检索结果-内蒙古大学图书馆

7th International Conference on Computer and Knowledge Engineering (ICCKE)

作者： Karimi, Alireza Moattar, Mohammad Hosein Islamic Azad Univ Dept Comp Engn Shahrud Branch Mashhad Iran Islamic Azad Univ Dept Comp Engn Mashhad Branch Mashhad Iran

ISBN: (纸本)9781538608043

Nowadays Ransomwares are not limited to personal computers. Increasing the number of people accessing cell phones, availability of mobile phone application markets along with lack of an effective way for identifying Ransomwares have accelerated their growth and expansion in the field of mobile phones and IOT. In the following article, an optimal approach is presented that transforms the sequence of executable instructions into a gray-scale image and then LDA is used in two phases. LDA is a statistical method that is used for separating two or more classes along with dimension reduction. In the first phase, because the image size is large and it contains information that reduces accuracy rate, its best features are exploited using LDA. In the next phase, LDA is fit to train data and the sample tests are feeded for prediction. The experimental results on two well-known Ransomware families and an unknown group of Ransomwares show that the suggested method is capable of identifying with 97 percent of accuracy.

关键词： ransomware linear discriminant analysis malware detection opcode sequence

来源：评论

学校读者我要写书评

暂无评论

Malware Detection using opcode Trigram sequence with SVM 26

Malware Detection using Opcode Trigram Sequence with SVM

引用

26th International Conference on Software, Telecommunications and Computer Networks (SoftCOM)

作者： Elkhawas, Amr, I Abdelbaki, Nashwa Nile Univ Sch Commun & Informat Technol Informat Secur Cairo Egypt

ISBN: (纸本)9781538667705;9789532900873

Malicious software also known as "Malware" is software that uses legitimate instructions or code to perform malicious actions. Malware poses a major threat for computer security and information security in general. Over the years, malware has evolved to the point that a single malware specimen can have hundreds or maybe thousands of variants using polymorphic and metamorphic transformation to change the signature of the malware variant in propagation. The common signature-based malware detection methods are no longer robust to detect these variants due to the alteration of code. Static analysis is required to obtain these signatures and anti-virus companies are required to propagate these signature updates to their software. A faster detection method is needed to compensate the exponentially increasing number of malware variants. Machine learning is a trending approach for malware detection. This removes the need to use signature-based detection and is also faster. Software companies do not need to propagate signatures as often. Machine learning algorithms using opcode sequences can recognise patterns in the malicious code that are not present in common signatures and classify them more efficiently. Therefore, a machine learning approach for malware detection should be adopted for faster and more efficient detection. Most research in malware detection using machine learning used static attributes such as network connections, processes spawned, hashes, etc., that were not that robust to changes. In this paper we introduced our novel approach in using trigrams and PE file attributes as features for malware detection. We took a text mining approach to make our detection method more robust to polymorphism and metamorphism. The instruction sequence for critical code in malware on the assembly level is basically the same across malware families. We used opcode trigram sequences as the main feature for our machine learning algorithm. We used Support Vector Machine (SVM) as

关键词： Malware Detection Machine Learning N-grams opcode sequence Support Vector Machine SVM

来源：评论

学校读者我要写书评

暂无评论

Using opcode sequences in single-class learning to detect unknown malware

引用

IET INFORMATION SECURITY 2011年第4期5卷 220-227页

作者： Santos, I. Brezo, F. Sanz, B. Laorden, C. Bringas, P. G. DeustoTech Univ Deusto Lab Smartness Semant & Secur Lab S3 Bilbao 48007 Spain

Malware is any type of malicious code that has the potential to harm a computer or network. The volume of malware is growing at a faster rate every year and poses a serious global security threat. Although signature-based detection is the most widespread method used in commercial antivirus programs, it consistently fails to detect new malware. Supervised machine-learning models have been used to address this issue. However, the use of supervised learning is limited because it needs a large amount of malicious code and benign software to be labelled first. In this study, the authors propose a new method that uses single-class learning to detect unknown malware families. This method is based on examining the frequencies of the appearance of opcode sequences to build a machine-learning classifier using only one set of labelled instances within a specific class of either malware or legitimate software. The authors performed an empirical study that shows that this method can reduce the effort of labelling software while maintaining high accuracy.

