An Adaptive Behavioral-Based Incremental Batch Learning Malware Variants Detection Model Using Concept Drift Detection and Sequential Deep Learning

Darem, A. Basit; Ghaleb, Fuad A.; Alhashmi, Asma A.; Abawajy, Jemal; Alanazi, Sultan M.; Al-Rezami, A. Y.

doi:10.1109/access.2021.3093366

Cited by 42 publications

(25 citation statements)

References 48 publications

(83 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…After generating a malware and cleanware dataset, it is put to use in testing. We analysed malware and placed it into different groups using a number of supervised machine learning methods, such as kNN, DT, RF, AdaBoost, SGD, extra trees and the Gaussian NB Classifier [ 22 , 25 ].…”

Section: Resultsmentioning

confidence: 99%

“…To examine Ye’s (2017) material would be an enormous task. All of these things make it difficult to develop a malware detection system that uses machine learning in real time [ 22 ].…”

Section: Literature Reviewmentioning

confidence: 99%

“…Included were more than 198,063 separate data points gathered from a wide variety of sources. There were 373 rows in the data and 531 columns as shown in Table 1 [22][23][24][25]. column that indicates whether or not the file is harmful.…”

Section: Datasetmentioning

confidence: 99%

See 2 more Smart Citations

Evaluation of Machine Learning Algorithms for Malware Detection

Akhtar

Feng

2023

Sensors

View full text Add to dashboard Cite

This research study mainly focused on the dynamic malware detection. Malware progressively changes, leading to the use of dynamic malware detection techniques in this research study. Each day brings a new influx of malicious software programmes that pose a threat to online safety by exploiting vulnerabilities in the Internet. The proliferation of harmful software has rendered manual heuristic examination of malware analysis ineffective. Automatic behaviour-based malware detection using machine learning algorithms is thus considered a game-changing innovation. Threats are automatically evaluated based on their behaviours in a simulated environment, and reports are created. These records are converted into sparse vector models for use in further machine learning efforts. Classifiers used to synthesise the results of this study included kNN, DT, RF, AdaBoost, SGD, extra trees and the Gaussian NB classifier. After reviewing the test and experimental data for all five classifiers, we found that the RF, SGD, extra trees and Gaussian NB Classifier all achieved a 100% accuracy in the test, as well as a perfect precision (1.00), a good recall (1.00), and a good f1-score (1.00). Therefore, it is reasonable to assume that the proof-of-concept employing autonomous behaviour-based malware analysis and machine learning methodologies might identify malware effectively and rapidly.

show abstract

Section: Resultsmentioning

confidence: 99%

“…To examine Ye’s (2017) material would be an enormous task. All of these things make it difficult to develop a malware detection system that uses machine learning in real time [ 22 ].…”

Section: Literature Reviewmentioning

confidence: 99%

See 1 more Smart Citation

Evaluation of Machine Learning Algorithms for Malware Detection

Akhtar

Feng

2023

Sensors

View full text Add to dashboard Cite

show abstract

“…Like static data, dynamic data can be introspected, and malicious patterns can be extracted [45]. Due to its efficacy for countering the sophisticated ransomware families that employ polymorphic techniques to deceive detection, the dynamic analysis gained popularity in the research community [23,41,42,[46][47][48][49][50]. During the dynamic analysis, several types of data are collected, including API calls, PE contents, and file systems; memory; CPU and I/O statistics [2].…”

Section: Related Workmentioning

confidence: 99%

A Weighted Minimum Redundancy Maximum Relevance Technique for Ransomware Early Detection in Industrial IoT

