Integrated Malware analysis using machine learning

Jain, Aruna; Singh, Akash

doi:10.1109/tel-net.2017.8343554

Cited by 16 publications

(9 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Jain and Singh 4 proposed a hybrid approach by extracting features from the static and dynamic analysis techniques. In this both SVM and NB algorithms were used to identify malicious websites.…”

Section: Literature Surveymentioning

confidence: 99%

Phishing uniform resource locator detection using machine learning: A step towards secure system

Mahajan

2023

Security and Privacy

View full text Add to dashboard Cite

The advancement in technology has led to increase in cyber‐attacks. Hackers have become more skilled at finding the loopholes in the system and can penetrate easily on to host network. The rate of cybercrimes is increasing exponentially with the growth of digital era. Phishing is considered as one of the top cybercrimes that has impacted the society at large. As per Kaspersky reports 2021, around 22% attacks were phishing attacks. This paper explores methods for detecting phishing uniform resource locator (URLs) by analyzing various features using Machine Learning techniques. Various data mining algorithms are used to learn data patterns that can identify and differentiate between benign and phishing websites using phishing website data set. The best results are shown by an XGBoost Model that provides more than 90% accuracy on the balanced class dataset.

show abstract

Section: Literature Surveymentioning

confidence: 99%

Phishing uniform resource locator detection using machine learning: A step towards secure system

Mahajan

2023

Security and Privacy

View full text Add to dashboard Cite

show abstract

“…Other works relied on NORIBEN sandboxing, like in [ 8 ], where the authors proposed a solution to increase the speed and improve capacity of malware classification by extracting integrated features organized in an Excel format, then converted to CSV format, via static and dynamic analysis using antianalysis techniques through the static stage to extract feature vectors from models: Anti-VM, Anti-Debugging, Suspicious URL Analysis, Packet Analysis, and String extraction. Next is the dynamic phase in which APIs and function calls are extracted from a CSV file that is compatible with Weka using the NORIBEN sandboxing tool.…”

Section: Related Workmentioning

confidence: 99%

“…Others used only static features to detect malware and we believe relying only on the static features will not enable the trained model to capture the dynamic behavior of the malware, especially when considering the design and nature of Zero-Day malware, like [ 12 , 13 , 25 ]. Moreover, some studies evaluated many ML models with both static and dynamic features but showed low accuracy, such as [ 8 , 16 , 20 , 24 ]. Therefore, as a motive, we propose evaluating several ML models for malware detection considering enough samples for both training and testing phases, involving both static and dynamic features, providing a sort of taxonomy on the studies and dataset used for tackling malware detection using ML techniques.…”

Section: Proposed Modelmentioning

confidence: 99%

“…Sandboxing is a virtual cage, as it does not allow malicious programs to impact or infect the host operating system or sensitive information [ 6 , 7 ]. There are different sandboxing environments for analysis such as NORIBEN [ 8 ], Sandboxie [ 9 ], and Cuckoo sandbox (CS) [ 10 ]. Choosing an environment is important as it must be effective and compatible with the proposed model.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

ZeVigilante: Detecting Zero-Day Malware Using Machine Learning and Sandboxing Analysis Techniques

Alhaidari

Rahman

2022

Computational Intelligence and Neuroscience

View full text Add to dashboard Cite

For the enormous growth and the hysterical impact of undocumented malicious software, otherwise known as Zero-Day malware, specialized practices were joined to implement systems capable of detecting these kinds of software to avert possible disastrous consequences. Owing to the nature of developed Zero-Day malware, distinct evasion tactics are used to remain stealth. Hence, there is a need for advance investigations of the methods that can identify such kind of malware. Machine learning (ML) is among the promising techniques for such type of predictions, while the sandbox provides a safe environment for such experiments. After thorough literature review, carefully chosen ML techniques are proposed for the malware detection, under Cuckoo sandboxing (CS) environment. The proposed system is coined as Zero-Day Vigilante (ZeVigilante) to detect the malware considering both static and dynamic analyses. We used adequate datasets for both analyses incorporating sufficient samples in contrast to other studies. Consequently, the processed datasets are used to train and test several ML classiﬁers including Random Forest (RF), Neural Networks (NN), Decision Tree (DT), k-Nearest Neighbor (kNN), Naïve Bayes (NB), and Support Vector Machine (SVM). It is observed that RF achieved the best accuracy for both static and dynamic analyses, 98.21% and 98.92%, respectively.

show abstract

“…Akash Kumar et al 16 came with integrated malware analysis of zero‐day malware using machine learning techniques. They focused on four areas for zero‐day malware—anti‐VM, anti‐debugging, obfuscation, and packing.…”

Section: Related Workmentioning

confidence: 99%

Automated Windows behavioral tracing for malware analysis

Rana

Kumar

Handa

et al. 2022

Security and Privacy

View full text Add to dashboard Cite

In malware analysis, there are two problem scenarios—detection and prevention. In prevention, analysts try to quarantine the file before it gets executed in a real system. The file is further analyzed in a sandbox to observe the behavior. Hence, our work shows that our agent captures events for malware analysis. After integration with the sandbox, it produces robust and efficient models. ETW is a Windows in‐build tool with kernel‐level access. We develop an agent using ETW in C++ with proper usage details. We collect data using cuckoo sandbox and ETW agent for 11 546 samples and perform comparative frequency analysis. The performance of various machine learning classifiers is examined on the behavioral data. Random Forest classifier performs the best on the combined (cuckoo+ETW) data with an accuracy of 99.68% and FPR of 0.45%. The improved performance of combined data over cuckoo data on packed and un‐seen malware is also significantly good. In the detection, if malware somehow escapes from the deployed prevention mechanism and gets executed, the analyst tries to detect malicious actions and respond before it is too late. Our agent can tackle such issues and can function as a standalone host‐based monitoring agent to extract kernel‐level information.

show abstract

Integrated Malware analysis using machine learning

Cited by 16 publications

References 8 publications

Phishing uniform resource locator detection using machine learning: A step towards secure system

Phishing uniform resource locator detection using machine learning: A step towards secure system

ZeVigilante: Detecting Zero-Day Malware Using Machine Learning and Sandboxing Analysis Techniques

Automated Windows behavioral tracing for malware analysis

Contact Info

Product

Resources

About