Ensemble-Based Classification Using Neural Networks and Machine Learning Models for Windows PE Malware Detection

Damaševičius, Robertas; Venčkauskas, Algimantas; Toldinas, Jevgenijus; Grigaliūnas, Šarūnas

doi:10.3390/electronics10040485

Cited by 68 publications

(46 citation statements)

References 55 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As a result, causing tremendous havoc to governments, businesses, and even individuals [5]. For instance, the authors of [6] fascinatingly present a summary of various cyber-attacks and their consequences. Firstly, the paper highlights the forecast of six trillion US dollars of cyber-crimes by 2021 and the various global cutting-edge cyber-crimes that could lead to the loss of one billion US dollars globally.…”

Section: Introductionmentioning

confidence: 99%

Feature Selection and Ensemble-Based Intrusion Detection System: An Efficient and Comprehensive Approach

Jaw

Wang

2021

Symmetry

View full text Add to dashboard Cite

The emergence of ground-breaking technologies such as artificial intelligence, cloud computing, big data powered by the Internet, and its highly valued real-world applications consisting of symmetric and asymmetric data distributions, has significantly changed our lives in many positive aspects. However, it equally comes with the current catastrophic daily escalating cyberattacks. Thus, raising the need for researchers to harness the innovative strengths of machine learning to design and implement intrusion detection systems (IDSs) to help mitigate these unfortunate cyber threats. Nevertheless, trustworthy and effective IDSs is a challenge due to low accuracy engendered by vast, irrelevant, and redundant features; inept detection of all types of novel attacks by individual machine learning classifiers; costly and faulty use of labeled training datasets cum significant false alarm rates (FAR) and the excessive model building and testing time. Therefore, this paper proposed a promising hybrid feature selection (HFS) with an ensemble classifier, which efficiently selects relevant features and provides consistent attack classification. Initially, we harness the various strengths of CfsSubsetEval, genetic search, and a rule-based engine to effectively select subsets of features with high correlation, which considerably reduced the model complexity and enhanced the generalization of learning algorithms, both of which are symmetry learning attributes. Moreover, using a voting method and average of probabilities, we present an ensemble classifier that used K-means, One-Class SVM, DBSCAN, and Expectation-Maximization, abbreviated (KODE) as an enhanced classifier that consistently classifies the asymmetric probability distributions between malicious and normal instances. HFS-KODE achieves remarkable results using 10-fold cross-validation, CIC-IDS2017, NSL-KDD, and UNSW-NB15 datasets and various metrics. For example, it outclassed all the selected individual classification methods, cutting-edge feature selection, and some current IDSs techniques with an excellent performance accuracy of 99.99%, 99.73%, and 99.997%, and a detection rate of 99.75%, 96.64%, and 99.93% for CIC-IDS2017, NSL-KDD, and UNSW-NB15, respectively based on only 11, 8, 13 selected relevant features from the above datasets. Finally, considering the drastically reduced FAR and time, coupled with no need for labeled datasets, it is self-evident that HFS-KODE proves to have a remarkable performance compared to many current approaches.

show abstract

Section: Introductionmentioning

confidence: 99%

Feature Selection and Ensemble-Based Intrusion Detection System: An Efficient and Comprehensive Approach

Jaw

Wang

2021

Symmetry

View full text Add to dashboard Cite

show abstract

“…They also did not include decision-tree-pruning methods or optimal feature selection strategies. The authors in [49] proposed ensemble-based classification using stacked ensemble of dense, convolutional neural networks (CNN), and a meta-learner for malware detection in Windows Portable Executable (WinPE) small operating system. They used Classification of Malware with PE headers (ClaMP) dataset for this type of malware detection.…”

Section: Related Work For Cse-cic-ids2018 Datasetmentioning

confidence: 99%

Machine-Learning-Enabled Intrusion Detection System for Cellular Connected UAV Networks

et al. 2021

View full text Add to dashboard Cite

The recent development and adoption of unmanned aerial vehicles (UAVs) is due to its wide variety of applications in public and private sector from parcel delivery to wildlife conservation. The integration of UAVs, 5G, and satellite technologies has prompted telecommunication networks to evolve to provide higher-quality and more stable service to remote areas. However, security concerns with UAVs are growing as UAV nodes are becoming attractive targets for cyberattacks due to enormously growing volumes and poor and weak inbuilt security. In this paper, we propose a UAV- and satellite-based 5G-network security model that can harness machine learning to effectively detect of vulnerabilities and cyberattacks. The solution is divided into two main parts: the model creation for intrusion detection using various machine learning (ML) algorithms and the implementation of ML-based model into terrestrial or satellite gateways. The system identifies various attack types using realistic CSE-CIC IDS-2018 network datasets published by Canadian Establishment for Cybersecurity (CIC). It consists of seven different types of new and contemporary attack types. This paper demonstrates that ML algorithms can be used to classify benign or malicious packets in UAV networks to enhance security. Finally, the tested ML algorithms are compared for effectiveness in terms of accuracy rate, precision, recall, F1-score, and false-negative rate. The decision tree algorithm performed well by obtaining a maximum accuracy rate of 99.99% and a minimum false negative rate of 0% in detecting various attacks as compared to all other types of ML classifiers.

show abstract

“…[11] propose a feature fusion method, which uses both AlexNet and Inception-v3, and this method allows the model to extract different features from different aspects. [12] uses full connectivity and CNN for stacked ensembles. The stacked ensemble of these two different models is an effective method for complex traffic files.…”

Section: Related Workmentioning

confidence: 99%

A Hybrid Analysis-Based Approach to Android Malware Family Classification

Ding

Luktarhan

et al. 2021

Entropy

View full text Add to dashboard Cite

With the popularity of Android, malware detection and family classification have also become a research focus. Many excellent methods have been proposed by previous authors, but static and dynamic analyses inevitably require complex processes. A hybrid analysis method for detecting Android malware and classifying malware families is presented in this paper, and is partially optimized for multiple-feature data. For static analysis, we use permissions and intent as static features and use three feature selection methods to form a subset of three candidate features. Compared with various models, including k-nearest neighbors and random forest, random forest is the best, with a detection rate of 95.04%, while the chi-square test is the best feature selection method. After using feature selection to explore the critical static features contained in this dataset, we analyzed a subset of important features to gain more insight into the malware. In a dynamic analysis based on network traffic, unlike those that focus on a one-way flow of traffic and work on HTTP protocols and transport layer protocols, we focused on sessions and retained all protocol layers.he Res7LSTM model is then used to further classify the malicious and partially benign samples detected in the static detection. The experimental results show that our approach can not only work with fewer static features and guarantee sufficient accuracy, but also improve the detection rate of Android malware family classification from 71.48% in previous work to 99% when cutting the traffic in terms of the sessions and protocols of all layers.

show abstract

Ensemble-Based Classification Using Neural Networks and Machine Learning Models for Windows PE Malware Detection

Cited by 68 publications

References 55 publications

Feature Selection and Ensemble-Based Intrusion Detection System: An Efficient and Comprehensive Approach

Feature Selection and Ensemble-Based Intrusion Detection System: An Efficient and Comprehensive Approach

Machine-Learning-Enabled Intrusion Detection System for Cellular Connected UAV Networks

A Hybrid Analysis-Based Approach to Android Malware Family Classification

Contact Info

Product

Resources

About