SeqNet: An Efficient Neural Network for Automatic Malware Detection

Xu, Jianguo; Fu, Wenxuan; Bu, Haoyu; Wang, Zhi; Liu, Ying

doi:10.48550/arxiv.2205.03850

Cited by 3 publications

(4 citation statements)

References 28 publications

(38 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Recently, motivated by the recent successes in image classification domain, there has been a tendency to represent the raw malware file as a 2D image [16]- [19]. For instance, Xu et al propose the SeqNet architecture [20] which transforms the input malware into an image by introducing techniques to minimize resampling and edge losses during this conversion. Bensaud et al [21] consider malware file as a 2D image with pixel intensities byte values and learn the class of image with well-known networks such as Inception, VGG16, Resnet50.…”

Section: Related Workmentioning

confidence: 99%

TRConv: Multi-Platform Malware Classification via Target Regulated Convolutions

Egitmen,

Gokhan Yavuz,

Yavuz

2024

IEEE Access

View full text Add to dashboard Cite

Malware is an important threat to digital workflow. Traditional malware modeling approaches focused on using hand-crafted features while recent approaches proved the necessity of using learning based methodologies. In this paper, we propose a novel opcode based methodology that additionally learns multiple behavioral target variables to effectively regulate and guide the static malware classification. Our methodology shows that introduction of previously extracted malware behavior-related target variables immediately improve binary malware classification performance in both Android and Windows platforms. The contributions of our methodology has been extensively validated on ArgusAMD and MOTIF dataset. Mean classification accuracy and F1 scores suggest that our model is robust against random opcode injection attacks compared to other convolution based architectures.INDEX TERMS Convolutional network, opcode length, malware and benign, malware behaviour analysis I. INTRODUCTION

show abstract

Section: Related Workmentioning

confidence: 99%

TRConv: Multi-Platform Malware Classification via Target Regulated Convolutions

Egitmen,

Gokhan Yavuz,

Yavuz

2024

IEEE Access

View full text Add to dashboard Cite

show abstract

“…However, since the malware is different from the image, the contextual information confusion of the malware binary may occur while visualizing it as an image. The three examples below are typical examples of contextual information confusion that can occur while converting malware into images [22].…”

Section: Malware Data Augmentationmentioning

confidence: 99%

“…Malware belonged in a specific malware family has distinguishable characteristics of malicious actions. Therefore, in order to detect malware faster and more accurately, a lot of research on malware analysis and detection based on deep learning algorithms was conducted [10][11][12][13][14][15][16][17][18][19][20][21][22]. To effectively analyze/classify the rapidly increasing number of malware, it is more effective to classify malware in detail by family or behavior than to classify benign/malicious [12,23].…”

Section: Introductionmentioning

confidence: 99%

Augmenting Android Malware Using Conditional Variational Autoencoder for the Malware Family Classification

Ban¹,

Yi²,

Cho³

2023

Computer Systems Science and Engineering

View full text Add to dashboard Cite

Android malware has evolved in various forms such as adware that continuously exposes advertisements, banking malware designed to access users' online banking accounts, and Short Message Service (SMS) malware that uses a Command & Control (C&C) server to send malicious SMS, intercept SMS, and steal data. By using many malicious strategies, the number of malware is steadily increasing. Increasing Android malware threats numerous users, and thus, it is necessary to detect malware quickly and accurately. Each malware has distinguishable characteristics based on its actions. Therefore, security researchers have tried to categorize malware based on their behaviors by conducting the familial analysis which can help analysists to reduce the time and cost for analyzing malware. However, those studies algorithms typically used imbalanced, well-labeled open-source dataset, and thus, it is very difficult to classify some malware families which only have a few number of malware. To overcome this challenge, previous data augmentation studies augmented data by visualizing malicious codes and used them for malware analysis. However, visualization of malware can result in misclassifications because the behavior information of the malware could be compromised. In this study, we propose an android malware familial analysis system based on a data augmentation method that preserves malware behaviors to create an effective multi-class classifier for malware family analysis. To this end, we analyze malware and use Application Programming Interface (APIs) and permissions that can reflect the behavior of malware as features. By using these features, we augment malware dataset to enable effective malware detection while preserving original malicious behaviors. Our evaluation results demonstrate that, when a model is created by using only the augmented data, a macro-F1 score of 0.65 and accuracy of 0.63%. On the other hand, when the augmented data and original malware are used together, the evaluation results show that a macro-F1 score of 0.91 and an accuracy of 0.99%.

show abstract

“…Furthermore, they frequently fail to keep up with the quickly expanding malware field as new and unknown malware types emerge on a regular basis [13]. As a result, there is an increasing demand for more effective and efficient malware detection classification techniques that are capable of adapting to new and unexpected malware threats [14], and [15]. We describe a novel technique for Android malware intrusion classification based on zero-shot learning with Generative Adversarial Networks (GANs) in this study.…”

Section: Introductionmentioning

confidence: 99%

A Novel Approach to Android Malware Intrusion Detection Using Zero-Shot Learning GANs

Shirazi,

Shaikh

2024

SSURJET

View full text Add to dashboard Cite

This study proposes an innovative intrusion detection system for Android malware based on a zero-shot learning GAN approach. Our system achieved an accuracy of 99.99%, indicating that this approach can be highly effective for identifying intrusion events. The proposed approach is particularly valuable for analyzing complex datasets such as those involving Android malware. The results of this study demonstrate the potential of this method for improving the accuracy and efficiency of intrusion detection systems in real-world scenarios. Future work could involve exploring alternative feature selection techniques and evaluating the performance of other machine learning classifiers on larger datasets to further enhance the accuracy of intrusion detection systems. The study highlights the importance of adopting advanced machine learning techniques such as zero-shot learning GANs to enhance the effectiveness of intrusion detection systems in cybersecurity. The proposed system presents a significant contribution to the field of intrusion detection, providing an effective solution for detecting malicious activities in Android malware, which can improve the security of mobile devices.

show abstract

SeqNet: An Efficient Neural Network for Automatic Malware Detection

Cited by 3 publications

References 28 publications

TRConv: Multi-Platform Malware Classification via Target Regulated Convolutions

TRConv: Multi-Platform Malware Classification via Target Regulated Convolutions

Augmenting Android Malware Using Conditional Variational Autoencoder for the Malware Family Classification

A Novel Approach to Android Malware Intrusion Detection Using Zero-Shot Learning GANs

Contact Info

Product

Resources

About