Windows PE Malware Detection Using Ensemble Learning

Azeez, Nureni Ayofe; Odufuwa, Oluwanifise Ebunoluwa; Misra, Sanjay; Ozik, Jonathan; Damaševičius, Robertas

doi:10.3390/informatics8010010

Cited by 52 publications

(21 citation statements)

References 47 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In short, cross-validation splits the data source into a training partition (80%) and the remaining partition (20%) is used as a testing set. This research is also using the concept of Ensemble Learning that requires training the data and test features in various ways [55]. The first step is to build an ensemble of Machine Learning classifiers.…”

Section: Testing Ugransomementioning

confidence: 99%

UGRansome1819: A Novel Dataset for Anomaly Detection and Zero-Day Threats

2021

View full text Add to dashboard Cite

This research attempts to introduce the production methodology of an anomaly detection dataset using ten desirable requirements. Subsequently, the article presents the produced dataset named UGRansome, created with up-to-date and modern network traffic (netflow), which represents cyclostationary patterns of normal and abnormal classes of threatening behaviours. It was discovered that the timestamp of various network attacks is inferior to one minute and this feature pattern was used to record the time taken by the threat to infiltrate a network node. The main asset of the proposed dataset is its implication in the detection of zero-day attacks and anomalies that have not been explored before and cannot be recognised by known threats signatures. For instance, the UDP Scan attack has been found to utilise the lowest netflow in the corpus, while the Razy utilises the highest one. In turn, the EDA2 and Globe malware are the most abnormal zero-day threats in the proposed dataset. These feature patterns are included in the corpus, but derived from two well-known datasets, namely, UGR’16 and ransomware that include real-life instances. The former incorporates cyclostationary patterns while the latter includes ransomware features. The UGRansome dataset was tested with cross-validation and compared to the KDD99 and NSL-KDD datasets to assess the performance of Ensemble Learning algorithms. False alarms have been minimized with a null empirical error during the experiment, which demonstrates that implementing the Random Forest algorithm applied to UGRansome can facilitate accurate results to enhance zero-day threats detection. Additionally, most zero-day threats such as Razy, Globe, EDA2, and TowerWeb are recognised as advanced persistent threats that are cyclostationary in nature and it is predicted that they will be using spamming and phishing for intrusion. Lastly, achieving the UGRansome balance was found to be NP-Hard due to real life-threatening classes that do not have a uniform distribution in terms of several instances.

show abstract

Section: Testing Ugransomementioning

confidence: 99%

UGRansome1819: A Novel Dataset for Anomaly Detection and Zero-Day Threats

2021

View full text Add to dashboard Cite

show abstract

“…This is determined by finding the ratio of correctly predicted observation to the total observations. It is the ratio of correctly labeled tweets to the whole pool of tweets (Azeez et al, 2021).…”

Section: Metrics Used For Evaluationmentioning

confidence: 99%

“…Voting is implemented here using predicted class labels for majority rule. The constituent estimators used in the ensemble are Multinomial NB, Linear SVC and Logistic Regression(Azeez et al, 2021).…”

mentioning

confidence: 99%

Cyberbullying Detection in Social Networks: Artificial Intelligence Approach

Azeez

Idiakose

Onyema

et al. 2021

JCSANDM

Self Cite

View full text Add to dashboard Cite

Over the past decade, digital communication has reached a massive scale globally. Unfortunately, cyberbullying has become prevalent, with perpetrators hiding behind the mask of relative internet anonymity. In this work, efforts were made to review prominent classification algorithms and also to propose an ensemble model for identifying cases of cyberbullying, using Twitter datasets. The algorithms used for evaluation are Naive Bayes, K-Nearest Neighbors, Logistic Regression, Decision Tree, Random Forest, Linear Support Vector Classifier, Adaptive Boosting, Stochastic Gradient Descent and Bagging classifiers. Through experimentations, comparisons were made with the classifiers against four metrics: accuracy, precision, recall and F1 score. The results reveal the performances of all the algorithms used with their corresponding metrics. The ensemble model generated better results while Linear Support Vector Classifier (SVC) was the least effective of all. Random Forest classifier has shown to be the best performing classifier with medians of 0.77, 0.73 and 0.94 across the datasets. The ensemble model has shown to improve the results of its constituent classifiers with medians of 0.77, 0.66 and 0.94, as against the 0.59, 0.42 and 0.86 of Linear Support Vector Classifier.

show abstract

“…Static analysis learns the statistical features of malware (e.g., API calls, OpCode), whereas dynamic behavior analysis detects abnormal (possibly malicious) behavior by observing deviations from the baseline of the system. Recently, malware detection efforts prefer to use raw software binaries as the input of DL models [29][30][31].…”

Section: Related Workmentioning

confidence: 99%

Binary Black-Box Adversarial Attacks with Evolutionary Learning against IoT Malware Detection

Wang

et al. 2021

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

5G is about to open Pandora’s box of security threats to the Internet of Things (IoT). Key technologies, such as network function virtualization and edge computing introduced by the 5G network, bring new security threats and risks to the Internet infrastructure. Therefore, higher detection and defense against malware are required. Nowadays, deep learning (DL) is widely used in malware detection. Recently, research has demonstrated that adversarial attacks have posed a hazard to DL-based models. The key issue of enhancing the antiattack performance of malware detection systems that are used to detect adversarial attacks is to generate effective adversarial samples. However, numerous existing methods to generate adversarial samples are manual feature extraction or using white-box models, which makes it not applicable in the actual scenarios. This paper presents an effective binary manipulation-based attack framework, which generates adversarial samples with an evolutionary learning algorithm. The framework chooses some appropriate action sequences to modify malicious samples. Thus, the modified malware can successfully circumvent the detection system. The evolutionary algorithm can adaptively simplify the modification actions and make the adversarial sample more targeted. Our approach can efficiently generate adversarial samples without human intervention. The generated adversarial samples can effectively combat DL-based malware detection models while preserving the consistency of the executable and malicious behavior of the original malware samples. We apply the generated adversarial samples to attack the detection engines of VirusTotal. Experimental results illustrate that the adversarial samples generated by our method reach an evasion success rate of 47.8%, which outperforms other attack methods. By adding adversarial samples in the training process, the MalConv network is retrained. We show that the detection accuracy is improved by 10.3%.

show abstract

Windows PE Malware Detection Using Ensemble Learning

Cited by 52 publications

References 47 publications

UGRansome1819: A Novel Dataset for Anomaly Detection and Zero-Day Threats

UGRansome1819: A Novel Dataset for Anomaly Detection and Zero-Day Threats

Cyberbullying Detection in Social Networks: Artificial Intelligence Approach

Binary Black-Box Adversarial Attacks with Evolutionary Learning against IoT Malware Detection

Contact Info

Product

Resources

About