关键词： antivirus program benign software invasive software learning (artificial intelligence) legitimate software machine-learning classifier malicious code malware families opcode sequence security threat single-class learning supervised machine-learning model unknown malware detection

来源：评论

学校读者我要写书评

暂无评论

Malware-Detection Method with a Convolutional Recurrent Neural Network Using opcode sequences

引用

INFORMATION SCIENCES 2020年 535卷 1-15页

作者： Jeon, Seungho Moon, Jongsub Korea Univ Grad Sch Informat Secur Div Informat Secur Seoul South Korea

This paper presents a novel malware-detection model with a convolutional recurrent neural network using opcode sequences. Statistically, an executable file is considered as a set of consecutive machine codes. First, the theoretical foundation on which opcode sequences can be used to detect malware has been discussed. Next, an algorithm for extracting opcode sequences from executables and a deep learning-based malware-detection method that uses the opcode sequences as input have been presented. The proposed model comprises an opcode-level convolutional autoencoder that transforms a long opcode sequence to a relatively short compressed sequence at the front end and a dynamic recurrent neural network classifier that performs a prediction task using the codes generated by the opcodelevel convolutional autoencoder at the rear end. Experimentally, the proposed model provided a malware-detection accuracy of 96%, receiver operating characteristic-area under the curve of 0.99, and true positive rate (TPR) of 95%. The highest accuracy and TPR achieved by existing malware-detection methods using opcode sequences were 97% and 82%, respectively. Compared with this method, the proposed model delivered a slightly lower accuracy of 96% but a considerably larger TPR of 95%. Therefore, the proposed model is capable of more reliable malware detection. (C) 2020 Elsevier Inc. All rights reserved.

关键词： Malware detection opcode sequence Deep learning Convolutional neural networks Recurrent neural networks Autoencoder

来源：评论

学校读者我要写书评

暂无评论

Code compression techniques using operand field remapping

引用

IEE PROCEEDINGS-COMPUTERS AND DIGITAL TECHNIQUES 2002年第1期149卷 25-31页

作者： Lin, K Chung, CP Natl Chiao Tung Univ Dept Comp Sci & Informat Engn Hsinchu 300 Taiwan

Dictionary-based code compression stores the most frequently used instruction sequences in a dictionary, and replaces the occurrences of these sequences in the program with codewords. The large dictionary size is due mainly to many instruction sequences which are different only in operands, but are otherwise the same. The operand factorisation technique divides the expression tree into tree-pattern (opcode sequence) and operand-pattern (operand sequence) to reduce this redundancy;instruction sequences with the same opcodes but different operands may thus share the same tree-pattern dictionary entry. The paper proposes an operand field remapping method to further reduce dictionary size. The key idea is to explore the relations between the current operand to be compressed with those already compressed. The operand-pattern dictionary is therefore divided into an operand remapping dictionary and an operand list dictionary. Each entry in the operand remapping dictionary indicates whether the operand (register or immediate value) to be compressed is the most used operand, the same as the destination register of the previous instructions, or otherwise. With this remapping technique, the operand dictionary size is greatly reduced. An average 46% compression ratio can be achieved where compression ratio = (dictionary size + compressed code size)/(original program size).

关键词： codes frequently used instruction sequences register data compression redundancy reduction File organisation expression tree tree pattern compressed code size instruction sequences dictionary size program size compression ratio Data handling techniques codewords operand field remapping dictionaries tree data structures sequences opcode sequence operand sequence operand pattem operand list dictionary redundancy operand remapping dictionary Codes dictionary-based code compression techniques operand factorisation technique

来源：评论

学校读者我要写书评

暂无评论

Control flow-based opcode behavior analysis for Malware detection

引用

COMPUTERS & SECURITY 2014年 44卷 65-74页

作者： Ding, Yuxin Dai, Wei Yan, Shengli Zhang, Yumei Shenzhen Univ Town Harbin Inst Technol Shenzhen Grad Sch Shenzhen 518055 Peoples R China Chinese Acad Sci State Key Lab Comp Architecture Inst Comp Technol Beijing 100864 Peoples R China

opcode sequences from decompiled executables have been employed to detect malware. Currently, opcode sequences are extracted using text-based methods, and the limitation of this method is that the extracted opcode sequences cannot represent the true behaviors of an executable. To solve this issue, we present a control flow-based method to extract executable opcode behaviors. The behaviors extracted by this method can fully represent the behavior characteristics of an executable. To verify the efficiency of control flow-based behaviors, we perform a comparative study of the two types of opcode behavior analysis methods. The experimental results indicate that the proposed control flow-based method has a higher overall accuracy and a lower false positive rate. (C) 2014 Elsevier Ltd. All rights reserved.

关键词： opcode sequence Malicious code detection Control flow graph Machine learning Classification Security

来源：评论

学校读者我要写书评

暂无评论

Toward a Deep Learning Approach for Detecting PHP Webshell 19

Toward a Deep Learning Approach for Detecting PHP Webshell

引用

10th International Symposium on Information and Communication Technology (SoICT)

作者： Ngoc-Hoa Nguyen Viet-Ha Le Van-On Phung Phuong-Hanh Du VNU Univ Engn & Technol Hanoi Vietnam Off Govt Hanoi Vietnam

ISBN: (纸本)9781450372459

The most efficient way of securing Web applications is searching and eliminating threats therein (from both malwares and vulnerabilities). In case of having Web application source codes, Web security can be improved by performing the task to detecting malicious codes, such as Web shells. In this paper, we proposed a model using a deep learning approach to detect and identify the malicious codes inside PHP source files. Our method relies on (i) pattern matching techniques by applying Yara rules to build a malicious and benign datasets, (ii) converting the PHP source codes to a numerical sequence of PHP opcodes and (iii) applying the Convolutional Neural Network model to predict a PHP file whether embedding a malicious code such as a webshell. Thus, we validate our approach with different webshell collections from reliable source published in Github. The experiment results show that the proposed method achieved the accuracy of 99.02% with 0.85% false positive rate.

