Machine-Learning-Based Malware Detection for Virtual Machine by Analyzing Opcode Sequence

Wang, Xiao; Zhang, Jianbiao; Ai, Zhang

doi:10.1007/978-3-030-00563-4_70

Cited by 3 publications

(2 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Another study [38] introduced a technique based on examining the opcodes of executable files obtained from VMs, particularly the VMs' RAM image, using VM introspection tools. After that, it classifies the files using classification models to determine which files are benign and which are malicious.…”

Section: Experimental Results and Evaluationmentioning

confidence: 99%

Integrated Protection Mechanisms for Mitigating Microarchitectural Attacks in Cloud Computing

Albalawi,

Aldossari

2024

IJCI

View full text Add to dashboard Cite

By utilising the multi-tenancy characteristic, cloud computing promises to reduce expenses through less spending on hardware, infrastructure, and software. Even with all of its advantages, multi-tenancy poses hazards for cloud computing. Without suitable cloud security solutions, security concerns might end up being the main factor delaying adoption. Additionally, multi-tenancy enabled by virtualisation, which is one of the key elements of a cloud, creates significant security vulnerabilities and does not provide adequate isolation between various instances running on the same physical system. The three strategies we suggest to secure shared virtualised systems against microarchitectural attacks are presented in this re- search as a comprehensive solution. This includes experiments for combining the three approaches and assessing them in potential operational contexts. The assessment techniques have used several host systems to assess the system overhead, CPU usage, and protection accuracy. The studies we have conducted on both Debian 10 and Ubuntu 18.04 LTS physical servers utilising the KVM hypervisor demonstrate that our comprehensive protection can identify attacks with about 97% accuracy, and depending on how many mechanisms were used in the various experimental scenario settings, the proportion of CPU consumption has varied significantly. The CPU usage rate in experiments with different scenarios has ranged from 27% to 68%, while the average system load over 5 minutes has ranged from 1.40 to 4.2. This shows our proposed mechanisms are subject to refinement and enhancement, especially in cases that require a high processing load. Note that if we had used servers with more computing power, the results would certainly have been better.

show abstract

Section: Experimental Results and Evaluationmentioning

confidence: 99%

Integrated Protection Mechanisms for Mitigating Microarchitectural Attacks in Cloud Computing

Albalawi,

Aldossari

2024

IJCI

View full text Add to dashboard Cite

show abstract

“…The model accuracy was 92.5%. These three techniques of reducing the feature space size can be combined into one method, as proposed in [34]; the authors combined three approaches by using a small data set of 10,000 Android applications, extracted features from the op code only, and applied an information gain method to obtain the top k features.…”

Section: Feature Selection Methods Of Android Static Featuresmentioning

confidence: 99%

A Lightweight Android Malware Classifier Using Novel Feature Selection Methods

2020

View full text Add to dashboard Cite

Smartphones and mobile tablets play significant roles in daily life and have led to an increase in the number of users of this technology. The rising number of mobile device end-users has resulted in the generation of malware by hackers. Thus, mobile devices are becoming vulnerable to malware. Machine learning plays an important role in the detection of mobile malware applications. In this study, we focus on static analysis for Android malware detection. The ultimate goal of this research is to find out the symmetric features across the malware Android application to easily detect them. Many state-of-the-art methods focus on extracting asymmetric patterns of the category of features, e.g., application permissions to distinguish the malware application from the benign application. In this work, we propose a compromise by considering different types of static features and select the most important features that affect the detection process. These features represent the symmetric pattern to be used for the classification task. Inspired by TF-IDF, we propose a novel method of feature selection. Moreover, we propose a new method for merging the Android application URLs into a single feature called the URL_score. Several linear machine learning classifiers are utilized to evaluate the proposed method. The proposed methods significantly reduce the feature space, i.e., the symmetric pattern, of the Android application dataset and the memory size of the final model. In addition, the proposed model achieves the highest reported accuracy for the Drebin dataset to date. Based on the evaluation results, the linear support vector machine achieves an accuracy of 99%.

show abstract

A Knowledge-Domain Analyser for Malware Classification

Samantray

Tripathy

2020

2020 International Conference on Computer Science, Engineering and Applications (ICCSEA)

View full text Add to dashboard Cite

Machine-Learning-Based Malware Detection for Virtual Machine by Analyzing Opcode Sequence

Cited by 3 publications

References 16 publications

Integrated Protection Mechanisms for Mitigating Microarchitectural Attacks in Cloud Computing

Integrated Protection Mechanisms for Mitigating Microarchitectural Attacks in Cloud Computing

A Lightweight Android Malware Classifier Using Novel Feature Selection Methods

A Knowledge-Domain Analyser for Malware Classification

Contact Info

Product

Resources

About