Combining file content and file relations for cloud based malware detection

Ye, Yanfang; Li, Tao; Zhu, Shenghuo; Zhuang, Weiwei; Tas, Egemen; Gupta, Umesh C.; Abdulhayoglu, Melih

doi:10.1145/2020408.2020448

Cited by 74 publications

(54 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The anti-malware software widely uses the signature-based method to identify the known threats/malware. A signature is a short sequence of bytes that uniquely characterizes any malware [5]. The signatures are created manually by an analyst by analyzing the malware.…”

Section: Signature-based Detectionmentioning

confidence: 99%

“…Comodo's Anti-Virus products [5,26,27] and Symantec Anti-Malware products [28]. These methods have better results but still fail to avoid false alarms on one hand and fail to detect novel malware on the other hand.…”

Section: Data Analysis-based Detectionmentioning

confidence: 99%

“…However, these anti-malwares mainly employ signature based, heuristic based and hybrid methods to detect such attacks. Signature based methods are given a signature, which is a sequence of bytes characterizing a malware uniquely and identifies if a given software is a malware by looking up the signatures in the software [5]. However, this method is strongly retrospective and fail to detect novel malwares as well as variant of known malwares since malware developers keep changing the same malware code (using developed toolkits [6,7,8]) to avoid detection by employing various techniques, e.g., polymorphism, instruction virtualization, to name a few.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

An Open Source, Extensible Malware Analysis Platform

Michalopoulos¹,

Ieronymakis²,

Khan³

et al. 2018

MATEC Web Conf.

View full text Add to dashboard Cite

Abstract.A malware (such as viruses, ransomware) is the main source of bringing serious security threats to the IT systems and their users now-adays. In order to protect the systems and their legitimate users from these threats, anti-malware applications are developed as a defense against malware. However, most of these applications detect malware based on signatures or heuristics that are still created manually and are error prune. Some recent applications employ data mining and machine learning techniques to detect malware automatically. However, such applications fail to classify them appropriately mainly because they suffer from high rate of false alarms on the one hand and being retrospective, fail to detect new unknown threats and variants of known malware on the other hand. Since anti-malware vendors receive a huge number of malware samples every day, there is an urgent need for malware analysis tools that can automatically detect malware rigorously, i.e. eliminating false alarms. To address these issues and challenges of current malware detection and analysis approaches, we propose a novel, open source and extensible platform (based on set of tools) that allows to combine various malware detection techniques to automatically detect/classify a malware more rigorously. The developed platform can be fed with malware samples from different providers and will enable the development of effective classification schemes and methods, which are not sufficiently effective without collaboration and the related sample aggregation. Furthermore, such collaborative platforms in cybersecurity enable efficient sharing of information (e.g., about new identified threats) to all collaborators and sharing of appropriate defences against them, if such defences exist.

show abstract

Section: Signature-based Detectionmentioning

confidence: 99%

Section: Data Analysis-based Detectionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

An Open Source, Extensible Malware Analysis Platform

Michalopoulos¹,

Ieronymakis²,

Khan³

et al. 2018

MATEC Web Conf.

View full text Add to dashboard Cite

show abstract

“…Due to Internet propagation malware has been rapidly spreading and infecting computers around the world at an unprecedented rate [1] and malware detection became one of the top internet security topics [2,11,3]. Security software developers reported that the release rate of malicious code and other unwanted programs may be exceeding that of legitimate software applications [11].…”

Section: Introductionmentioning

confidence: 99%

“…Web services enable the identification of malware with a huge partners data about viruses collected, e.g. virustotal.com 1 . But even a huge malware database does not guarantee detection of new ones.…”

Section: Introductionmentioning

confidence: 99%

Graph-based malware distributors detection

Venzhega

Zhinalieva

Suboch

2013

Proceedings of the 22nd International Conference on World Wide Web

View full text Add to dashboard Cite

Search engines are currently facing a problem of websites that distribute malware. In this paper we present a novel efficient algorithm that learns to detect such kind of spam. We have used a bipartite graph with two types of nodes, each representing a layer in the graph: web-sites and file hostings (FH), connected with edges representing the fact that a file can be downloaded from the hosting via a link on the web-site. The performance of this spam detection method was verified using two set of ground truth labels: manual assessments of antivirus analysts and automatically generated assessments obtained from antivirus companies. We demonstrate that the proposed method is able to detect new types of malware even before the best known antivirus solutions are able to detect them.

show abstract

An ensemble framework for interpretable malicious code detection

Cheng

Zheng

2020

Int J of Intelligent Sys

View full text Add to dashboard Cite

Malicious code is an ever‐growing security threats to computer systems and networks, while malware detection provides effective defense against malicious codes. In this paper, a brief overview is presented on currently prevalent methods to detect malicious codes, including signature‐based methods, behavioral‐based detection and machine learning (ML) based ones. More specifically, the potentially effective malicious features are summarized and the novel methods using ML are deeply discussed. Furthermore, an ensemble interpretable framework is explored for automatic and efficient malicious code detection. Based on the knowledge graph of malware, the novel framework inclines to achieve robust malware detection even confronted with unseen malicious codes. Finally, both advantages and disadvantages are discussed and experimental results are outlined to verify the effectiveness of the novel methods.

show abstract

Combining file content and file relations for cloud based malware detection

Cited by 74 publications

References 25 publications

An Open Source, Extensible Malware Analysis Platform

An Open Source, Extensible Malware Analysis Platform

Graph-based malware distributors detection

An ensemble framework for interpretable malicious code detection

Contact Info

Product

Resources

About