Detecting Malware with Information Complexity

Alshahwan, Nadia; Barr, Earl T.; Clark, David; Danezis, George; Menéndez, Héctor D.

doi:10.3390/e22050575

Cited by 17 publications

(23 citation statements)

References 41 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There have been techniques in the literature that utilize compression-based distance metrics to analyze malicious pieces of code. The work from [1] is based on the notion of normalized information distance (NID) and employ this as a distinguishing feature for training the classifier on.…”

Section: Overview Of Malware Detectionmentioning

confidence: 99%

“…For this work, we tried the implementation of another benchmark detector based on the information theoretic approach for malware detection, similar to the ones used by [1]. We found the computational limitation of such an approach during the attempted implementation.…”

Section: A Related Workmentioning

confidence: 99%

“…Malware, or malicious software, is one of the primary threats in digital security. Large resources, both labour and monetary, are invested in anti-malware technologies to tackle this problem [1]. As the efficiency of the anti-malware technologies has improved, so has the sophistication, potency and domain of malware and their impact.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Malware Detection Using 1-Dimensional Convolutional Neural Networks

Sharma

Malacaria

Khouzani

2019

2019 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)

View full text Add to dashboard Cite

This work introduces a highly accurate and efficient malware detection system based on 1-dimensional convolutional neural networks. The system takes as input a binary file and classifies it as malicious or benign. There is minimal preprocessing of the binaries, with features discovery left to the network during training. A crucial difference with other convolutional neural networks (CNN) based approaches is the use of 1-dimensional convolutions; this methodological choice is shown to have significant positive consequences for the detector. In order to compare the detector with state-of-the-art techniques a TF-IDF based benchmark malware detector is also implemented: experiments show an improved accuracy of the proposed CNN detector while maintaining similar training times. The system is also compared, on a publicly available dataset of 11130 binaries, with an existing embedding based CNN detector. The proposed system outperforms, both in accuracy and training time the embedding based CNN.

show abstract

Section: Overview Of Malware Detectionmentioning

confidence: 99%

Section: A Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Malware Detection Using 1-Dimensional Convolutional Neural Networks

Sharma

Malacaria

Khouzani

2019

2019 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)

View full text Add to dashboard Cite

show abstract

“…The scalability to mount an attack on multiple institutions at once is not expensive compared to the reward. This leads to blackmail to companies/users, disclosure of files or credit card data in the web, or encryption of databases and files [ 9 , 12 , 33 , 34 , 35 , 36 , 37 ]. Identity/Authentication: With the exponential growth of wearables devices, users and devices will need to manage a new authentication mechanism to pair and interact with enhanced features, gathering information from the ECG (electrocardiogram) or similar, for example [ 38 , 39 , 40 , 41 , 42 ].…”

Section: Kolmogorov Complexity Application Scenariosmentioning

confidence: 99%

A Survey on Using Kolmogorov Complexity in Cybersecurity

Resende

Martins

Antunes

2019

Entropy

View full text Add to dashboard Cite

Security and privacy concerns are challenging the way users interact with devices. The number of devices connected to a home or enterprise network increases every day. Nowadays, the security of information systems is relevant as user information is constantly being shared and moving in the cloud; however, there are still many problems such as, unsecured web interfaces, weak authentication, insecure networks, lack of encryption, among others, that make services insecure. The software implementations that are currently deployed in companies should have updates and control, as cybersecurity threats increasingly appearing over time. There is already some research towards solutions and methods to predict new attacks or classify variants of previous known attacks, such as (algorithmic) information theory. This survey combines all relevant applications of this topic (also known as Kolmogorov Complexity) in the security and privacy domains. The use of Kolmogorov-based approaches is resource-focused without the need for specific knowledge of the topic under analysis. We have defined a taxonomy with already existing work to classify their different application areas and open up new research questions.

show abstract

“…However, their experimental results shown no better than 77% accuracy. Another compression based technique combined with machine learning by Alshahwan et al [3] where a random forest classifier was built using Normalized Compression Distance (NCD) and compressibility ratio features on binary files to detect malware.…”

Section: Metamorphic Malware Detectionmentioning

confidence: 99%

Nonnegative matrix factorization and metamorphic malware detection

Ling

Sani

Abdullah

et al. 2019

J Comput Virol Hack Tech

View full text Add to dashboard Cite

Metamorphic malware change their internal code structure by adopting code obfuscation technique while maintaining their malicious functionality during each infection. This causes change of their signature pattern across each infection and makes signature based detection particularly difficult. In this paper, through static analysis, we use similarity score from matrix factorization technique called Nonnegative Matrix Factorization for detecting challenging metamorphic malware. We apply this technique using structural compression ratio and entropy features and compare our results with previous eigenvector-based techniques. Experimental results from three malware datasets show this is a promising technique as the accuracy detection is more than 95%.

show abstract

Detecting Malware with Information Complexity

Cited by 17 publications

References 41 publications

Malware Detection Using 1-Dimensional Convolutional Neural Networks

Malware Detection Using 1-Dimensional Convolutional Neural Networks

A Survey on Using Kolmogorov Complexity in Cybersecurity

Nonnegative matrix factorization and metamorphic malware detection

Contact Info

Product

Resources

About