Polymorphic malware detection using topological feature extraction with data mining

Fraley, James B.; Figueroa, M.

doi:10.1109/secon.2016.7506685

Cited by 22 publications

(8 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The PloyTree algorithm consists of two components for classifying the variant of worms by updating the signature tree construction: a signature tree generator and a signature selector. Fraley et al [18] detected polymorphic malware by utilizing topological feature extraction with data mining techniques. Alam et al [19] introduced an Android malware detector system, namely, DroidNative, which analyzes a control-flow pattern to detect malwares in android native code and other variants.…”

Section: A Signature-based Methodsmentioning

confidence: 99%

Identifying Malicious Software Using Deep Residual Long-Short Term Memory

Alotaibi

2019

IEEE Access

View full text Add to dashboard Cite

The use of smartphone applications based on the Android OS platform is rapidly growing among smartphone users. However, malicious apps for Android are being developed to perform attacks, such as destroying operating systems, stealing confidential data, gathering personal information, and hijacking or encrypting sensitive data. Several malware detection systems based on machine learning have been developed and deployed to extract a variety of features to prevent such attacks. However, new efficient detection methods are needed to extract complex features and hidden structures from malicious apps to detect malware. This paper proposes a novel framework, namely, MalResLSTM, based on deep residual long short-term memory to identify and classify malware variants. The framework imposes a set of constraints on the deep learning architecture to capture dependencies between the extracted features from the Android package kit (APK) file. These feature sets are mapped to a vector space to process the input sequence using a sequence model based on the residual LSTM network. To evaluate the performance of the proposed framework, several experiments are conducted on the Drebin dataset, which contains 129,013 applications. The results demonstrate that MalResLSTM can achieve a 99.32% detection accuracy and outperforms previous algorithms. An extensive experimental analysis was conducted, which included machine-learningbased algorithms and a variety of deep learning-based algorithms, to evaluate the efficiency and robustness of our proposed framework.

show abstract

Section: A Signature-based Methodsmentioning

confidence: 99%

Identifying Malicious Software Using Deep Residual Long-Short Term Memory

Alotaibi

2019

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Despite the fact that this arrangement has the ability to identify malware in the versatile application, it requires steady overhauling of the predefined signature database. Moreover, it is less effective in identifying noxious exercises utilizing the signature-based technique because of the quickly changing nature of portable malware [24,25]. Signature-based strategies depend in light of exceptional crude byte examples or standard articulations, known as marks, made to coordinate the noxious document.…”

Section: Signature-based Malware Detectionmentioning

confidence: 99%

A state-of-the-art survey of malware detection approaches using data mining techniques

Souri

Hosseini

2018

Hum. Cent. Comput. Inf. Sci.

315

166

View full text Add to dashboard Cite

Data mining techniques have been concentrated for malware detection in the recent decade. The battle between security analyzers and malware scholars is everlasting as innovation grows. The proposed methodologies are not adequate while evolutionary and complex nature of malware is changing quickly and therefore turn out to be harder to recognize. This paper presents a systematic and detailed survey of the malware detection mechanisms using data mining techniques. In addition, it classifies the malware detection approaches in two main categories including signature-based methods and behavior-based detection. The main contributions of this paper are: (1) providing a summary of the current challenges related to the malware detection approaches in data mining, (2) presenting a systematic and categorized overview of the current approaches to machine learning mechanisms, (3) exploring the structure of the significant methods in the malware detection approach and (4) discussing the important factors of classification malware approaches in the data mining. The detection approaches have been compared with each other according to their importance factors. The advantages and disadvantages of them were discussed in terms of data mining models, their evaluation method and their proficiency. This survey helps researchers to have a general comprehension of the malware detection field and for specialists to do consequent examinations.

show abstract

“…For instance, the authors of [122], [123] have used opcode sequences to detect malware. Similarly work in [129], [130] have used Instruction sequences and application permissions in order to detect malware. Demme et al [124] proposed a novel method to detect malware based on hardware performance counters.…”

Section: A Signature-based Malware Detectionmentioning

confidence: 99%