Deep-Hook: A trusted deep learning-based framework for unknown malware detection and classification in Linux cloud environments

Landman, Tom; Nissim, Nir

doi:10.1016/j.neunet.2021.09.019

Cited by 22 publications

(5 citation statements)

References 42 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The literature on techniques for detecting malicious software is very ample. One trend consists of the exploitation of machine learning techniques in order to identify malware components in both traditional [10] and cloud oriented platforms [11]. Compared to all these techniques, our solution is essentially orthogonal, since we focus on a low-level service for deferring (or hopefully avoiding) the check of a given virtual page content along time, which can be implemented also according to machine learning techniques exploiting some knowledge base on malicious executable-page signatures.…”

Section: Related Workmentioning

confidence: 99%

JITScanner: Just-in-Time Executable Page Check in the Linux Operating System

Caporaso,

Bianchi,

Quaglia

2024

Applied Sciences

View full text Add to dashboard Cite

Modern malware poses a severe threat to cybersecurity, continually evolving in sophistication. To combat this threat, researchers and security professionals continuously explore advanced techniques for malware detection and analysis. Dynamic analysis, a prevalent approach, offers advantages over static analysis by enabling observation of runtime behavior and detecting obfuscated or encrypted code used to evade detection. However, executing programs within a controlled environment can be resource-intensive, often necessitating compromises, such as limiting sandboxing to an initial period. In our article, we propose an alternative method for dynamic executable analysis: examining the presence of malicious signatures within executable virtual pages precisely when their current content, including any updates over time, is accessed for instruction fetching. Our solution, named JITScanner, is developed as a Linux-oriented package built upon a Loadable Kernel Module (LKM). It integrates a user-level component that communicates efficiently with the LKM using scalable multi-processor/core technology. JITScanner’s effectiveness in detecting malware programs and its minimal intrusion in normal runtime scenarios have been extensively tested, with the experiment results detailed in this article. These experiments affirm the viability of our approach, showcasing JITScanner’s capability to effectively identify malware while minimizing runtime overhead.

show abstract

Section: Related Workmentioning

confidence: 99%

JITScanner: Just-in-Time Executable Page Check in the Linux Operating System

Caporaso,

Bianchi,

Quaglia

2024

Applied Sciences

View full text Add to dashboard Cite

show abstract

“…The modular API is designed to seamlessly integrate a diverse array of machine learning models to enhance threat detection within a private cloud environment. The selected models, including random forest [28,29], support vector machines [28,30], neural networks [31,32], k-nearest neighbors [33,34], decision tree [35,36], stochastic gradient descent [37,38], naive Bayes [39,40], logistic regression [41,42], gradient boosting [41,[43][44][45] and AdaBoost [46], each bring unique capabilities to the framework. Random forest's robustness is rigorously assessed for identifying network anomalies, while support vector machines focus on precise threat identification with minimal false positives.…”

Section: Machine Learning Model Evaluationmentioning

confidence: 99%

Evaluation of the Omni-Secure Firewall System in a Private Cloud Environment

Mahmood,

Hasan,

Yahaya

et al. 2024

Knowledge

View full text Add to dashboard Cite

This research explores the optimization of firewall systems within private cloud environments, specifically focusing on a 30-day evaluation of the Omni-Secure Firewall. Employing a multi-metric approach, the study introduces an innovative effectiveness metric (E) that amalgamates precision, recall, and redundancy considerations. The evaluation spans various machine learning models, including random forest, support vector machines, neural networks, k-nearest neighbors, decision tree, stochastic gradient descent, naive Bayes, logistic regression, gradient boosting, and AdaBoost. Benchmarking against service level agreement (SLA) metrics showcases the Omni-Secure Firewall’s commendable performance in meeting predefined targets. Noteworthy metrics include acceptable availability, target response time, efficient incident resolution, robust event detection, a low false-positive rate, and zero data-loss incidents, enhancing the system’s reliability and security, as well as user satisfaction. Performance metrics such as prediction latency, CPU usage, and memory consumption further highlight the system’s functionality, efficiency, and scalability within private cloud environments. The introduction of the effectiveness metric (E) provides a holistic assessment based on organizational priorities, considering precision, recall, F1 score, throughput, mitigation time, rule latency, and redundancy. Evaluation across machine learning models reveals variations, with random forest and support vector machines exhibiting notably high accuracy and balanced precision and recall. In conclusion, while the Omni-Secure Firewall System demonstrates potential, inconsistencies across machine learning models underscore the need for optimization. The dynamic nature of private cloud environments necessitates continuous monitoring and adjustment of security systems to fully realize benefits while safeguarding sensitive data and applications. The significance of this study lies in providing insights into optimizing firewall systems for private cloud environments, offering a framework for holistic security assessment and emphasizing the need for robust, reliable firewall systems in the dynamic landscape of private clouds. Study limitations, including the need for real-world validation and exploration of advanced machine learning models, set the stage for future research directions.

show abstract

“…The presented method employs an attention based bidirectional long short term memory (Bi-LSTM) with fully connected (FC) layer for modelling normalcy of host in an operating enterprise scheme and detecting anomalous activities from a massive amount of ambient host logging information gathered from bare metal server. The researchers in [19] presented Deep-Hook, a trusted architecture for detecting unknown malware in Linux-based cloud environment. The memory dump is converted as to visual image that is investigated by a CNN based classification.…”

Section: Literature Reviewmentioning

confidence: 99%

“…Next to data pre-processing, the MFO algorithm is utilized for the effective choice of the features involved in it [19]. MFO algorithm was proposed by imitating the group behavior of MF, especially the mating behavior.…”

Section: Design Of Mfo Based Feature Selection Approachmentioning

confidence: 99%

Optimal Deep Belief Network Enabled Malware Detection and Classification Model

Chandran¹,

Rajini²,

Jeyakarthic³

2023

Intelligent Automation &Amp; Soft Computing

View full text Add to dashboard Cite

Cybercrime has increased considerably in recent times by creating new methods of stealing, changing, and destroying data in daily lives. Portable Document Format (PDF) has been traditionally utilized as a popular way of spreading malware. The recent advances of machine learning (ML) and deep learning (DL) models are utilized to detect and classify malware. With this motivation, this study focuses on the design of mayfly optimization with a deep belief network for PDF malware detection and classification (MFODBN-MDC) technique. The major intention of the MFODBN-MDC technique is for identifying and classifying the presence of malware exist in the PDFs. The proposed MFODBN-MDC method derives a new MFO algorithm for the optimal selection of feature subsets. In addition, Adamax optimizer with the DBN model is used for PDF malware detection and classification. The design of the MFO algorithm to select features and Adamax based hyperparameter tuning for PDF malware detection and classification demonstrates the novelty of the work. For demonstrating the improved outcomes of the MFODBN-MDC model, a wide range of simulations are executed, and the results are assessed in various aspects. The comparison study highlighted the enhanced outcomes of the MFODBN-MDC model over the existing techniques with maximum precision, recall, and F1 score of 97.42%, 97.33%, and 97.33%, respectively.

show abstract

Deep-Hook: A trusted deep learning-based framework for unknown malware detection and classification in Linux cloud environments

Cited by 22 publications

References 42 publications

JITScanner: Just-in-Time Executable Page Check in the Linux Operating System

JITScanner: Just-in-Time Executable Page Check in the Linux Operating System

Evaluation of the Omni-Secure Firewall System in a Private Cloud Environment

Optimal Deep Belief Network Enabled Malware Detection and Classification Model

Contact Info

Product

Resources

About