et al. 2022

Self Cite

View full text Add to dashboard Cite

Ransomware attacks against Industrial Internet of Things (IIoT) have catastrophic consequences not only to the targeted infrastructure, but also the services provided to the public. By encrypting the operational data, the ransomware attacks can disrupt the normal operations, which represents a serious problem for industrial systems. Ransomware employs several avoidance techniques, such as packing, obfuscation, noise insertion, irrelevant and redundant system call injection, to deceive the security measures and make both static and dynamic analysis more difficult. In this paper, a Weighted minimum Redundancy maximum Relevance (WmRmR) technique was proposed for better feature significance estimation in the data captured during the early stages of ransomware attacks. The technique combines an enhanced mRMR (EmRmR) with the Term Frequency-Inverse Document Frequency (TF-IDF) so that it can filter out the runtime noisy behavior based on the weights calculated by the TF-IDF. The proposed technique has the capability to assess whether a feature in the relevant set is important or not. It has low-dimensional complexity and a smaller number of evaluations compared to the original mRmR method. The TF-IDF was used to evaluate the weights of the features generated by the EmRmR algorithm. Then, an inclusive entropy-based refinement method was used to decrease the size of the extracted data by identifying the system calls with strong behavioral indication. After extensive experimentation, the proposed technique has shown to be effective for ransomware early detection with low-complexity and few false-positive rates. To evaluate the proposed technique, we compared it with existing behavioral detection methods.

show abstract

“…Similar methods that utilize Learning-Based Generative Model for PDF files [16], Concept Drift Detection with Sequential Deep Learning (CDS SDL) for batch malwares [17], Fuzzified Features with Boosted Fuzzy Random Forest (FBRF) [18], and RNN for visualization of malwares [19] are discussed by researchers. These models aim at improving inter-class feature variance via rigorous analysis of extracted features in order to identify malwarespecific models that can be deployed for on-field use cases.…”

Section: Literature Reviewmentioning

confidence: 99%

ACMFNN: Design of an augmented convolutional model for intelligent cross-domain malware localization via forensic neural networks

Pateriya

Tomar

2022

Preprint

View full text Add to dashboard Cite

Classification of malwares from spatial & temporal data patterns requires efficient design of deep learning models. These models deploy methods for feature extraction, feature selection, classification & post-processing to perform this task. A wide variety of high-efficiency malware analysis models are proposed by researchers, and most of them are application-specific, thus cannot be scaled to multiple domains. Out of these, only a few of these models are targeted towards identification of malware locations. In order to improve malware detection scalability, and localization performance, this text proposes a novel augmented convolutional model (ACM) for intelligent cross-domain malware analysis via forensic neural networks (FNNs). The FNNs are designed as an integration of multiple augmented convolutional models, which include different optimizers & feature extraction units. In this design, each of these units are customized to improve their feature extraction & selection capabilities, which assists in improving classification performance. Results of classification are given to an ACM layer, which performs feature augmentation to localize malware positions in input data. The proposed model was evaluated on multiple malware datasets, including Electro RAT, Pegasus, SkyGoFree, Viking Horde, Bat Skull, Yesmile, Wirenet, Jigsaw, Satana, Tapaoux, etc. It was observed that the proposed model was able to classify these malwares with an average accuracy of 98.5%, which makes it useful for real-time malware analysis. The model was also able to achieve an average localization accuracy of 79.6% across these datasets, thereby assisting forensic experts to obtain an approximate estimate of malware locations in input data streams. This performance was compared with some of the recently proposed malware detection models, and it was observed that the proposed ACMFNN method has 8% better precision, 6.5% better recall, and 9.4% better classification accuracy when compared with these methods on the same dataset. Due to augmented convolutional model, it was observed that the proposed approach had 15% better localization accuracy, 19% better localization precision, and 14% better localization recall when compared with these methods. Thereby indicating that the propose model is applicable for a wide variety of malware detection & localization application deployments.

show abstract

An Adaptive Behavioral-Based Incremental Batch Learning Malware Variants Detection Model Using Concept Drift Detection and Sequential Deep Learning

Cited by 42 publications

References 48 publications

Evaluation of Machine Learning Algorithms for Malware Detection

Evaluation of Machine Learning Algorithms for Malware Detection

A Weighted Minimum Redundancy Maximum Relevance Technique for Ransomware Early Detection in Industrial IoT

ACMFNN: Design of an augmented convolutional model for intelligent cross-domain malware localization via forensic neural networks

Contact Info

Product

Resources

About