Detecting smart, self-propagating Internet worms

Li, Jun; Stafford, Shad

doi:10.1109/cns.2014.6997486

Cited by 11 publications

(6 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Another category is worms, which are independent malicious code that can replicate themselves and propagate through storage devices, emails, and network resources. This proliferation consumes system resources and can degrade performance, making them detectable by antivirus scanners due to their multiple copies [5].…”

Section: Different Kinds Of Malwaresmentioning

confidence: 99%

Investigating the Impact of Training and Testing Ratios on the Performance of an AI-Based Malware Detector using MATLAB

Romero,

Mital,

Rostata

et al. 2024

E3S Web Conf.

View full text Add to dashboard Cite

This research investigates the impact of the training and testing ratios on the performance of an AI-Based Malware Detector using MATLAB. The experiments through MATLAB have shown that higher training percentage means that a larger portion of dataset for training the model have been used while a lower training percentage shows that a large portion of the dataset reserved for testing the model’s performance. The exploration of the influence of training and testing ratios also have been able to determine the performance of an AI-Based Malware Detector. The results give to determining the relationship between training and testing ratios and the effectiveness of the malware detection system.

show abstract

Section: Different Kinds Of Malwaresmentioning

confidence: 99%

Investigating the Impact of Training and Testing Ratios on the Performance of an AI-Based Malware Detector using MATLAB

Romero,

Mital,

Rostata

et al. 2024

E3S Web Conf.

View full text Add to dashboard Cite

show abstract

“…It duplicates and targets specific software files without infecting them. Worms can harm computers by consuming their resources (Li & Stafford, 2014;Singh & Singh, 2021).…”

Section: Wormmentioning

confidence: 99%

A review of detecting malware in android devices based on machine learning techniques

Sharma,

Kaul

2023

Expert Systems

View full text Add to dashboard Cite

Malware developers install malware on mobile users' devices and steal their personal information without their knowledge. According to recent studies, it has been observed that malware developers are now targeting Android mobile devices. Researchers have examined the issues of detecting malware in these devices and proposed different methods and techniques. This study's main goal is to aid researchers in gaining a basic understanding of Android malware and its numerous detection methods. Earlier experiments that used machine learning to detect Android malware will be carefully reviewed in this paper. This in‐depth review article thoroughly examines the origins, evolution, and sustainability of Android malware detection. It offers an in‐depth literature review that includes the most recent approaches and research trends for detecting malware, from static analysis to dynamic analysis, machine learning, and deep learning. Additionally, we review current approaches' shortcomings and difficulties and suggest possible paths for further investigation. The paper aims to stimulate further innovation in this essential field by providing researchers and practitioners with a comprehensive overview of the current status of Android malware detection.

show abstract

“…Internet worms have been studied in the past as early examples of SPM [53]. Detection mechanisms based on payload signatures [49], [29], [36], and fine-grained host-level network monitoring [21], [56], [33] have been proposed. Our system is designed independently of specific malware, and is more scalable compared to hostlevel monitoring.…”

Section: Related Workmentioning

confidence: 99%

PORTFILER: Port-Level Network Profiling for Self-Propagating Malware Detection

Ongun¹,

Spohngellert²,

Miller³

et al. 2021

Preprint

View full text Add to dashboard Cite

Recent self-propagating malware (SPM) campaigns compromised hundred of thousands of victim machines on the Internet. It is challenging to detect these attacks in their early stages, as adversaries utilize common network services, use novel techniques, and can evade existing detection mechanisms. We propose PORTFILER (PORT-Level Network Traffic ProFILER), a new machine learning system applied to network traffic for detecting SPM attacks. PORTFILER extracts port-level features from the Zeek connection logs collected at a border of a monitored network, applies anomaly detection techniques to identify suspicious events, and ranks the alerts across ports for investigation by the Security Operations Center (SOC). We propose a novel ensemble methodology for aggregating individual models in PORTFILER that increases resilience against several evasion strategies compared to standard ML baselines. We extensively evaluate PORTFILER on traffic collected from two university networks, and show that it can detect SPM attacks with different patterns, such as WannaCry and Mirai, and performs well under evasion. Ranking across ports achieves precision over 0.94 and false positive rates below 8 × 10 −4 in the top 100 highly ranked alerts. When deployed on the university networks, PORTFILER detected anomalous SPM-like activity on one of the campus networks, confirmed by the university SOC as malicious. PORTFILER also detected a Mirai attack recreated on the two university networks with higher precision and recall than deeplearning based autoencoder methods.

show abstract

Detecting smart, self-propagating Internet worms

Cited by 11 publications

References 8 publications

Investigating the Impact of Training and Testing Ratios on the Performance of an AI-Based Malware Detector using MATLAB

Investigating the Impact of Training and Testing Ratios on the Performance of an AI-Based Malware Detector using MATLAB

A review of detecting malware in android devices based on machine learning techniques

PORTFILER: Port-Level Network Profiling for Self-Propagating Malware Detection

Contact Info

Product

Resources

About