Detection of malware applications from centrality measures of syscall graph

Surendran, R; Thomas, Tony

doi:10.1002/cpe.6835

Cited by 9 publications

(2 citation statements)

References 46 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Displays aggressive ads to the victim and sends device and personal information to the server. It is installed through the host application [15], [77].…”

Section: Kyviewmentioning

confidence: 99%

Maloid-DS: Labeled Dataset for Android Malware Forensics

Almomani,

Almashat,

El-Shafai

2024

IEEE Access

View full text Add to dashboard Cite

Billions of people globally use Android devices a . As such, these devices are highly targeted by security attackers. One of the most threatening attacks is to infect devices with malicious software (malware). Fortunately, there are various ways to counteract these attacks and prevent them. One of these methods is developing a comprehensive malware dataset that researchers can utilize for malware analysis, detection, prediction, and prevention systems. This paper introduces a unique, up-to-date, labeled Android malware dataset (Maloid-DS) comprising a comprehensive set of malware families that reached 345 families with 47,971 malware samples. First, we intensely studied existing datasets utilized by previous research works. These datasets are limited in (a) the number of studied families, (b) the number of samples under each family, (c) the number of new malware samples, (d) the proper categorization of the malware families, (e) the accurate mapping of the sample with its corresponding malware family, (f) providing well structuring of the malware families and subfamilies, and (g) presenting a profound description of each family behavior. All these limitations were seriously tackled by introducing Maloid-DS. The process of creating Maloid is detailed in this paper. Moreover, several case studies are demonstrated in this paper to show the value of Maloid and how different types of analysis systems and AI-based detection and prediction solutions could utilize it. While the full potential of Maloid-DS in real-world scenarios is subject to ongoing research and practical application, it represents a substantial contribution to the cybersecurity community, offering a broad and detailed foundation for protecting Android devices against malware threats.

show abstract

“…Displays aggressive ads to the victim and sends device and personal information to the server. It is installed through the host application [15], [77].…”

Section: Kyviewmentioning

confidence: 99%

Maloid-DS: Labeled Dataset for Android Malware Forensics

Almomani,

Almashat,

El-Shafai

2024

IEEE Access

View full text Add to dashboard Cite

show abstract

“…A wide variety of models are proposed by researchers for classification of malwares, and each of them varies in terms of qualitative & quantitative performance metrics. For instance, work in [1,2,3] proposes use of call graphs, system calls, and explainable Artificial Intelligence (AI) methods for improving classification & localization performance under real-time cyber physical systems. Similar models are discussed in [4,5,6 [10], and Metamorphic Malware detection via Genetic Algorithm (MMGA) [11] are discussed by researchers.…”

Section: Literature Reviewmentioning

confidence: 99%

ACMFNN: Design of an augmented convolutional model for intelligent cross-domain malware localization via forensic neural networks

Pateriya

Tomar

2022

Preprint

View full text Add to dashboard Cite

Classification of malwares from spatial & temporal data patterns requires efficient design of deep learning models. These models deploy methods for feature extraction, feature selection, classification & post-processing to perform this task. A wide variety of high-efficiency malware analysis models are proposed by researchers, and most of them are application-specific, thus cannot be scaled to multiple domains. Out of these, only a few of these models are targeted towards identification of malware locations. In order to improve malware detection scalability, and localization performance, this text proposes a novel augmented convolutional model (ACM) for intelligent cross-domain malware analysis via forensic neural networks (FNNs). The FNNs are designed as an integration of multiple augmented convolutional models, which include different optimizers & feature extraction units. In this design, each of these units are customized to improve their feature extraction & selection capabilities, which assists in improving classification performance. Results of classification are given to an ACM layer, which performs feature augmentation to localize malware positions in input data. The proposed model was evaluated on multiple malware datasets, including Electro RAT, Pegasus, SkyGoFree, Viking Horde, Bat Skull, Yesmile, Wirenet, Jigsaw, Satana, Tapaoux, etc. It was observed that the proposed model was able to classify these malwares with an average accuracy of 98.5%, which makes it useful for real-time malware analysis. The model was also able to achieve an average localization accuracy of 79.6% across these datasets, thereby assisting forensic experts to obtain an approximate estimate of malware locations in input data streams. This performance was compared with some of the recently proposed malware detection models, and it was observed that the proposed ACMFNN method has 8% better precision, 6.5% better recall, and 9.4% better classification accuracy when compared with these methods on the same dataset. Due to augmented convolutional model, it was observed that the proposed approach had 15% better localization accuracy, 19% better localization precision, and 14% better localization recall when compared with these methods. Thereby indicating that the propose model is applicable for a wide variety of malware detection & localization application deployments.

show abstract