关键词： pattern matching yara rules deep learning CNN opcode sequence web shell detection

来源：评论

学校读者我要写书评

暂无评论

SWDNet: Stealth Web Shell Detection Technology based on Triplet Network 19

SWDNet: Stealth Web Shell Detection Technology based on Trip...

引用

19th International Conference on Mobility, Sensing and Networking (MSN)

作者： Zhang, Jinli Dai, Feng Cao, Yagin Tan, Ru Cui, Xiang Liu, Qixu Chinese Acad Sci Inst Informat Engn Beijing Peoples R China Univ Chinese Acad Sci Sch Cyber Secur Beijing Peoples R China Zhongguancun Lab Beijing Peoples R China

ISBN: (纸本)9798350358261;9798350358278

Amid escalating cyber threats, websites have emerged as predominant targets for attackers employing web shells to maintain extended control. Web shells, frequently used by Advanced Persistent Threat (APT) groups, often result in significant damage, despite the conspicuous lack of focused academic research on their detection. This paper illuminates the stealth variant of the web shell, covertly embedded within benign files, and addresses the unique detection challenges presented by their covert nature and the dearth of targeted datasets. In response to these challenges, we construct three datasets: small web shells, benign files, and stealth web shells, subsequently proposing an innovative triplet network detection model for the stealth web shell. This model excels in differentiating stealth web shells from benign files while simultaneously aligning them more closely with small web shells, thereby refining classification precision. Our methodology transforms samples into opcode sequences through a series of processing steps, and then integrates them into the specially designed triplet network. Benchmarked against a cutting-edge deep learning network model and recognized detection tools, our detection methodology yields superior performance, delivering a high accuracy of 92.56% and a robust F1-score of 89.17%. These results substantiate the potency of our approach in countering the mounting threat posed by stealth web shells.

关键词： stealth web shell triplet network opcode sequence web shell detection supply chain

来源：评论

学校读者我要写书评

暂无评论

Research on Dynamic Detection of Vulnerabilities in Smart Contracts Based on Machine Learning 3

Research on Dynamic Detection of Vulnerabilities in Smart Co...

引用

3rd IEEE International Conference on Electrical Engineering, Big Data and Algorithms, EEBDA 2024

作者： Boxin, Yang Tianjin University of Technology Tianjin China

ISBN: (纸本)9798350380989

The proliferation of smart contracts has led to a surge in hacking attacks, resulting in substantial financial losses and undermining the healthy growth of the blockchain ecosystem. To mitigate these challenges, this paper introduces a dynamic vulnerability detection approach for smart contracts leveraging machine learning techniques. The proposed method involves the extraction of opcode sequence features through a combination of the N-gram model and a weight penalty mechanism. The core objective is to identify vulnerabilities within deployed smart contracts by analyzing the opcode sequences during their dynamic execution. This approach falls under the category of dynamic detection, aiming to ensure the integrity and security of blockchain-based systems. © 2024 IEEE.

关键词： blockchain N-gram opcode sequence smart contracts vulnerability detection

来源：评论

学校读者我要写书评

暂无评论

Sequential opcode embedding-based malware detection method

引用

COMPUTERS & ELECTRICAL ENGINEERING 2022年 98卷 107703-107703页

作者： Kakisim, Arzu Gorgulu Gulmez, Sibel Sogukpinar, Ibrahim Istanbul Commerce Univ Comp Engn Istanbul Turkey Gebze Tech Univ Comp Engn Kocaeli Turkey

In recent years, researchers have focused on uncovering the distinctive malicious patterns of malware samples through opcode sequences using some feature learning methods to improve the accuracy of malware detection mechanisms. However, opcode sequences are often very long. Thus, the feature learning process is to be time-consuming when using the entire sequence or could be ineffective when only a partial part of the sequence is used. In this work, we propose a new malware detection approach, called Sequential opcode Embedding-based Malware Detection (SOEMD), which aims at capturing common malicious patterns in sequential opcodes. To avoid dealing with the long opcode sequences, SOEMD uses Random walk approach with edge and node selection processes. The proposed method constructs a new vector space that consists of low-dimensional sequential opcode embeddings using an embedding method. Experimental results demonstrate that SOEMD outperforms the baseline methods and provides 100% malware detection.

关键词： Malware detection opcode sequence Embedding Random walk Static analysis opcode graph

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：