End-to-End Deep Neural Networks and Transfer Learning for Automatic Analysis of Nation-State Malware

Rosenberg, Ishai; Sicard, Guillaume; David, Eli

doi:10.3390/e20050390

Cited by 18 publications

(25 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This rise in cyber-attacks is due to both the free accessibility of malware varieties on the internet and integrated options available in open source operating systems like back track, Linux, Kali, Parrot, etc. Due to the extreme complicated nature of latest generation malware, conventional security system strategies seem unable to avoid advanced cyber-attacks [7]. Machine learning provides great potential to assist throughout the identification of intervention by stealth malware.…”

Section: Introductionmentioning

confidence: 99%

Evaluating the Impact of Malware Analysis Techniques for Securing Web Applications through a Decision-Making Framework under Fuzzy Environment

Kumar¹,

Alenezi²,

Ansari³

et al. 2020

IJIES

View full text Add to dashboard Cite

Nowadays, most of the cyber-attacks are initiated by extremely malicious programs known as Malware. Malwares are very vigorous and can penetrate the security of information and communication systems. While there are different techniques available for malware analysis, it becomes challenging to select the most effective approach. In this context, the decision-making process may be an efficient means of empirically assessing the impact of different methods for securing the web applications. In this research study, we have used a methodology that includes the integration of Fuzzy AHP and Fuzzy TOPSIS technique for evaluating the impact of different malware analysis techniques in web application perspective. This study uses different versions of a university’s web application for evaluating the impact of several existing malware analysis techniques. The findings of the study show that the Reverse Engineering approach is the most efficient technique for analyzing complex malware. The outcome of this study would definitely aid the future researchers and developers in selecting the appropriate techniques for scanning the web application code and enhancing the security.

show abstract

Section: Introductionmentioning

confidence: 99%

Evaluating the Impact of Malware Analysis Techniques for Securing Web Applications through a Decision-Making Framework under Fuzzy Environment

Kumar¹,

Alenezi²,

Ansari³

et al. 2020

IJIES

View full text Add to dashboard Cite

show abstract

“…In Section 3. Deep/Artificial Neural Networks (DNN/ANN) [103], [104], [78], [7], [8] Tree Bagging (TB)…”

Section: Malware Binary Authorship Attributionmentioning

confidence: 99%

“…Continuing this assumption, Meng and Miller [78] explore the use of Deep Neural Networks directly on the binaries' raw bytes without any analysis or feature extraction process. Rosenberg et al [103,104] also consider the use of Artificial Neural Networks for classifying binaries to authors. Alrabaee et al [7,8] use convolutional neural networks to cluster author style and then use a classifier to determine if a piece of malware belongs to an author cluster.…”

Section: Data Modeling Techniquesmentioning

confidence: 99%

Identifying Authorship Style in Malicious Binaries: Techniques, Challenges & Datasets

Gray,

Sgandurra,

Cavallaro

2021

Preprint

View full text Add to dashboard Cite

Attributing a piece of malware to its creator typically requires threat intelligence. Binary attribution increases the level of difficulty as it mostly relies upon the ability to disassemble binaries to identify authorship style. Our survey explores malicious author style and the adversarial techniques used by them to remain anonymous. We examine the adversarial impact on the state-of-the-art methods. We identify key findings and explore the open research challenges. To mitigate the lack of ground truth datasets in this domain, we publish alongside this survey the largest and most diverse metainformation dataset of 15,660 malware labeled to 164 threat actor groups.

show abstract

“…Understanding the malicious behaviors of different APT families can enhance understanding and resisting APT attacks [2]. To identify families of APT malware samples, the current work analyzes typical malicious malware behaviors of different APT families to distinguish them [2,14]. However, the number of publicly available malware samples from each APT family is small, making it difficult to train a robust classification model through such a small number of samples [15].…”

Section: Introductionmentioning

confidence: 99%

Toward Identifying APT Malware through API System Calls

Wei

Guo

et al. 2021

Security and Communication Networks

View full text Add to dashboard Cite

Self-developed malware was usually used by advanced persistent threat (APT) attackers to launch APT attacks. Therefore, we can enhance the understanding and cognition of APT attacks by comprehending the behavior of APT malware. Unfortunately, the current research cannot effectively explain the relationship between the recognition, detection, and defense of APT. The model of similar studies also lacks an explanation about it. To defend against APT attacks and inquire about the similarity of different APT attacks, this study proposes an APT malware classification method based on a combination of multiple deep learning algorithms and transfer learning by collecting malware used in several famous APT groups in public. By extracting the application programming interface (API) system calls, with the vector representation of features by combining dynamic LSTM and attention algorithm, we can obtain API at different APT families classification contributions trained dynamic. Thus, we used transfer learning to perform multiple classifications of the APT family. This study aims to reduce the burden of network security staff from reviewing a large number of suspicious files when defending against APT attacks. Additionally, it can effectively intercept them in the initial invasion stage of APT to perform targeted defense against specific APT attacks by combining threat intelligence in public. The experimental result shows that the proposed method can achieve 99.2% in distinguishing common malware from APT malware and assign APT malware to different APT families with an accuracy of 95.5%.

show abstract

End-to-End Deep Neural Networks and Transfer Learning for Automatic Analysis of Nation-State Malware

Cited by 18 publications

References 19 publications

Evaluating the Impact of Malware Analysis Techniques for Securing Web Applications through a Decision-Making Framework under Fuzzy Environment

Evaluating the Impact of Malware Analysis Techniques for Securing Web Applications through a Decision-Making Framework under Fuzzy Environment

Identifying Authorship Style in Malicious Binaries: Techniques, Challenges & Datasets

Toward Identifying APT Malware through API System Calls

Contact Info

Product

Resources

About