Machine Learning in Wavelet Domain for Electromagnetic Emission Based Malware Analysis

Chawla, Nikhil; Kumar, Harshit; Mukhopadhyay, Saibal

doi:10.1109/tifs.2021.3080510

Cited by 18 publications

(9 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The variance can be reduced by extracting a random bootstrap sample multiple times using bootstrap. The average of the extracted items is called bagging [7].…”

Section: Random Forest (Rf)mentioning

confidence: 99%

Malicious File Detection Method Using Machine Learning and Interworking with MITRE ATT&CK Framework

et al. 2022

View full text Add to dashboard Cite

With advances in cyber threats and increased intelligence, incidents continue to occur related to new ways of using new technologies. In addition, as intelligent and advanced cyberattack technologies gradually increase, the limit of inefficient malicious code detection and analysis has been reached, and inaccurate detection rates for unknown malicious codes are increasing. Thus, this study used a machine learning algorithm to achieve a malicious file detection accuracy of more than 99%, along with a method for visualizing data for the detection of malicious files using the dynamic-analysis-based MITRE ATT&CK framework. The PE malware dataset was classified into Random Forest, Adaboost, and Gradient Boosting models. These models achieved accuracies of 99.3%, 98.4%, and 98.8%, respectively, and malicious file analysis results were derived through visualization by applying the MITRE ATT&CK matrix.

show abstract

“…The variance can be reduced by extracting a random bootstrap sample multiple times using bootstrap. The average of the extracted items is called bagging [7].…”

Section: Random Forest (Rf)mentioning

confidence: 99%

Malicious File Detection Method Using Machine Learning and Interworking with MITRE ATT&CK Framework

et al. 2022

View full text Add to dashboard Cite

show abstract

“…They are highly accurate, but require large delays due to high computational complexity during malware analysis. A unique model that uses Electromagnetic Emission from devices for identification of malwares is proposed in [12], where researchers have showcased that execution of malwares results into high computational usage, which can be used as a feature vector for detecting & localization of code-based that are malicious & disrupt normal working flows. Extensions to such models are discussed in [13,14,15], wherein researchers have proposed use of Histogram Entropy Representation with Decision Tree (DT), Random Forest (RF), eXtended Gradient Boost (XGBoost), & CNN, along with Strings-Based Similarity Analysis Model (SSAM), and enhanced DNN (eDNN) for Adversarial Malware detection with real-time input sets.…”

Section: Literature Reviewmentioning

confidence: 99%

ACMFNN: Design of an augmented convolutional model for intelligent cross-domain malware localization via forensic neural networks

Pateriya

Tomar

2022

Preprint

View full text Add to dashboard Cite

Classification of malwares from spatial & temporal data patterns requires efficient design of deep learning models. These models deploy methods for feature extraction, feature selection, classification & post-processing to perform this task. A wide variety of high-efficiency malware analysis models are proposed by researchers, and most of them are application-specific, thus cannot be scaled to multiple domains. Out of these, only a few of these models are targeted towards identification of malware locations. In order to improve malware detection scalability, and localization performance, this text proposes a novel augmented convolutional model (ACM) for intelligent cross-domain malware analysis via forensic neural networks (FNNs). The FNNs are designed as an integration of multiple augmented convolutional models, which include different optimizers & feature extraction units. In this design, each of these units are customized to improve their feature extraction & selection capabilities, which assists in improving classification performance. Results of classification are given to an ACM layer, which performs feature augmentation to localize malware positions in input data. The proposed model was evaluated on multiple malware datasets, including Electro RAT, Pegasus, SkyGoFree, Viking Horde, Bat Skull, Yesmile, Wirenet, Jigsaw, Satana, Tapaoux, etc. It was observed that the proposed model was able to classify these malwares with an average accuracy of 98.5%, which makes it useful for real-time malware analysis. The model was also able to achieve an average localization accuracy of 79.6% across these datasets, thereby assisting forensic experts to obtain an approximate estimate of malware locations in input data streams. This performance was compared with some of the recently proposed malware detection models, and it was observed that the proposed ACMFNN method has 8% better precision, 6.5% better recall, and 9.4% better classification accuracy when compared with these methods on the same dataset. Due to augmented convolutional model, it was observed that the proposed approach had 15% better localization accuracy, 19% better localization precision, and 14% better localization recall when compared with these methods. Thereby indicating that the propose model is applicable for a wide variety of malware detection & localization application deployments.

show abstract

“…By monitoring the frequency of system calls, the machine learning model classifies the malwares and genuine tools. An Electromagnetic Emission Based Malware Analysis model is presented in [13], which uses Discrete Wavelet Transform (DWT) in extracting the features from spectrograms traces. Extracted features are used in generating fine grained patterns to identify the malware family.…”

Section: Related Workmentioning

confidence: 99%

An Adaptive-Feature Centric XGBoost Ensemble Classifier Model for Improved Malware Detection and Classification

Pavithra¹,

Selvakumarasamy²

2022

Journal of Cyber Security

View full text Add to dashboard Cite

Machine learning (ML) is often used to solve the problem of malware detection and classification, and various machine learning approaches are adapted to the problem of malware classification; still acquiring poor performance by the way of feature selection, and classification. To address the problem, an efficient novel algorithm for adaptive feature-centered XG Boost Ensemble Learner Classifier "AFC-XG Boost" is presented in this paper. The proposed model has been designed to handle varying data sets of malware detection obtained from Kaggle data set. The model turns the XG Boost classifier in several stages to optimize performance. At preprocessing stage, the data set given has been noise removed, normalized and tamper removed using Feature Base Optimizer "FBO" algorithm. The FBO would normalize the data points, as well as perform noise removal according to the feature values and their base information. Similarly, the performance of standard XG Boost has been optimized by adapting the selection using Class Based Principle Component Analysis "CBPCA" algorithm, which performs the selection according to the fitness of any feature for different classes. Based on the selected features, the method generates a regression tree for each feature considered. Based on the generated trees, the method performs classification by computing the tree-level ensemble similarity 'TLES' and the class-level ensemble similarity 'CLES'. Using both methods calculates the value of the class match similarity 'CMS' based on which the malware has been classified. The proposed approach achieves 97% accuracy in malware detection and classification with the less time complexity of 34 s for 75000 samples.

show abstract

Machine Learning in Wavelet Domain for Electromagnetic Emission Based Malware Analysis

Cited by 18 publications

References 34 publications

Malicious File Detection Method Using Machine Learning and Interworking with MITRE ATT&CK Framework

Malicious File Detection Method Using Machine Learning and Interworking with MITRE ATT&CK Framework

ACMFNN: Design of an augmented convolutional model for intelligent cross-domain malware localization via forensic neural networks

An Adaptive-Feature Centric XGBoost Ensemble Classifier Model for Improved Malware Detection and Classification

Contact Info

Product

Resources

About