Dynamic Malware Classification and API Categorisation of Windows Portable Executable Files Using Machine Learning

Syeda, Durre Zehra; Asghar, Mamoona Naveed

doi:10.3390/app14031015

Cited by 5 publications

(2 citation statements)

References 45 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Compared to our proposed method, which reduces data volume through compression for resourceconstrained environments, this ensemble learning method demands higher resources and lacks robust security measures to prevent the exploitation of malicious samples. Durre Zehra Syeda et al [31] conducted dynamic malware classification using API categorization of Windows Portable Executable files. They employed a dataset from MalwareBazaar, which included 582 malware samples and 438 normal files, and used six machine learning models, with Random Forest achieving the highest performance-96% accuracy and 98% AUC.…”

Section: Related Workmentioning

confidence: 99%

CSMC: A Secure and Efficient Visualized Malware Classification Method Inspired by Compressed Sensing

Wu,

Peng,

Zhu

et al. 2024

Sensors

View full text Add to dashboard Cite

With the rapid development of the Internet of Things (IoT), the sophistication and intelligence of sensors are continually evolving, playing increasingly important roles in smart homes, industrial automation, and remote healthcare. However, these intelligent sensors face many security threats, particularly from malware attacks. Identifying and classifying malware is crucial for preventing such attacks. As the number of sensors and their applications grow, malware targeting sensors proliferates. Processing massive malware samples is challenging due to limited bandwidth and resources in IoT environments. Therefore, compressing malware samples before transmission and classification can improve efficiency. Additionally, sharing malware samples between classification participants poses security risks, necessitating methods that prevent sample exploitation. Moreover, the complex network environments also necessitate robust classification methods. To address these challenges, this paper proposes CSMC (Compressed Sensing Malware Classification), an efficient malware classification method based on compressed sensing. This method compresses malware samples before sharing and classification, thus facilitating more effective sharing and processing. By introducing deep learning, the method can extract malware family features during compression, which classical methods cannot achieve. Furthermore, the irreversibility of the method enhances security by preventing classification participants from exploiting malware samples. Experimental results demonstrate that for malware targeting Windows and Android operating systems, CSMC outperforms many existing methods based on compressed sensing and machine or deep learning. Additionally, experiments on sample reconstruction and noise demonstrate CSMC’s capabilities in terms of security and robustness.

show abstract

Section: Related Workmentioning

confidence: 99%

CSMC: A Secure and Efficient Visualized Malware Classification Method Inspired by Compressed Sensing

Wu,

Peng,

Zhu

et al. 2024

Sensors

View full text Add to dashboard Cite

show abstract

“…Our initial evaluation found that the existing malware classification methods fail to extract and utilize salient features from the malware image. In addition to that, the state-of-the-art (SOTA) methods are developed primarily for desktop or server-class hardware [23,24]. Due to computational and optimization limitations, the existing malware detection works assume that malware detection should be performed on high-performance computing devices like servers via API [25,26].…”

Section: Introductionmentioning

confidence: 99%

Securing Edge Devices: Malware Classification with Dual-Attention Deep Network

Alandjani

2024

Applied Sciences

View full text Add to dashboard Cite

Detecting malware is a crucial defense mechanism against potential cyber-attacks. However, current methods illustrate significant limitations in achieving high performance while maintaining faster inference on edge devices. This study proposes a novel deep network with dual-attention feature refinement on a two-branch deep network to learn real-time malware detection on edge platforms. The proposed method introduces lightweight spatial-asymmetric attention for refining the extracted features of its backbone and multi-head attention to correlate learned features from the network branches. The experimental results show that the proposed method can significantly outperform existing methods in quantitative evaluation. In addition, this study also illustrates the practicability of a lightweight deep network on edge devices by optimizing and deploying the model directly on the actual edge hardware. The proposed optimization strategy achieves a frame rate of over 545 per second on low-power edge devices.

show abstract

Clop Ransomware in Action: A Comprehensive Analysis of Its Multi-Stage Tactics

Lee,

Ryu

et al. 2024

Electronics

View full text Add to dashboard Cite

Recently, Clop ransomware attacks targeting non-IT fields such as distribution, logistics, and manufacturing have been rapidly increasing. These advanced attacks are particularly concentrated on Active Directory (AD) servers, causing significant operational and financial disruption to the affected organizations. In this study, the multi-step behavior of Clop ransomware was deeply investigated to decipher the sequential techniques and strategies of attackers. One of the key insights uncovered is the vulnerability in AD administrator accounts, which are often used as a primary point of exploitation. This study aims to provide a comprehensive analysis that enables organizations to develop a deeper understanding of the multifaceted threats posed by Clop ransomware and to build more strategic and robust defenses against them.

show abstract

Dynamic Malware Classification and API Categorisation of Windows Portable Executable Files Using Machine Learning

Cited by 5 publications

References 45 publications

CSMC: A Secure and Efficient Visualized Malware Classification Method Inspired by Compressed Sensing

CSMC: A Secure and Efficient Visualized Malware Classification Method Inspired by Compressed Sensing

Securing Edge Devices: Malware Classification with Dual-Attention Deep Network

Clop Ransomware in Action: A Comprehensive Analysis of Its Multi-Stage Tactics

Contact Info

Product

Resources

About