Next-generation antivirus endowed with web-server Sandbox applied to audit fileless attack

Lima, Sidney Marlon Lopes de; Silva, Sthéfano H. M. T.; Pinheiro, Ricardo Paranhos; Souza, Danilo; Lopes, Petronio; Lima, Rafael; Oliveira, Jemerson; Monteiro, Thyago; Fernandes, Stênio; Albuquerque, Edison de Queiroz; Silva, Washington W A da; Santos, Wellington Pinheiro dos

doi:10.1007/s00500-022-07447-4

Cited by 6 publications

(4 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The morphological authorial kernels have contributed to the advancement of Information Security [26][28] [42]. Authorial kernels combine high accuracies, reduced training times and the self-adapt to any map features.…”

Section: Morphological Extreme Learning Machinesmentioning

confidence: 99%

“…In dynamic analysis, sandboxes are excellent in order to audit suspicious files 6 . The actions investigated by the sandbox refer to changes in the operating system registry, files built, removed and transferred by the malware while running, traces of calls made by all processes generated by the malware file, memory dumps of the malware processes and network traffic tracking [26]. By default, sandbox audits operating system contained in virtual machine (controlled environment).…”

Section: Authorial Iot Next-generation Sandboxmentioning

confidence: 99%

See 1 more Smart Citation

Antivirus Solution to IoT Malware Detection with Authorial Next-Generation Sandbox

Silva

Lima

Pinheiro

et al. 2023

Preprint

View full text Add to dashboard Cite

Background: Nowadays, the Internet of Things (IoT) significantly impacts people’s lives, reaching hundreds of billions of devices connected to the world wide web. Given the popularity of smart devices, the amount of cyber-attacks targeting technology has grown in the last few years. Malware is currently the main cyber-villain in IoT situations due to the ongoing emergence of new malware targeted at IoT, such as the botnet, the use of sophisticated obfuscation and evasion tactics, and frequently the availability of enormous resources for its development. Objective: The present work creates an Antivirus for Dynamic Malware Analysis based on Artificial Neural Networks, equipped with authorial emulated IoT Sandbox. Our antivirus is specialized in malware detection from 32-bit IoT architectures of the Advanced RISC Machine (ARM) type. Methods: In the proposed methodology, the suspected ELF file for 32-bit ARM architecture is executed with the objective of intentionally infecting the audited GNU/Linux. In opposition to analysis of individual events, our engine employs authorial Next-Generation Sandbox. In all, our antivirus monitors and statistically weighs 2,793 actions that the suspicious ELF file can perform when executed. Results: Our antivirus reaches an average accuracy of 98.75% when distinguishing benign ARM ELF files from malware. Our antivirus architectures are probed under different learning functions and starting conditions to maximize their accuracy. Conclusions: The lack or limited detection of malicious software by commercial antivirus programs can be provided by Smart Antivirus. Instead of models based on blocklists, signatures or heuristics, our antivirus allows the detection of ARM ELF malware in a preventive and non-reactive way. Our antivirus overcomes limitations of Clamav and other traditional antiviruses.

show abstract

Section: Morphological Extreme Learning Machinesmentioning

confidence: 99%

Section: Authorial Iot Next-generation Sandboxmentioning

confidence: 99%

Antivirus Solution to IoT Malware Detection with Authorial Next-Generation Sandbox

Silva

Lima

Pinheiro

et al. 2023

Preprint

View full text Add to dashboard Cite

show abstract

“…( 6) defines the Dilation kernel inspired by morphological operator of Dilation. The inspiration and adaptation of the image processing technique can be seen in previous authorial works [18][20] [27].…”

Section: Classifiersmentioning

confidence: 99%

“…Morphological ELMs had positive results in many other cybersurveillance scenarios and could be applied to a broad array of electronic devices. It combines high accuracies, reduced training times and is able to self-adapt given any feature maps [18][20] [27].…”

Section: Classifiersmentioning

confidence: 99%

Artificial-intelligence-based antivirus specialized in Citadel malware pattern recognition

Santos

Lima

2022

Preprint

View full text Add to dashboard Cite

Background and Objective: The constant growth of invasions and information theft by using infected software has always been a problem. According to McAfee labs in 2020, on average, 480 new viruses are created each hour. The means of identifying such threats, categorizing and creating vaccines may not be that fast. Thanks to the increasing processing power and the popularity of artificial intelligence, it is now possible to integrate intelligence on an antivirus engine to enhance its protecting capabilities. And doing so with good algorithms and parameterization can be a key asset in securing one’s environment. In this work we analyze the overall performance of our authorial antivirus and compare it with other state-of-art antiviruses. The means of identifying such threats, categorizing and creating vaccines may not be that fast. Thanks to the increasing processing power of computers and the popularity of artificial intelligence, it is now possible to integrate intelligence on an antivirus engine to enhance its protecting capabilities. And doing so with good algorithms and parameterization can be a key asset in securing one’s environment. In this work we are analyzing the overall performance of our authorial antivirus and comparing it with other state-of-art antiviruses. Methods: In this work we are using mELM, a deep neural network which can perform quick training sections and have a satisfactory accuracy when classifying unknown files that may or may not be infected with Citadel. Our virus database is built with many examples of well-known infected files and our results are compared with 7 other intelligent antiviruses created by other authors. Results: Our antivirus achieves an overall performance of 91.33% when classifying benign and malware PE (portable executable) programs. Different initial conditions, learning functions and architectures of our antivirus are investigated in order to maximize their accuracy. Conclusions: In this work we have found that mELMs implementations are feasible and its performance can match state-of-art implementations. Its training and classification time is among the smallest found and the accuracy when detecting citadel-infected PEs is acceptable.

show abstract

Antivirus solution to IoT malware detection with authorial next-generation sandbox

Tavares-Silva,

Lopes-Lima,

Paranhos-Pinheiro

et al. 2024

J Supercomput

View full text Add to dashboard Cite

Next-generation antivirus endowed with web-server Sandbox applied to audit fileless attack

Cited by 6 publications

References 18 publications

Antivirus Solution to IoT Malware Detection with Authorial Next-Generation Sandbox

Antivirus Solution to IoT Malware Detection with Authorial Next-Generation Sandbox

Artificial-intelligence-based antivirus specialized in Citadel malware pattern recognition

Antivirus solution to IoT malware detection with authorial next-generation sandbox

Contact Info

Product

Resources

About