Detection of Obfuscation in Java Malware

Kumar, Renuka; Vaishakh, Anand Raj Essar

doi:10.1016/j.procs.2016.02.097

Cited by 13 publications

(7 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…JMD [49] combines symbolic execution and instrumentation techniques with dynamic analysis to improve malware detection. Kumar et al [50] design a lexical analysis-based approach to identify code obfuscation. Recently, researchers have proposed to perform Java malware program detection by using static and dynamic analysis [11,51].…”

Section: Java Malware Detection Methodsmentioning

confidence: 99%

BejaGNN: behavior-based Java malware detection via graph neural network

Feng

Yang

et al. 2023

J Supercomput

View full text Add to dashboard Cite

As a popular platform-independent language, Java is widely used in enterprise applications. In the past few years, language vulnerabilities exploited by Java malware have become increasingly prevalent, which cause threats for multi-platform. Security researchers continuously propose various approaches for fighting against Java malware programs. The low code path coverage and poor execution efficiency of dynamic analysis limit the large-scale application of dynamic Java malware detection methods. Therefore, researchers turn to extracting abundant static features to implement efficient malware detection. In this paper, we explore the direction of capturing malware semantic information by using graph learning algorithms and present BejaGNN (Behavior-based Java malware detection via Graph Neural Network), a novel behavior-based Java malware detection method using static analysis, word embedding technique, and graph neural network. Specifically, BejaGNN leverages static analysis techniques to extract ICFGs (Inter-procedural Control Flow Graph) from Java program files and then prunes these ICFGs to remove noisy instructions. Then, word embedding techniques are adopted to learn semantic representations for Java bytecode instructions. Finally, BejaGNN builds a graph neural network classifier to determine the maliciousness of Java programs. Experimental results on a public Java bytecode benchmark demonstrate that BejaGNN achieves high F 1 98.8% and is superior to existing Java malware detection approaches, which verifies the promise of graph neural network in Java malware detection.

show abstract

Section: Java Malware Detection Methodsmentioning

confidence: 99%

BejaGNN: behavior-based Java malware detection via graph neural network

Feng

Yang

et al. 2023

J Supercomput

View full text Add to dashboard Cite

show abstract

“…Other information will be removed from the byte code such as comments and identifiers. Programmers use this technique alone without merging it with any other technique that does not guarantee protection [2].…”

Section: Lexical Obfuscationmentioning

confidence: 99%

Hybrid Obfuscation of Encryption

Al-Hakimi¹,

Sultan²

2023

Coding Theory Essentials

View full text Add to dashboard Cite

Obfuscation is an encryption method. It allows the programmer to reform the code for protection. Obfuscation has promising chance to change the way of coding, where the programmer has the ability to program with any language, not necessarily English. Obfuscation, Unicode, and mathematical equations have the possibility to change strings and identifiers and to hide secret algorithms and business rules. Special dictionary is used for the string obfuscation to hide the logic of the program. The hybrid obfuscation technique will be implemented into a tool that automatically converts the code. It can be can be used for games and mobile applications for protection. With obfuscation, the application still has the ability to perform sufficiently and provide the desired output without any delays in performing timing. After obfuscating the source file, reverser still has the ability to break the object file but will not be able to read or understand and when obfuscation technique is complicated, reversing leads to error where original code disappears. In this chapter, hybrid obfuscation will be presented with examples, and obfuscation table is presented as well for future use.

show abstract

“…JMD [40] combines symbolic execution and instrumentation techniques with dynamic analysis to improve malware detection. Kumar et al [11] design a lexical analysis-based approach to identify code obfuscation. Recently, researchers have proposed to perform Java malware program detection by using static and dynamic analysis [13,41].…”

Section: Related Workmentioning

confidence: 99%

“…Traditional static analysis methods mainly extract syntax features such as strings or imports to identify malware samples. While syntax features achieve successful malware detection, these static approaches can be effectively evaded by obfuscation techniques [11,12]. Owning the ability of resisting code obfuscation via sandbox environment execution, dynamic analysis techniques can be easily evaded by environment-aware and event-trigger malware [13].…”

Section: Introductionmentioning

confidence: 99%

BejaGNN: Behavior-based Java Malware Detection via Graph Neural Network

Feng

Yang

et al. 2022

Preprint

View full text Add to dashboard Cite

As a popular platform-independent language, Java is widely used in enterprise applications. In the past few years, language vulnerabilities exploited by Java malware have become increasingly prevalent, which cause threats for multi-platform. Security researchers continuously propose various approaches for fighting against Java malware programs. However, the presence of complex hidden techniques, such as code obfuscation, makes identifying complicated Java malware become challenging. Therefore, there is an urgent need to develop new approaches for resisting hidden techniques. In this paper, we present BejaGNN, a novel behavior-based Java malware detection method using static analysis, word embedding technique, and graph neural network. Specifically, BejaGNN leverages static analysis techniques to extract ICFGs from Java program files and then prunes these ICFGs to remove noisy instructions. Then, work embedding techniques are adopted to learn semantic representations for Java bytecode instructions. Finally, BejaGNN builds a graph neural network classifier to determine the maliciousness of Java programs. Experimental results on a public Java bytecode benchmark demonstrate that BejaGNN achieves high F1 98.8% and is superior to existing Java malware detection approaches, which verifies the promise of graph neural network in Java malware detection.

show abstract

Detection of Obfuscation in Java Malware

Cited by 13 publications

References 10 publications

BejaGNN: behavior-based Java malware detection via graph neural network

BejaGNN: behavior-based Java malware detection via graph neural network

Hybrid Obfuscation of Encryption

BejaGNN: Behavior-based Java Malware Detection via Graph Neural Network

Contact Info

Product

Resources

About