Metamorphic malicious code behavior detection using probabilistic inference methods

Choi, Chang; Esposito, Christian; Lee, Mungyu; Choi, Jun‐Ho

doi:10.1016/j.cogsys.2019.03.007

Cited by 22 publications

(13 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Heuristic-based detection approach can use both static and dynamic features such as API calls, Opcode, CFG, n-gram, list of DLLs, and hybrid features. It can detect some previously unknown malware, but it is vulnerable to metamorphic techniques, and numerous rules and training phases [107] make this detection approach complicated (Table 7). Decreasing the number of rules, and building a more efficient learning phase can improve the method performance.…”

Section: Evaluation On Malware Detection Approachesmentioning

confidence: 99%

A Comprehensive Review on Malware Detection Approaches

2020

View full text Add to dashboard Cite

According to the recent studies, malicious software (malware) is increasing at an alarming rate, and some malware can hide in the system by using different obfuscation techniques. In order to protect computer systems and the Internet from the malware, the malware needs to be detected before it affects a large number of systems. Recently, there have been made several studies on malware detection approaches. However, the detection of malware still remains problematic. Signature-based and heuristic-based detection approaches are fast and efficient to detect known malware, but especially signature-based detection approach has failed to detect unknown malware. On the other hand, behavior-based, model checking-based, and cloud-based approaches perform well for unknown and complicated malware; and deep learning-based, mobile devices-based, and IoT-based approaches also emerge to detect some portion of known and unknown malware. However, no approach can detect all malware in the wild. This shows that to build an effective method to detect malware is a very challenging task, and there is a huge gap for new studies and methods. This paper presents a detailed review on malware detection approaches and recent detection methods which use these approaches. Paper goal is to help researchers to have a general idea of the malware detection approaches, pros and cons of each detection approach, and methods that are used in these approaches.

show abstract

Section: Evaluation On Malware Detection Approachesmentioning

confidence: 99%

A Comprehensive Review on Malware Detection Approaches

2020

View full text Add to dashboard Cite

show abstract

“…Recent works on malware behaviors are represented in [19,[29][30][31]. Lightweight behavioral malware detection for windows platforms is explained in [29].…”

Section: Related Workmentioning

confidence: 99%

“…According to the authors, test results are promising especially TPR and FPR for practical malware detection. Choi et al proposed metamorphic malicious code behavior detection using probabilistic inference methods [30]. It used FP-growth and Markov logic networks algorithm to detect metamorphic malware.…”

Section: Papermentioning

confidence: 99%

Using a Subtractive Center Behavioral Model to Detect Malware

Aslan

Samet

Tanrıöver

2020

Security and Communication Networks

View full text Add to dashboard Cite

In recent years, malware has evolved by using different obfuscation techniques; due to this evolution, the detection of malware has become problematic. Signature-based and traditional behavior-based malware detectors cannot effectively detect this new generation of malware. This paper proposes a subtractive center behavior model (SCBM) to create a malware dataset that captures semantically related behaviors from sample programs. In the proposed model, system paths, where malware behaviors are performed, and malware behaviors themselves are taken into consideration. This way malicious behavior patterns are differentiated from benign behavior patterns. Features that could not exceed the specified score are removed from the dataset. The datasets created using the proposed model contain far fewer features than the datasets created by n-gram and other models that have been used in other studies. The proposed model can handle both known and unknown malware, and the obtained detection rate and accuracy of the proposed model are higher than those of the known models. To show the effectiveness of the proposed model, 2 datasets with score and without score are created by using SCBM. In total, 6700 malware samples and 3000 benign samples are tested. The results are compared with those derived from n-gram and models from other studies in the literature. The test results show that, by combining the proposed model with an appropriate machine learning algorithm, the detection rate, false positive rate, and accuracy are measured as 99.9%, 0.2%, and 99.8%, respectively.

show abstract

“…API call sequence can provide considerable information about the behavioral features of malware. Most of the researchers conducted their study by using API calls to analyze behaviorbased malware [9][10][11][12]. One benefit of having the ability to classify the type of malware from a malicious program's system call behavior is to more quickly attribute a source and better understand the effects of a piece of malware.…”

Section: Introductionmentioning

confidence: 99%

Convolutional Neural Network for Malware Classification Based on API Call Sequence

Schofield¹,

Alicioğlu²,

Binaco³

et al. 2021

Computer Science &Amp; Information Technology (CS &Amp; IT)

View full text Add to dashboard Cite

Malicious software is constantly being developed and improved, so detection and classification of malicious applications is an ever-evolving problem. Since traditional malware detection techniques fail to detect new or unknown malware, machine learning algorithms have been used to overcome this disadvantage. We present a Convolutional Neural Network (CNN) for malware type classification based on the Windows system API (Application Program Interface) calls. This research uses a database of 5385 instances of API call streams labeled with eight types of malware of the source malicious application. We use a 1-Dimensional CNN by mapping API call streams as categorical and term frequency-inverse document frequency (TF-IDF) vectors respectively. We achieved accuracy scores of 98.17% using TF-IDF vector and 95.40% via categorical vector. The proposed 1-D CNN outperformed other traditional classification techniques with overall accuracy score of 91.0%.

show abstract

Metamorphic malicious code behavior detection using probabilistic inference methods

Cited by 22 publications

References 20 publications

A Comprehensive Review on Malware Detection Approaches

A Comprehensive Review on Malware Detection Approaches

Using a Subtractive Center Behavioral Model to Detect Malware

Convolutional Neural Network for Malware Classification Based on API Call Sequence

Contact Info

Product

Resources

About