: 99%

Vision-Based Malware Detection: A Transfer Learning Approach Using Optimal ECOC-SVM Configuration

Wong

Juwono²,

Apriono

2021

IEEE Access

View full text Add to dashboard Cite

Malware detection in current times is increasingly important due to the presence of dangerous malicious software (malware) as well as ransomware in digital cyberspace. Conventional approaches such as using malware features (either static or dynamic or hybrid) have been applied for detection. Advances in Deep Learning (DL) has attracted a lot of interests in applications of malware detection. In particular, the file binaries are fed in to the DL neural network for training and testing. Despite the theoretical basis, we find that overfitting has occurred despite applying precaution, such as applying sufficient dropout layers. Limitations can also be attributed to the final classification layers (fully connected shallow network and softmax classification). In this paper, we apply transfer learning using ShuffleNet and DenseNet-201, two models trained on large dataset to recognize daily objects. This is done with the entire layers frozen to prevent overfitting and an optimal Error correction output code (ECOC) ensemble configuration of Support Vector Machines (SVM). Several ECOC coding matrices were applied, e.g., One vs. All (OVA), One vs. One (OVO), Dense Random (DR), and Sparse Random (SR). Each of these configurations represents varying complexity and ensemble size and, hence, a tradeoff between computation reduction and complex non-linear separation appears. Given that the continuous values of SVM parameters may take up high computation for acquiring the optimal parameter configuration, we apply discrete values combination using a grid search approach for parameter optimization. We test the proposed model on Malimg, MaleVis, virus-MNIST, and Dumpware10 datasets. The results show better/comparable accuracy compared with the existing work. The best/average accuracy values for each dataset over 10 trials are: Malimg (99.14%/98.87%), MaleVis (95.01%/93.91%), Virus-MNIST (86.36%/85.79%), Dumpware10 (96.62%/95.79%).

show abstract

“…Bozkir et al [56] proposed a new memory dumping and computer vision-base method to detect malware in memory even they do not exist on hard drive using MaleVi…”

Section: About the Datasetmentioning

confidence: 99%

“…The measured accuracy rates are higher than those of known methods. Bozkir et al [56] proposed a new memory dumping and computer vision-based method to detect malware in memory even they do not exist on hard drive using MaleVis dataset. The state of the art manifold learning and dimension reduction technique named UMAP was used for the first time in the problem domain for better discrimination.…”

Section: Data Collection About the Datasetmentioning

confidence: 99%

Improving the Robustness of AI-Based Malware Detection Using Adversarial Machine Learning

et al. 2021

View full text Add to dashboard Cite

Cyber security is used to protect and safeguard computers and various networks from ill-intended digital threats and attacks. It is getting more difficult in the information age due to the explosion of data and technology. There is a drastic rise in the new types of attacks where the conventional signature-based systems cannot keep up with these attacks. Machine learning seems to be a solution to solve many problems, including problems in cyber security. It is proven to be a very useful tool in the evolution of malware detection systems. However, the security of AI-based malware detection models is fragile. With advancements in machine learning, attackers have found a way to work around such detection systems using an adversarial attack technique. Such attacks are targeted at the data level, at classifier models, and during the testing phase. These attacks tend to cause the classifier to misclassify the given input, which can be very harmful in real-time AI-based malware detection. This paper proposes a framework for generating the adversarial malware images and retraining the classification models to improve malware detection robustness. Different classification models were implemented for malware detection, and attacks were established using adversarial images to analyze the model’s behavior. The robustness of the models was improved by means of adversarial training, and better attack resistance is observed.

show abstract

Catch them alive: A malware detection approach through memory forensics, manifold learning and computer vision

Cited by 81 publications

References 14 publications

Zero^2-SMELL: Uma nova abordagem de aprendizado zero-shot para detectar vulnerabilidades de dia zero

Zero^2-SMELL: Uma nova abordagem de aprendizado zero-shot para detectar vulnerabilidades de dia zero

Vision-Based Malware Detection: A Transfer Learning Approach Using Optimal ECOC-SVM Configuration

Improving the Robustness of AI-Based Malware Detection Using Adversarial Machine Learning

Contact Info

Product

Resources

About