Nowadays Ransomwares are not limited to personal computers. Increasing the number of people accessing cell phones, availability of mobile phone application markets along with lack of an effective way for identifying R...
详细信息
ISBN:
(纸本)9781538608043
Nowadays Ransomwares are not limited to personal computers. Increasing the number of people accessing cell phones, availability of mobile phone application markets along with lack of an effective way for identifying Ransomwares have accelerated their growth and expansion in the field of mobile phones and IOT. In the following article, an optimal approach is presented that transforms the sequence of executable instructions into a gray-scale image and then LDA is used in two phases. LDA is a statistical method that is used for separating two or more classes along with dimension reduction. In the first phase, because the image size is large and it contains information that reduces accuracy rate, its best features are exploited using LDA. In the next phase, LDA is fit to train data and the sample tests are feeded for prediction. The experimental results on two well-known Ransomware families and an unknown group of Ransomwares show that the suggested method is capable of identifying with 97 percent of accuracy.
Malicious software also known as "Malware" is software that uses legitimate instructions or code to perform malicious actions. Malware poses a major threat for computer security and information security in g...
详细信息
ISBN:
(纸本)9781538667705;9789532900873
Malicious software also known as "Malware" is software that uses legitimate instructions or code to perform malicious actions. Malware poses a major threat for computer security and information security in general. Over the years, malware has evolved to the point that a single malware specimen can have hundreds or maybe thousands of variants using polymorphic and metamorphic transformation to change the signature of the malware variant in propagation. The common signature-based malware detection methods are no longer robust to detect these variants due to the alteration of code. Static analysis is required to obtain these signatures and anti-virus companies are required to propagate these signature updates to their software. A faster detection method is needed to compensate the exponentially increasing number of malware variants. Machine learning is a trending approach for malware detection. This removes the need to use signature-based detection and is also faster. Software companies do not need to propagate signatures as often. Machine learning algorithms using opcode sequences can recognise patterns in the malicious code that are not present in common signatures and classify them more efficiently. Therefore, a machine learning approach for malware detection should be adopted for faster and more efficient detection. Most research in malware detection using machine learning used static attributes such as network connections, processes spawned, hashes, etc., that were not that robust to changes. In this paper we introduced our novel approach in using trigrams and PE file attributes as features for malware detection. We took a text mining approach to make our detection method more robust to polymorphism and metamorphism. The instruction sequence for critical code in malware on the assembly level is basically the same across malware families. We used opcode trigram sequences as the main feature for our machine learning algorithm. We used Support Vector Machine (SVM) as
This paper presents a novel malware-detection model with a convolutional recurrent neural network using opcode sequences. Statistically, an executable file is considered as a set of consecutive machine codes. First, t...
详细信息
This paper presents a novel malware-detection model with a convolutional recurrent neural network using opcode sequences. Statistically, an executable file is considered as a set of consecutive machine codes. First, the theoretical foundation on which opcode sequences can be used to detect malware has been discussed. Next, an algorithm for extracting opcode sequences from executables and a deep learning-based malware-detection method that uses the opcode sequences as input have been presented. The proposed model comprises an opcode-level convolutional autoencoder that transforms a long opcode sequence to a relatively short compressed sequence at the front end and a dynamic recurrent neural network classifier that performs a prediction task using the codes generated by the opcodelevel convolutional autoencoder at the rear end. Experimentally, the proposed model provided a malware-detection accuracy of 96%, receiver operating characteristic-area under the curve of 0.99, and true positive rate (TPR) of 95%. The highest accuracy and TPR achieved by existing malware-detection methods using opcode sequences were 97% and 82%, respectively. Compared with this method, the proposed model delivered a slightly lower accuracy of 96% but a considerably larger TPR of 95%. Therefore, the proposed model is capable of more reliable malware detection. (C) 2020 Elsevier Inc. All rights reserved.
The proliferation of smart contracts has led to a surge in hacking attacks, resulting in substantial financial losses and undermining the healthy growth of the blockchain ecosystem. To mitigate these challenges, this ...
详细信息
Amid escalating cyber threats, websites have emerged as predominant targets for attackers employing web shells to maintain extended control. Web shells, frequently used by Advanced Persistent Threat (APT) groups, ofte...
详细信息
ISBN:
(纸本)9798350358261;9798350358278
Amid escalating cyber threats, websites have emerged as predominant targets for attackers employing web shells to maintain extended control. Web shells, frequently used by Advanced Persistent Threat (APT) groups, often result in significant damage, despite the conspicuous lack of focused academic research on their detection. This paper illuminates the stealth variant of the web shell, covertly embedded within benign files, and addresses the unique detection challenges presented by their covert nature and the dearth of targeted datasets. In response to these challenges, we construct three datasets: small web shells, benign files, and stealth web shells, subsequently proposing an innovative triplet network detection model for the stealth web shell. This model excels in differentiating stealth web shells from benign files while simultaneously aligning them more closely with small web shells, thereby refining classification precision. Our methodology transforms samples into opcode sequences through a series of processing steps, and then integrates them into the specially designed triplet network. Benchmarked against a cutting-edge deep learning network model and recognized detection tools, our detection methodology yields superior performance, delivering a high accuracy of 92.56% and a robust F1-score of 89.17%. These results substantiate the potency of our approach in countering the mounting threat posed by stealth web shells.
