Hunting for metamorphic JavaScript malware

Musale, Mangesgh; Austin, Thomas H.; Stamp, Mark

doi:10.1007/s11416-014-0225-8

Cited by 23 publications

(43 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The result is not very promising for MWOR with high padding ratio although area under the curve (AUC) is quite well for lower padding ratio. In [19] authors illustrate that OGS is a reliable method for Javascript metamorphic mal ware detection. It has better accuracy than HMM and other well-known methods for metamorphic malware detection.…”

Section: Resultsmentioning

confidence: 99%

See 1 more Smart Citation

Metamorphic malware detection using Linear Discriminant Analysis and Graph Similarity

Mirzazadeh

Moattar

Jahan

2015

2015 5th International Conference on Computer and Knowledge Engineering (ICCKE)

View full text Add to dashboard Cite

The most common malware detection approaches which are based on signature matching and are not sufficient for metamorphic malware detection, since virus kits and metamorphic engines can produce variants with no resemblance to one another. Metamorphism provides an efficient way for eluding malware detection software kits.Code obfuscation methods like dead-code insertion are also widely used in metamorphic malware. In order to address the problem of detecting mutated generations, we propose a method based on Opcode Graph Similarity (OGS). OGS tries to detect metamorphic malware using the similarity of opcode graphs. In this method, all nodes and edges have a respective effect on classification, but in the proposed method, edges of graphs are pruned using Linear Discriminant Analysis (LDA). LDA is based on the concept of searching for a linear combination of predictors that best separates two or more classes. Most distinctive edges are identified with LDA and the rest of edges are removed. The metamorphic malware families considered here are NGVCK and metamorphic worms that we denote these worms as MWOR. The results show that our approach is capable of classifying metamorphosed instances with no or minimum false alarms. Also, our proposed method can detect NGVCK and MWOR with high accuracy rate.

show abstract

Section: Resultsmentioning

confidence: 99%

“…Future work could include detailed examination on the parameters of the proposed approach. In addition, with regard to [19], it is possible that Improved OGS would have better accuracy for Javascript malware detection. Therefore, using our method for Javascript mal ware detection could leads to interesting result.…”

Section: Resultsmentioning

confidence: 99%

Metamorphic malware detection using Linear Discriminant Analysis and Graph Similarity

Mirzazadeh

Moattar

Jahan

2015

2015 5th International Conference on Computer and Knowledge Engineering (ICCKE)

View full text Add to dashboard Cite

show abstract

“…This technique is quite often used and 76 of Trojans analysed have indicated utilisation of this technique (see Appendix II). While this technique could be circumvented by removing ineffective instructions prior to analysis, detecting those instructions is quite time consuming [26], [74]- [78].…”

Section: Anti-forensics Techniquesmentioning

confidence: 99%

A cyber kill chain based taxonomy of banking Trojans for evolutionary computational intelligence

Kiwia

Dehghantanha

Choo

et al. 2018

Journal of Computational Science

View full text Add to dashboard Cite

Malware such as banking Trojans are popular with financially-motivated cybercriminals. Detection of banking Trojans remains a challenging task, due to the constant evolution of techniques used to obfuscate and circumvent existing detection and security solutions. Having a malware taxonomy can facilitate the design of mitigation strategies such as those based on evolutionary computational intelligence. Specifically, in this paper, we propose a cyber kill chain based taxonomy of banking Trojans features. This threat intelligence based taxonomy providing a stage-by-stage operational understanding of a cyber-attack, can be highly beneficial to security practitioners and the design of evolutionary computational intelligence on Trojans detection and mitigation strategy. The proposed taxonomy is validated by using a real-world dataset of 127 banking Trojans

show abstract

“…One of such technique is Hidden Markov Model (HMM), which is one of the most popular machine learning techniques used in the field of malware detection [26]. In this technique, a Hidden Markov Model is trained against known malware opcode sequence [17]. Once the training phase is over, the trained model is used to score incoming files.…”

Section: Hidden Markov Model Based Detectionmentioning

confidence: 99%

Support Vector Machines and Metamorphic Malware Detection

Singh

View full text Add to dashboard Cite

Hunting for metamorphic JavaScript malware

Cited by 23 publications

References 21 publications

Metamorphic malware detection using Linear Discriminant Analysis and Graph Similarity

Metamorphic malware detection using Linear Discriminant Analysis and Graph Similarity

A cyber kill chain based taxonomy of banking Trojans for evolutionary computational intelligence

Support Vector Machines and Metamorphic Malware Detection

Contact Info

Product

Resources

About