Tight Arms Race: Overview of Current Malware Threats and Trends in Their Detection

Caviglione, Luca; Choraś, Michał; Corona, Igino; Janicki, Artur; Mazurczyk, Wojciech; Pawlicki, Marek; Wasielewska, Katarzyna

doi:10.1109/access.2020.3048319

Cited by 92 publications

(56 citation statements)

References 164 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The choice of these algorithms was dictated by the following factors: Random Forest has been proven in multiple studies on network attacks; its performance was always high [ 4 ], and results were satisfactory, and the authors have found promising results from the utilization of this algorithm in earlier work [ 54 , 55 ]. The Gradient Boosted Trees (GBT) algorithm combines the advantages of RandomForest with the added benefit of gradient utilization.…”

Section: Experiments and Resultsmentioning

confidence: 99%

See 1 more Smart Citation

The Proposition and Evaluation of the RoEduNet-SIMARGL2021 Network Intrusion Detection Dataset

Mihailescu

Mihai

Carabaș

et al. 2021

Sensors

Self Cite

View full text Add to dashboard Cite

Cybersecurity is an arms race, with both the security and the adversaries attempting to outsmart one another, coming up with new attacks, new ways to defend against those attacks, and again with new ways to circumvent those defences. This situation creates a constant need for novel, realistic cybersecurity datasets. This paper introduces the effects of using machine-learning-based intrusion detection methods in network traffic coming from a real-life architecture. The main contribution of this work is a dataset coming from a real-world, academic network. Real-life traffic was collected and, after performing a series of attacks, a dataset was assembled. The dataset contains 44 network features and an unbalanced distribution of classes. In this work, the capability of the dataset for formulating machine-learning-based models was experimentally evaluated. To investigate the stability of the obtained models, cross-validation was performed, and an array of detection metrics were reported. The gathered dataset is part of an effort to bring security against novel cyberthreats and was completed in the SIMARGL project.

show abstract

Section: Experiments and Resultsmentioning

confidence: 99%

“…One of the mechanisms at the forefront of attack detection are Intrusion Detection Systems (IDS). The constant evolution of malware drives further development of IDS [ 4 ]. One of the most important aspects of state-of-the-art IDS comes with the utilization of the machine-learning (ML) technologies.…”

Section: Introductionmentioning

confidence: 99%

The Proposition and Evaluation of the RoEduNet-SIMARGL2021 Network Intrusion Detection Dataset

Mihailescu

Mihai

Carabaș

et al. 2021

Sensors

Self Cite

View full text Add to dashboard Cite

show abstract

“…Caviglione et al [108] aimed at providing a bird's eye view of the development trends such as bio-inspired learning, transfer learning, and federated learning, and issues covering sophisticated techniques like information hiding and fileless malware. They also provided a meta-review over the existing malware detection-based surveys.…”

Section: A Surveys On Iot Malware Threat Huntingmentioning

confidence: 99%

A Survey on Cross-Architectural IoT Malware Threat Hunting

et al. 2021

View full text Add to dashboard Cite

In recent years, the increase in non-Windows malware threats had turned the focus of the cybersecurity community. Research works on hunting Windows PE-based malwares are maturing, whereas the developments on Linux malware threat hunting are relatively scarce. With the advent of the Internet of Things (IoT) era, smart devices that are getting integrated into human life have become a hackers' highway for their malicious activities. The IoT devices employ various Unix-based architectures that follow ELF (Executable and Linkable Format) as their standard binary file specification. This study aims at providing a comprehensive survey on the latest developments in cross-architectural IoT malware detection and classification approaches. Aided by a modern taxonomy, we discuss the feature representations, feature extraction techniques, and machine learning models employed in the surveyed works. We further provide more insights on the practical challenges involved in cross-architectural IoT malware threat hunting and discuss various avenues to instill potential future research.

show abstract

“…The evolution of malware detection approaches was reviewed in detail by Caviglione et al [8]. The literature showed five main approaches to malware detection: the early detection systems relied on signatures, the more recent ones use behavior-based, heuristic-based, energy-based, or bioinspired techniques.…”

Section: Traditional Malware Detection Approachesmentioning

confidence: 99%

MalCaps: A Capsule Network Based Model for the Malware Classification

Zhang

Chen

et al. 2021

Processes

View full text Add to dashboard Cite

The research on malware detection enabled by deep learning has become a hot issue in the field of network security. The existing malware detection methods based on deep learning suffer from some issues, such as weak ability of deep feature extraction, relatively complex model, and insufficient ability of model generalization. Traditional deep learning architectures, such as convolutional neural networks (CNNs) variants, do not consider the spatial hierarchies between features, and lose some information on the precise position of a feature within the feature region, which is crucial for a malware file which has specific sections. In this paper, we draw on the idea of image classification in the field of computer vision and propose a novel malware detection method based on capsule network architecture with hyper-parameter optimized convolutional layers (MalCaps), which overcomes CNNs limitations by removing the need for a pooling layer and introduces capsule layers. Firstly, the malware is transformed into a grayscale image. Then, the dynamic routing-based capsule network is used to detect and classify the image. Without advanced feature extraction and with only a small number of labeled samples, the presented method is tested on an unbalanced Microsoft Malware Classification Challenge (MMCC) dataset and experimental results produce testing accuracy of 99.34%, improving on a number of traditional deep learning models posited in recent malware classification literature.

show abstract

Tight Arms Race: Overview of Current Malware Threats and Trends in Their Detection

Cited by 92 publications

References 164 publications

The Proposition and Evaluation of the RoEduNet-SIMARGL2021 Network Intrusion Detection Dataset

The Proposition and Evaluation of the RoEduNet-SIMARGL2021 Network Intrusion Detection Dataset

A Survey on Cross-Architectural IoT Malware Threat Hunting

MalCaps: A Capsule Network Based Model for the Malware Classification

Contact Info

Product

Resources

About