Malicious Code Detection Using Penalized Splines on OPcode Frequency

Alazab, Mamoun; Kadiri, Mohammad Al; Venkatraman, Sitalakshmi; Al-Nemrat, Ameer

doi:10.1109/ctc.2012.15

Cited by 6 publications

(5 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In another related work, opcode sequences are converted into RGB pixels in an image matrix and the similarity of image matrices is computed [49]. Our approach is different in two ways based on enhancements with previous work [18,19]. Firstly, we make use of a huge dataset of about 52,000 malware samples for our study while the previous work experiments with only 290 malware samples with 16 families.…”

Section: Proposed Methods Using Similarity Miningmentioning

confidence: 99%

“…Similarity based detection is well-suited for static metamorphic and polymorphic malware analysis since new malware programs are generated as variants of existing ones to achieve zeroday attacks. In previous research studies, API calls have been analysed as well as how they could be used to profile malware [18][19][20]. In this study, we enhance the recent research work [50] in terms of addition of visualisation features.…”

Section: Cosine Distance the Cosine Distance Computed Between Two N-mentioning

confidence: 99%

“…Recent studies have also used various data mining techniques for permission usage analysis in mobile applications and the results show that SVM classifier could achieve over 90% accuracy [17]. Overall, several features, from high-level such as API calls or even relevant permissions as well as low-level opcode for n-grams based malware detection, have been explored in previous studies [18][19][20]. In this work, we have adopted machine learning and similarity mining approaches that have been effectively applied to both static and dynamic malware detection with visualisation as the main focus.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Use of Data Visualisation for Zero-Day Malware Detection

Venkatraman¹,

Alazab

2018

Security and Communication Networks

Self Cite

114

View full text Add to dashboard Cite

With the explosion of Internet of Things (IoT) worldwide, there is an increasing threat from malicious software (malware) attackers that calls for efficient monitoring of vulnerable systems. Large amounts of data collected from computer networks, servers, and mobile devices need to be analysed for malware proliferation. Effective analysis methods are needed to match with the scale and complexity of such a data-intensive environment. In today’s Big Data contexts, visualisation techniques can support malware analysts going through the time-consuming process of analysing suspicious activities thoroughly. This paper takes a step further in contributing to the evolving realm of visualisation techniques used in the information security field. The aim of the paper is twofold: (1) to provide a comprehensive overview of the existing visualisation techniques for detecting suspicious behaviour of systems and (2) to design a novel visualisation using similarity matrix method for establishing malware classification accurately. The prime motivation of our proposal is to identify obfuscated malware using visualisation of the extended x86 IA-32 (opcode) similarity patterns, which are hard to detect with the existing approaches. Our approach uses hybrid models wherein static and dynamic malware analysis techniques are combined effectively along with visualisation of similarity matrices in order to detect and classify zero-day malware efficiently. Overall, the high accuracy of classification achieved with our proposed method can be visually observed since different malware families exhibit significantly dissimilar behaviour patterns.

show abstract

Section: Proposed Methods Using Similarity Miningmentioning

confidence: 99%

Section: Cosine Distance the Cosine Distance Computed Between Two N-mentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Use of Data Visualisation for Zero-Day Malware Detection

Venkatraman¹,

Alazab

2018

Security and Communication Networks

Self Cite

114

View full text Add to dashboard Cite

show abstract

“…Because we acquired statistical data through static analysis for the detection and classification of malware, this information was used as features in machine learning. Many features extracted by static methods, such as byte sequence [31], strings [31,43], DLL [31], n-gram [35], grayscale images [38], control flow graph (CFG) [39], function length frequency [40], PE header [41,42], mnemonics [49,50], API call [51][52][53][54], and opcode [8,[44][45][46][47], have typically been leveraged to detect and classify malware using machine learning. We select opcode as a core feature to distinguish malware from benign samples during execution.…”

Section: Machine Learning-based Analysismentioning

confidence: 99%

Machine Learning Framework to Analyze IoT Malware Using ELF and Opcode Features

et al. 2020

View full text Add to dashboard Cite

Threats to devices that are part of the Internet of Things (IoT) are on the rise. Owing to the overwhelming diversity of IoT hardware and software, as well as its variants, conventional anti-virus techniques based on the Windows paradigm cannot be applied directly to counter threats to the IoT devices. In this article, we propose a framework that can efficiently analyze IoT malware in a wide range of environments. It consists of a universal feature representation obtained by static analysis of the malware and a machine learning scheme that first detects the malware and then classifies it into a known category. The framework was evaluated by applying it to a recently developed dataset consisting of more than 6,000 IoT malware samples collected from the HoneyPot project. The results show that the proposed method can obtain near-optimal accuracy in terms of the detection and classification of malware targeting IoT devices. CCS Concepts: • Security and privacy → Software reverse engineering; Malware and its mitigation;

show abstract

“…A recent exposition by VERIZON [8] stated that '· · · if you know how malware gets on systems and what it tends to do, you're in a good position to make informed decisions about protecting the enterprise. Hence, However, presently computer crimes is recorded as growing exponentially globally [9]. Malware investigators still adopt a manual approach in tackling this crimes, which is time consuming and sometimes inconclusive [10].…”

Section: Introductionmentioning

confidence: 99%

Analysis of Malware Behaviour: Using Data Mining Clustering Techniques to Support Forensics Investigation

Edem¹,

Benzaid

Al-Nemrat³

et al. 2014

2014 Fifth Cybercrime and Trustworthy Computing Conference

Self Cite

View full text Add to dashboard Cite

The proliferation of malware in recent times have accounted for the increase in computer crimes and prompted for a more aggressive research into improved investigative strategies, to keep up with the menace. Recent techniques and tools that have been developed and adopted to keep up in an arms race with malware authors who have resorted to the use of evasive techniques to avoid analysis during investigation is an on-going concern. Exploring dynamic analysis is unarguably, a positive step to supporting static evidence with malware dynamic behaviour logs. In view of this, analysing this huge generated reports raises concerns about speed, accuracy and performance.This research proposes an Automated Malware Investigative Framework Model, a component based approach that is designed to support investigation by integrating both malware analysis and data mining clustering techniques as part of an effort to solve the problem of overly generated reports. Thus, grouping analysed suspicious samples that exhibit similar behavioural features to make investigation easy and more intuitive. The focus of this paper however, is on implementing sub-components of the framework that directly deals with the problem at hand.

show abstract

Malicious Code Detection Using Penalized Splines on OPcode Frequency

Cited by 6 publications

References 28 publications

Use of Data Visualisation for Zero-Day Malware Detection

Use of Data Visualisation for Zero-Day Malware Detection

Machine Learning Framework to Analyze IoT Malware Using ELF and Opcode Features

Analysis of Malware Behaviour: Using Data Mining Clustering Techniques to Support Forensics Investigation

Contact Info

Product

Resources

About