Using a Subtractive Center Behavioral Model to Detect Malware

Aslan, Ömer; Samet, Refik; Tanrıöver, Ömer Özgür

doi:10.1155/2020/7501894

Cited by 17 publications

(15 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This is because core behavioral traits are not changing among the different variants. In other words, even though the code order of the ransomware changes, most of the behaviors remain the same [10].…”

Section: State-of-the-art Studies On Ransomwarementioning

confidence: 99%

Ransomware Detection in Cyber Security Domain

Aslan

2022

Bitlis Eren Üniversitesi Fen Bilimleri Dergisi

Self Cite

View full text Add to dashboard Cite

In recent years, ransomware has become highly profitable cyber attacks. This is because, everyday there are several new devices attending to computer networks before testing their security strength. In addition, it is easy to launch ransomware attacks by using Ransomware-as-a-Service. This paper proposed a new method that creates the ransomware specific features by using ransomware behaviors which are performed on file, registry, and network resources. The weights are assigned to the behaviors based upon where the actions are performed. The most feasible features are selected based on the assigned weights as well as Information Gain. The selected features are classified by using ML classifiers including J48 (C4.5), RF (Random Forest), AdaBoost (Adaptive Boosting), SLR (Simple Logistic Regression), KNN (K-Nearest Neighbors), BN (Bayesian Network), and SMO (Sequential Minimal Optimization). The experiments are performed on several ransomware variants as well as benign samples. The test results show that our proposed method is feasible and effective. The DR, FPR, f-measure, and accuracy are measured as 100%, 1.4%, 99.4%, 99.38%, respectively.

show abstract

Section: State-of-the-art Studies On Ransomwarementioning

confidence: 99%

Ransomware Detection in Cyber Security Domain

Aslan

2022

Bitlis Eren Üniversitesi Fen Bilimleri Dergisi

Self Cite

View full text Add to dashboard Cite

show abstract

“…The sequences created were classified using ML algorithms. Aslan et al [37] proposed behavioral-based SCBM model to detect malware. The paper captured semantically related features from the analyzed program samples.…”

Section: ) Behavior-based Malware Detection and Classification Approachmentioning

confidence: 99%

A New Malware Classification Framework Based on Deep Learning Algorithms

Aslan

Yılmaz²

2021

IEEE Access

Self Cite

125

View full text Add to dashboard Cite

Recent technological developments in computer systems transfer human life from real to virtual environments. Covid-19 disease accelerates this process. Cyber criminals' interest shifts from real to virtual life as well. This is because it is easier to commit a crime in cyberspace rather than regular life. Malicious software (malware) is an unwanted software which is frequently used by cyber criminals to launch cyber attacks. Malware variants are continuing to evolve by using advanced obfuscation and packing techniques. These concealing techniques make malware detection and classification significantly challenging. Novel methods which are quite different from traditional methods must be used to effectively combat new malware variants. Traditional artificial intelligence (AI) specifically machine earning (ML) algorithms are no longer effective to detect all new and complex malware. Deep learning (DL) approach which is quite different from traditional ML algorithms can be a promising solution when detecting all variants of malware. In this study, a novel deep-learning-based architecture is proposed which can classify malware variants based on a hybrid model. The main contribution of the study is to propose a new hybrid architecture which integrates two wide-ranging pre-trained network models in an optimized manner. This architecture consists of four main stages: namely, data acquisition, the design of deep neural network architecture, training of the proposed deep neural network architecture, and evaluation of the trained deep neural network. The experimental results show that the suggested method can effectively classify malware with high accuracy which outperforms the state of the art methods in the literature.INDEX TERMS Malware, malware classification, malware detection, malware variants, deep neural networks, transfer learning, deep learning.

show abstract

“…Behavior creation, feature extraction and feature selection are intertwined in the proposed model. The CBCM model is a modification of the subtractive center behavior model which was proposed in our previous work [25]. While creating features, malicious behavior patterns are determined.…”

Section: B Behavior Creation Feature Extraction and Selectionmentioning

confidence: 99%

Intelligent Behavior-Based Malware Detection System on Cloud Computing Environment

2021

Self Cite

View full text Add to dashboard Cite

These days, cloud computing is one of the most promising technologies to store information and provide services online efficiently. Using this rapidly developing technology to protect computer-based systems from cyber-related attacks can bring many advantages over traditional protection schemes. The protected assets can be any computer-based systems such as cyber-physical systems (CPS), critical systems, desktop and laptop computers, mobile devices, and Internet of Things (IoT). Malicious software (malware) is any software which targets the computer-based system to launch cyber-attacks to threaten the integrity, confidentiality and availability of the data. To detect the massively growing malware attacks surface, we propose an intelligent behavior-based detection system in the cloud environment. The proposed system first creates a malware dataset on different virtual machines which identify distinctive features efficiently. Then, selected features are given to the learning-based and rule-based detection agents to separate malware from benign samples. Totally, 10,000 program samples have been analyzed to evaluate the performance of the proposed system. The proposed system can detect both known and unknown malware efficiently with high detection and accuracy rate. Besides, the proposed method results have outperformed the leading methods' results in the literature. Our evaluation results show that the proposed algorithms along with machine learning (ML) classifiers achieve 99.8% detection rate, 0.4% false positive rate, and 99.7% accuracy. Our proposed system and algorithms may assist those who would like to develop a novel malware detection system in the cloud environment.

show abstract

Using a Subtractive Center Behavioral Model to Detect Malware

Cited by 17 publications

References 27 publications

Ransomware Detection in Cyber Security Domain

Ransomware Detection in Cyber Security Domain

A New Malware Classification Framework Based on Deep Learning Algorithms

Intelligent Behavior-Based Malware Detection System on Cloud Computing Environment

Contact Info

Product

Resources

About