A Comprehensive Review on Malware Detection Approaches

Aslan, Ömer; Samet, Refik

doi:10.1109/access.2019.2963724

Cited by 360 publications

(223 citation statements)

References 84 publications

Supporting

Mentioning

169

Contrasting

Unclassified

Order By: Relevance

“…Let us denote the M N i output layer N, and b N i the base value, then, the filter for the jth feature map is ψ N i,j , and h j denotes the N − 1 th output layer. Then, the deep convolutional layers have the formulation as stated in Equation (8).…”

Section: Dcnn Feature Extraction and Fusionmentioning

confidence: 99%

See 1 more Smart Citation

Hybrid Malware Classification Method Using Segmentation-Based Fractal Texture Analysis and Deep Convolution Neural Network Features

et al. 2020

View full text Add to dashboard Cite

As the number of internet users increases so does the number of malicious attacks using malware. The detection of malicious code is becoming critical, and the existing approaches need to be improved. Here, we propose a feature fusion method to combine the features extracted from pre-trained AlexNet and Inception-v3 deep neural networks with features attained using segmentation-based fractal texture analysis (SFTA) of images representing the malware code. In this work, we use distinctive pre-trained models (AlexNet and Inception-V3) for feature extraction. The purpose of deep convolutional neural network (CNN) feature extraction from two models is to improve the malware classifier accuracy, because both models have characteristics and qualities to extract different features. This technique produces a fusion of features to build a multimodal representation of malicious code that can be used to classify the grayscale images, separating the malware into 25 malware classes. The features that are extracted from malware images are then classified using different variants of support vector machine (SVM), k-nearest neighbor (KNN), decision tree (DT), and other classifiers. To improve the classification results, we also adopted data augmentation based on affine image transforms. The presented method is evaluated on a Malimg malware image dataset, achieving an accuracy of 99.3%, which makes it the best among the competing approaches.

show abstract

Section: Dcnn Feature Extraction and Fusionmentioning

confidence: 99%

“…To counter these threats, deep learning, a technique based on artificial neural networks (ANN), can be employed successfully [7,8]. Deep learning with its multilayer architecture has a great ability to learn the features of the labeled and unlabeled data.…”

Section: Introductionmentioning

confidence: 99%

Hybrid Malware Classification Method Using Segmentation-Based Fractal Texture Analysis and Deep Convolution Neural Network Features

et al. 2020

View full text Add to dashboard Cite

show abstract

“…e proposed model has been tested on uniformly distributed dataset, more zero-day malware need to be tested. e test cases for malware is performed on virtual machines which can represent limited behaviors of malware [46]. us, running malware on real machine can improve the performance.…”

Section: Limitations and Future Workmentioning

confidence: 99%

“…e suggested schema will be integrated with other technologies such as cloud, blockchain, and deep learning to build more powerful detection system [46].…”

Section: Limitations and Future Workmentioning

confidence: 99%

Using a Subtractive Center Behavioral Model to Detect Malware

Aslan

Samet

Tanrıöver

2020

Security and Communication Networks

Self Cite

View full text Add to dashboard Cite

In recent years, malware has evolved by using different obfuscation techniques; due to this evolution, the detection of malware has become problematic. Signature-based and traditional behavior-based malware detectors cannot effectively detect this new generation of malware. This paper proposes a subtractive center behavior model (SCBM) to create a malware dataset that captures semantically related behaviors from sample programs. In the proposed model, system paths, where malware behaviors are performed, and malware behaviors themselves are taken into consideration. This way malicious behavior patterns are differentiated from benign behavior patterns. Features that could not exceed the specified score are removed from the dataset. The datasets created using the proposed model contain far fewer features than the datasets created by n-gram and other models that have been used in other studies. The proposed model can handle both known and unknown malware, and the obtained detection rate and accuracy of the proposed model are higher than those of the known models. To show the effectiveness of the proposed model, 2 datasets with score and without score are created by using SCBM. In total, 6700 malware samples and 3000 benign samples are tested. The results are compared with those derived from n-gram and models from other studies in the literature. The test results show that, by combining the proposed model with an appropriate machine learning algorithm, the detection rate, false positive rate, and accuracy are measured as 99.9%, 0.2%, and 99.8%, respectively.

show abstract

“…Malware and counterfeit components can decrease performance or cause performance instability. There is a plethora of security measures that can be adopted to prevent malicious programs from being downloaded and remove them when they have been downloaded [2,3]. There are also many novel ways of detecting counterfeit hardware [4,5].…”

Section: Introductionmentioning

confidence: 99%

CPU Hardware Classification and Performance Prediction using Neural Networks and Statistical Learning

Foots¹,

Pal²,

Datta³

et al. 2020

IJAIA

View full text Add to dashboard Cite

We propose a set of methods to classify vendors based on estimated CPU performance and predict CPU performance based on hardware components. For vendor classification, we use the highest and lowest estimated performance and frequency of occurrences of each vendor to create classification zones. These zones can be used to identify vendors who manufacture hardware that satisfy a given performance requirement. We use multi-layered neural networks for performance prediction, which account for nonlinearity in performance data. Various neural network architectures are analysed in comparison to linear, quadratic, and cubic regression. Experiments show that neural networks obtain low error and high correlation between predicted and published performance values, while cubic regression produces higher correlation than neural networks when more data is used for training than testing. An analysis of how the neural network architecture affects prediction is also performed. The proposed methods can be used to identify suitable hardware replacements.

show abstract

A Comprehensive Review on Malware Detection Approaches

Cited by 360 publications

References 84 publications

Hybrid Malware Classification Method Using Segmentation-Based Fractal Texture Analysis and Deep Convolution Neural Network Features

Hybrid Malware Classification Method Using Segmentation-Based Fractal Texture Analysis and Deep Convolution Neural Network Features

Using a Subtractive Center Behavioral Model to Detect Malware

CPU Hardware Classification and Performance Prediction using Neural Networks and Statistical Learning

Contact Info

Product

Resources

About