Classification of Malware Families Based on Runtime Behaviour

Geden, Munir; Happa, Jassim

doi:10.1007/978-3-030-01689-0_3

Cited by 4 publications

(2 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The traditional malware classification is mostly based on the host behavior of malware [19]- [21], for example, API-call sequences or created processes. On the basis of these features, the classification methods are constantly updated.…”

Section: Related Work a Malware Analysis-based Methodsmentioning

confidence: 99%

A Distance-Based Method for Building an Encrypted Malware Traffic Identification Framework

et al. 2019

View full text Add to dashboard Cite

The popularity of encryption method brings a great challenge to malware traffic identification. Traditional classes defined by expert experience are usually classified based on the host behaviors of malware, such as banking malware or ransomware, which are often irrelevant to its communication traffic behaviors. It leads to the fact that the boundaries of traffic feature dataset of different malware classes are fuzzy and make these traditional classes unhelpful for classification based on traffic features. Meanwhile, traditional machine learning-based encrypted malware traffic identification methods, such as using the multi-classification supervised learning model, are inefficient both in model training and detection, and its detection accuracy cannot meet the demand. In this paper, we propose a distance-based method, which utilizes unsupervised learning algorithm Gaussian mixture model (GMM) and ordering points to identify the clustering structure (OPTICS) to calculate the Distance between malwares and make use of the Distance to define the new malware class called FClass. Then, a set of models are trained by XGBoost algorithm to build an identification framework based on the FClass. The performance of the proposed method has been evaluated by comparing it with the other four methods. The results show that the proposed distance-based method is more efficient and accurate.

show abstract

Section: Related Work a Malware Analysis-based Methodsmentioning

confidence: 99%

A Distance-Based Method for Building an Encrypted Malware Traffic Identification Framework

et al. 2019

View full text Add to dashboard Cite

show abstract

“…Geden Happa (2018) in [32] conducted an experiment to classify particular malware into malware families from the outcomes of dynamic behaviour analysis. For their experiment, they established an automated dynamic malware analysis platform with the help of the Cuckoo tool.…”

Section: Related Work and Backgroundmentioning

confidence: 99%

A Short Survey on Malware Behavioural Features Collection from AgTech Environments

Aras¹

2023

Preprint

View full text Add to dashboard Cite

<p>Agriculture is considered one of the most critical domains for human beings. Currently, agriculture and supply chain businesses are becoming increasingly reliant on technology and interconnectivity. However, this inevitable necessity also brings about potential risks. Due to the widespread use of new technologies to improve productivity in agriculture, cybersecurity risks have inevitably emerged. To proactively mitigate the risks related to cybersecurity, it is important to understand the attack vectors, such as malware. Thus, malware analysis is indispensable for understanding the characteristics and behaviors of malware and developing defense strategies against malicious attacks based on data collected from the results.In the literature, two different techniques have been widely used to analyze malware: Static Analysis and Dynamic Analysis. While Static Analysis aims to investigate the structure of the malicious software at a low level, Dynamic Analysis focuses on the behavior of the malware when it is being executed. As executing malware may harm the host system, an isolated environment should be established for Dynamic Analysis.This study focuses on Malware Analysis in terms of the dynamic analysis approach. Additionally, an isolated, automated dynamic analysis platform was developed, and analysis was implemented in a virtual environment using Cuckoo and VirtualBox to collect data from analyzing various malware behaviors. This data can be used to create a partial test dataset that may contribute to developing defense strategies against malware. </p>

show abstract

Discovering Future Malware Variants By Generating New Malware Samples Using Generative Adversarial Network

Moti

Hashemi

Namavar

2019

2019 9th International Conference on Computer and Knowledge Engineering (ICCKE)

View full text Add to dashboard Cite

Classification of Malware Families Based on Runtime Behaviour

Cited by 4 publications

References 22 publications

A Distance-Based Method for Building an Encrypted Malware Traffic Identification Framework

A Distance-Based Method for Building an Encrypted Malware Traffic Identification Framework

A Short Survey on Malware Behavioural Features Collection from AgTech Environments

Discovering Future Malware Variants By Generating New Malware Samples Using Generative Adversarial Network

Contact Info

Product

Resources

About