A compression-based technique to classify metamorphic malware

Ekhtoom, Duaa; Al‐Ayyoub, Mahmoud; Al-Saleh, Mohammed I.; Alsmirat, Mohammad A.; Hmeidi, Ismail

doi:10.1109/aiccsa.2016.7945801

Cited by 7 publications

(4 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…13 farklı, gerçek zararlı yazılım ailesinden oluşan, yazılımlarının binary dosyaları kullanılarak bir veri kümesi oluşturulmuştur. Sınıflandırma için, bir zararlı yazılım dosyası ile farklı ailelere ait veri kümesindeki benzerlikler kullanılmıştır [4].…”

Section: Iii̇lgi̇li̇ çAlişmalarunclassified

Classification of Methamorphic Malware with Deep Learning(LSTM)

Yazı

Çatak

Gül

2019

2019 27th Signal Processing and Communications Applications Conference (SIU)

View full text Add to dashboard Cite

Özetçe -Günümüzde geleneksel imza tabanlı tespit yöntemleri kullanan anti-virus uygulamaları, metamorfik zararlı yazılımları tespit etmede başarısızdır. Bu nedenle son zamanlarda yapılan tespit ve sınıflandırmaya yönelik çalışmalar, zararlı yazılımların davranışlarını ele almaktadır. Bu çalışma kapsamında, 8 farklı türdeki gerçek zararlı yazılımların API çagrıları kullanılarak, LSTM tabanlı bir sınıflandırma yöntemi geliştirilmiştir. Bu yöntem ile işletim sistemi üzerindeki zararlı yazılım türlerine ait davranışlar modellenmiştir.Anahtar Kelimeler-Metamorfik zararlı yazılımlar, Windows API, derin ögrenme, LSTM.Abstract-Nowadays, anti-virus applications using traditional signature-based detection methods fail to detect metamorphic malware. For this reason, recent studies on the detection and classification of malicious software address the behavior of malware. In this study, an LSTM based classification method was developed by using API calls of 8 different types of real malware. With this method, the behaviors of the malware types on the operating system are modeled.

show abstract

Section: Iii̇lgi̇li̇ çAlişmalarunclassified

Classification of Methamorphic Malware with Deep Learning(LSTM)

Yazı

Çatak

Gül

2019

2019 27th Signal Processing and Communications Applications Conference (SIU)

View full text Add to dashboard Cite

show abstract

“…There are other approaches that focus on using compression Approximate Minimum Description Length (AMDL) and Best-Compression Neighbor(BCN) [ 80 , 81 ], but this is not derived from Kolmogorov Complexity.…”

Section: Kolmogorov Complexity Application Scenariosmentioning

confidence: 99%

A Survey on Using Kolmogorov Complexity in Cybersecurity

Resende

Martins

Antunes

2019

Entropy

View full text Add to dashboard Cite

Security and privacy concerns are challenging the way users interact with devices. The number of devices connected to a home or enterprise network increases every day. Nowadays, the security of information systems is relevant as user information is constantly being shared and moving in the cloud; however, there are still many problems such as, unsecured web interfaces, weak authentication, insecure networks, lack of encryption, among others, that make services insecure. The software implementations that are currently deployed in companies should have updates and control, as cybersecurity threats increasingly appearing over time. There is already some research towards solutions and methods to predict new attacks or classify variants of previous known attacks, such as (algorithmic) information theory. This survey combines all relevant applications of this topic (also known as Kolmogorov Complexity) in the security and privacy domains. The use of Kolmogorov-based approaches is resource-focused without the need for specific knowledge of the topic under analysis. We have defined a taxonomy with already existing work to classify their different application areas and open up new research questions.

show abstract

“…Follow from [19] idea was Ekhtoom et al [11] where they classify metamorphic malware family using Approximate Minimum Description Length (AMDL) and Best-Compression Neighbor (BCN). However, their experimental results shown no better than 77% accuracy.…”

Section: Metamorphic Malware Detectionmentioning

confidence: 99%

Nonnegative matrix factorization and metamorphic malware detection

Ling

Sani

Abdullah

et al. 2019

J Comput Virol Hack Tech

View full text Add to dashboard Cite

Metamorphic malware change their internal code structure by adopting code obfuscation technique while maintaining their malicious functionality during each infection. This causes change of their signature pattern across each infection and makes signature based detection particularly difficult. In this paper, through static analysis, we use similarity score from matrix factorization technique called Nonnegative Matrix Factorization for detecting challenging metamorphic malware. We apply this technique using structural compression ratio and entropy features and compare our results with previous eigenvector-based techniques. Experimental results from three malware datasets show this is a promising technique as the accuracy detection is more than 95%.

show abstract

A compression-based technique to classify metamorphic malware

Cited by 7 publications

References 26 publications

Classification of Methamorphic Malware with Deep Learning(LSTM)

Classification of Methamorphic Malware with Deep Learning(LSTM)

A Survey on Using Kolmogorov Complexity in Cybersecurity

Nonnegative matrix factorization and metamorphic malware detection

Contact Info

Product

Resources

About