Profiling and classifying the behavior of malicious codes

Alazab, Mamoun

doi:10.1016/j.jss.2014.10.031

Cited by 133 publications

(58 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…There is an urgent need to identify new malware-embedded spam attacks (especially in the increasingly common URL approach) without the need to wait for updates from spam scanners or blacklists (Tran et al 2013). Machine-learning methods of identifying spam and other spam-filtering methods aim to be highly responsive to changes in spamming techniques, but have not been sufficiently flexible to handle variations in the content or delivery methods found in spam emails (Blanzieri and Bryl 2008;Alazab 2015).…”

Section: Discussionmentioning

confidence: 99%

Spam and crime

Broadhurst¹,

Alazab²

2017

Regulatory Theory

Self Cite

View full text Add to dashboard Cite

Section: Discussionmentioning

confidence: 99%

Spam and crime

Broadhurst¹,

Alazab²

2017

Regulatory Theory

Self Cite

View full text Add to dashboard Cite

“…Other than the implementations mentioned above, the BDs of time series (e.g., time-series databases) are required to be associated with an encrypted timestamp, the authors in [46] proposed an access and inference control model to enforce time and value-based constraints over the hierarchical time series data. Meanwhile, the analyzing of malicious codes and intrusion detection for cybersecurity and malware detection was reported [47,48,49,50] Standardizing the security development schema of secure systems was first reported in [51]. This standardization unifies practices and languages for modelling security and access control among different implementers.…”

Section: Related Workmentioning

confidence: 99%

Next-generation big data federation access control: A reference model

Awaysheh

Alazab

Gupta

et al. 2020

Future Generation Computer Systems

Self Cite

View full text Add to dashboard Cite

This paper discusses one of the most significant challenges of next-generation big data (BD) federation platforms, namely, Hadoop access control. Privacy and security on a federation scale remain significant concerns among practitioners.Apache Hadoop [1], the BD landmark, has become a large-scale data analytics operating system. The large community behind Hadoop has been working to improve its stack to meet the increasing demands and requirements of BD.Enterprises across all major industries have adopted Hadoop due to its capability to store and process an abundance of new types of data and leverage modern data architecture. With a broad spectrum of both structured and unstructured workloads, Hadoop abstracts the computing resource management, task scheduling, and data management, while maintaining a satisfactory level of security and isolation.The Hadoop distributed file system (HDFS) [2] is typically deployed as part of a large-scale Hadoop platform to support commodity hardware and accommodate different processing frameworks. It is utilized to handle data management and access to the Hadoop ecosystem using a master/slave architecture. It is also successfully employed by several distributed systems and can be used by different resource schedulers as a data storage system, e.g., HTCondor [3] and Spark [4]. IAM in the HDFS ecosystem can be defined as the set of tools and mechanisms that enables end users and applications to interact securely with system core functionalities, thus ensuring appropriate access to data across the cluster. This security discipline can be separated into three abstraction layers: identification and access control, authentication, and authorization.As more services and users have joined the Hadoop federation portfolio in pursuit of a scalable BD hub, access control has become increasingly critical.One of the main obstacles in the development of an adaptive access control solution for BD platforms is the lack of a standard model to which access control rules and the associated enforcement monitor can be bound. A recent study [5] indicates that BD, as an emerging research trend, lacks standardized models

show abstract

“…Therefore, we have studied how to apply machine learning for automatic JavaScript identification. Huda et al [16] proposed a framework for malware detection by choosing application program interface call statistics as malware features and using the SVM as the classifier; similarly, Alazab [17] extracted features from the sequences of application program interface calls and employed the k-nearest neighbor algorithm to classify malware behaviors; AL-Taharwa et al [18] provided a JavaScript obfuscation detector, which is a mining and machine learning approach to detect obfuscated codes; Soska and Christin [19] constructed a set of features from the aspects of traffic statistics, file system structure, and webpage contents, which is followed by the process of adopting a C4.5 decision tree algorithm to determine the maliciousness of a target website. Although these traditional machine learning-based methods can predict unknown new malicious JavaScript code, the consumption of testing time would potentially affect their efficiency.…”

Section: Related Workmentioning

confidence: 99%

A deep learning approach for detecting malicious JavaScript code

Wang

Cai

Wei

2016

Security Comm Networks

140

View full text Add to dashboard Cite

Malicious JavaScript code in webpages on the Internet is an emergent security issue because of its universality and potentially severe impact. Because of its obfuscation and complexities, detecting it has a considerable cost. Over the last few years, several machine learning-based detection approaches have been proposed; most of them use shallow discriminating models with features that are constructed with artificial rules. However, with the advent of the big data era for information transmission, these existing methods already cannot satisfy actual needs. In this paper, we present a new deep learning framework for detection of malicious JavaScript code, from which we obtained the highest detection accuracy compared with the control group. The architecture is composed of a sparse random projection, deep learning model, and logistic regression. Stacked denoising auto-encoders were used to extract high-level features from JavaScript code; logistic regression as a classifier was used to distinguish between malicious and benign JavaScript code. Experimental results indicated that our architecture, with over 27 000 labeled samples, can achieve an accuracy of up to 95%, with a false positive rate less than 4.2% in the best case.

show abstract

Profiling and classifying the behavior of malicious codes

Cited by 133 publications

References 10 publications

Spam and crime

Spam and crime

Next-generation big data federation access control: A reference model

A deep learning approach for detecting malicious JavaScript code

Contact Info

Product

Resources

About