In recent years, researchers have focused on uncovering the distinctive malicious patterns of malware samples through opcode sequences using some feature learning methods to improve the accuracy of malware detection m...
详细信息
In recent years, researchers have focused on uncovering the distinctive malicious patterns of malware samples through opcode sequences using some feature learning methods to improve the accuracy of malware detection mechanisms. However, opcode sequences are often very long. Thus, the feature learning process is to be time-consuming when using the entire sequence or could be ineffective when only a partial part of the sequence is used. In this work, we propose a new malware detection approach, called Sequential opcode Embedding-based Malware Detection (SOEMD), which aims at capturing common malicious patterns in sequential opcodes. To avoid dealing with the long opcode sequences, SOEMD uses Random walk approach with edge and node selection processes. The proposed method constructs a new vector space that consists of low-dimensional sequential opcode embeddings using an embedding method. Experimental results demonstrate that SOEMD outperforms the baseline methods and provides 100% malware detection.
A webshell is a command execution environment in the form of web pages. It is often used by attackers as a backdoor tool for web server operations. Accurately detecting webshells is of great significance to web server...
详细信息
A webshell is a command execution environment in the form of web pages. It is often used by attackers as a backdoor tool for web server operations. Accurately detecting webshells is of great significance to web server protection. Most security products detect webshells based on feature-matching methods-matching input scripts against pre-built malicious code collections. The feature-matching method has a low detection rate for obfuscated webshells. However, with the help of machine learning algorithms, webshells can be detected more efficiently and accurately. In this paper, we propose a new PHP webshell detection model, the NB-opcode (naive Bayes and opcode sequence) model, which is a combination of naive Bayes classifiers and opcode sequences. Through experiments and analysis on a large number of samples, the experimental results show that the proposed method could effectively detect a range of webshells. Compared with the traditional webshell detection methods, this method improves the efficiency and accuracy of webshell detection.
The most efficient way of securing Web applications is searching and eliminating threats therein (from both malwares and vulnerabilities). In case of having Web application source codes, Web security can be improved b...
详细信息
ISBN:
(纸本)9781450372459
The most efficient way of securing Web applications is searching and eliminating threats therein (from both malwares and vulnerabilities). In case of having Web application source codes, Web security can be improved by performing the task to detecting malicious codes, such as Web shells. In this paper, we proposed a model using a deep learning approach to detect and identify the malicious codes inside PHP source files. Our method relies on (i) pattern matching techniques by applying Yara rules to build a malicious and benign datasets, (ii) converting the PHP source codes to a numerical sequence of PHP opcodes and (iii) applying the Convolutional Neural Network model to predict a PHP file whether embedding a malicious code such as a webshell. Thus, we validate our approach with different webshell collections from reliable source published in Github. The experiment results show that the proposed method achieved the accuracy of 99.02% with 0.85% false positive rate.
opcode sequences from decompiled executables have been employed to detect malware. Currently, opcode sequences are extracted using text-based methods, and the limitation of this method is that the extracted opcode seq...
详细信息
opcode sequences from decompiled executables have been employed to detect malware. Currently, opcode sequences are extracted using text-based methods, and the limitation of this method is that the extracted opcode sequences cannot represent the true behaviors of an executable. To solve this issue, we present a control flow-based method to extract executable opcode behaviors. The behaviors extracted by this method can fully represent the behavior characteristics of an executable. To verify the efficiency of control flow-based behaviors, we perform a comparative study of the two types of opcode behavior analysis methods. The experimental results indicate that the proposed control flow-based method has a higher overall accuracy and a lower false positive rate. (C) 2014 Elsevier Ltd. All rights reserved.
Malware is any type of malicious code that has the potential to harm a computer or network. The volume of malware is growing at a faster rate every year and poses a serious global security threat. Although signature-b...
详细信息
Malware is any type of malicious code that has the potential to harm a computer or network. The volume of malware is growing at a faster rate every year and poses a serious global security threat. Although signature-based detection is the most widespread method used in commercial antivirus programs, it consistently fails to detect new malware. Supervised machine-learning models have been used to address this issue. However, the use of supervised learning is limited because it needs a large amount of malicious code and benign software to be labelled first. In this study, the authors propose a new method that uses single-class learning to detect unknown malware families. This method is based on examining the frequencies of the appearance of opcode sequences to build a machine-learning classifier using only one set of labelled instances within a specific class of either malware or legitimate software. The authors performed an empirical study that shows that this method can reduce the effort of labelling software while maintaining high accuracy.
暂无评论