An incremental malware detection model for meta-feature API and system call sequence

Kishore, P. V. V.; Barisal, Swadhin Kumar; Mohapatra, Durga Prasad

doi:10.15439/2020f73

Cited by 7 publications

(3 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Moreover, the use of sequential system calls and API call sequences, as demonstrated by [27], enables the incremental detection of malware, addressing the need for continuous monitoring and detection in contemporary cybersecurity. These methods leverage the inherent characteristics of API calls and system calls to detect anomalies and malicious behaviors, aligning with the evolving threat landscape and the need for robust protection against malware, as discussed by [28].…”

Section: Methods Description Limitationsmentioning

confidence: 99%

Risk-Based System-Call Sequence Grouping Method for Malware Intrusion Detection

Vyšniūnas,

Čeponis,

Goranin

et al. 2024

Electronics

View full text Add to dashboard Cite

Malware intrusion is a serious threat to cybersecurity; that is why new and innovative methods are constantly being developed to detect and prevent it. This research focuses on malware intrusion detection through the usage of system calls and machine learning. An effective and clearly described system-call grouping method could increase the various metrics of machine learning methods, thereby improving the malware detection rate in host-based intrusion-detection systems. In this article, a risk-based system-call sequence grouping method is proposed that assigns riskiness values from low to high based on function risk value. The application of the newly proposed grouping method improved classification accuracy by 23.4% and 7.6% with the SVM and DT methods, respectively, compared to previous results obtained on the same methods and data. The results suggest the use of lightweight machine learning methods for malware attack can ensure detection accuracy comparable to deep learning methods.

show abstract

Section: Methods Description Limitationsmentioning

confidence: 99%

Risk-Based System-Call Sequence Grouping Method for Malware Intrusion Detection

Vyšniūnas,

Čeponis,

Goranin

et al. 2024

Electronics

View full text Add to dashboard Cite

show abstract

“…Kishore et al. [37] divided the API call sequences into system call sequences and ordinary API call sequences. They identified a bunch of representative features as classification features.…”

Section: Related Workmentioning

confidence: 99%

Android malware detection via efficient application programming interface call sequences extraction and machine learning classifiers

Wang

Zhao

et al. 2022

IET Software

View full text Add to dashboard Cite

Malware detection is an important task for the ecosystem of mobile applications (APPs), especially for the Android ecosystem, and is vital to guarantee the user experience of Android APPs. There have been some exiting methods trying to solve the problem of malware detection, but the methods suffer from several defects, such as high time complexity and mediocre accuracy, which seriously decrease the practicability of existing methods. To solve these problems, in this study, we propose a novel Android malware detection framework, where we contribute an efficient Application Programming Interface (API) call sequences extraction algorithm and an investigation of different types of classifiers. In API call sequences extraction, we propose an algorithm for transforming the function call graph from a multigraph into a directed simple graph, which successfully avoids the unnecessary repetitive path searching. We also propose a pruning search, which further reduces the number of paths to be searched. Our algorithm greatly reduces the time complexity. We generate the transition matrix as classification features and investigate three types of machine learning classifiers to complete the malware detection task. The experiments are performed on real-world Android Packages (APKs), and the results demonstrate that our method significantly reduces the running time and produces high detection accuracy. K E Y W O R D SAndroid (operating system), computational complexity, pattern classification, software quality, software reliability | INTRODUCTIONMobile applications (APPs) have been indispensable to daily lives, and the Android and iOS are the two most widely used mobile platforms [1]. There are a bunch of mobile APP markets and people expect to download high-quality APPs from those markets. But the mobile markets probably involve the malicious APPs (i.e. malware), especially the Android APP markets [2]. Malwares contain the malicious codes that are likely to affect the integrity, confidentiality or functionality of APPs [3]. Malwares usually have seven characteristics, which are the forced installation, difficult uninstallation, browser hijacking, advertisement pop-up, malicious user information collection, malicious uninstallation and malicious bundling [4]. Cyber-criminals may use malwares to attack individuals and organisations, which can disrupt operating systems, invade computer networks, steal confidential data, collect personal information, hijack data, or encrypt sensitive data [5]. Such malicious behaviours seriously compromise user information and system security. Therefore, malware detection is an inevitable task.Researchers have developed several solutions to detect malwares for Android and there are three mainstream methodologies, that is, dynamic analysis, network traffic analysis andThis is an open access article under the terms of the Creative Commons Attribution-NonCommercial-NoDerivs License, which permits use and distribution in any medium, provided the original work is properly cited, the use is non-commercial...

show abstract

“…They had demonstrated that their system was efficient, produced accurate results in the presence of noisy data, detected subtle temporal anomalies and minimized false positives, and adaptable to statistical change in the data. Kishore et al [14] proposed an incremental malware detection model for meta-feature API and system call sequence. They used the N-HTM for generating the anomaly score of each element in the sequence of system and API calls.…”

Section: Related State-of-the-art Workmentioning

confidence: 99%

Decentralized Controller for Software Interconnected System Subject to Malicious Attacks

Kishore¹,

Barisal²,

Mohapatra³

2021

Position and Communication Papers of the 16th Conference on Computer Science and Intelligence Systems

Self Cite

View full text Add to dashboard Cite

This paper examines the decentralized controller for an interconnected software system subject to malicious attacks. The security of software interconnected systems (SIS) subject to malicious attacks is discussed using Event-Triggered Mechanism (ETM). We design a novel ETM with decentralized feedback for managing resources and keeping the system stable during attacks. We use Numenta-Hierarchical Temporal Memory (N-HTM) for monitoring the ETM values. In addition, numerical simulation of the service provider system is considered for illustrating our model's effectiveness. Experiments reveal that our model stabilizes the system after an average of 2s from the launch of the last attack. As a result, the average consumption of the resources is reduced by 70%.

show abstract

An incremental malware detection model for meta-feature API and system call sequence

Cited by 7 publications

References 30 publications

Risk-Based System-Call Sequence Grouping Method for Malware Intrusion Detection

Risk-Based System-Call Sequence Grouping Method for Malware Intrusion Detection

Android malware detection via efficient application programming interface call sequences extraction and machine learning classifiers

Decentralized Controller for Software Interconnected System Subject to Malicious Attacks

Contact Info

Product

Resources

About