Detection Of Malicious Software Research Articles

An enhanced conventional neural network schema for structural class-based software fault prediction

ABSTRACT Malicious software detection is the most prominent process required by various industries to avoid server failure. It is required to detect malicious software accurately to avoid time and cost wastage. Various research works have been introduced earlier for the detection of malicious software. In the existing work Support Vector Machine (SVM) is introduced for malicious software detection. However, existing works cannot perform well where there are error modules in the software. It is addressed in this suggested study by developing Coupling and Cohesion Metrics-based Fault Detection (CCMFD). In this research work, structural measures are mainly examined which come under the cohesion measures and comprise deficient cohesion in approaches (LCOM), and Conceptual Coupling between Object Classes (CCBO). Failure situations and measures relating to information flow are used in other techniques. A high-quality service has a low coupling and a high cohesiveness. These extracted features will be given as input to the enhanced Conventional Neural Network (CNN) for software mistake forecasting. A complete study analysis is done in a Java simulator, indicating that the suggested approach tends to have superior fault prediction outcomes than the current method.

WORM-VIRUS DETECTION METHOD ACCORDING TO MULTI-CLASS CLASSIFICATION

The work presents the results of research on worm viruses and methods of their detection. Malware distribution happens all the time. The analyzed modern tools and systems for prevention, detection and countermeasures against malicious software and computer attacks are quite effective, provide a high percentage of detection and function at an adequate level. But criminals constantly study the capabilities of such tools and systems, improve malicious software and computer attacks, and achieve certain results. Therefore, developers of tools and systems for prevention, detection and countermeasures against malicious software and computer attacks must constantly improve them. The protection of corporate networks is relevant. They can be effectively configured to increase computing resources when solving the tasks of warning, detecting and countering malicious software and computer attacks to protect corporate networks. Therefore, the article defines as an urgent scientific task - the development of methods to improve the efficiency of the functioning of distributed systems with partial centralization for detection of malicious software and computer attacks in computer networks and detection of malicious software with their use due to the synthesis of their architecture in such a way that the principles of functioning of such systems make it difficult for criminals to understand them. The work considers a set of worm viruses, which covers network features as much as possible. Therefore, to study the effectiveness of methods of creating distributed systems and the systems themselves based on them, worm viruses were considered. The purpose of the work is to develop a method for detecting worm viruses in corporate networks. The work developed a method of detecting worm viruses using their division into classes based on common features and defined criteria according to the classification of objects according to many classes and taking into account its implementation in the architecture of partially centralized distributed systems to obtain a complete sensor and make a decision regarding the classification of worms virus to a certain class. This improved the reliability of detection by 8-11% compared to using the method without directly involving the elements and components of the system. As a result of setting up experiments and conducting them, results were obtained that confirm the correct functioning of a partially centralized distributed system for the detection of worm viruses.

DETECTION OF MALICIOUS ACTIVITY USING A NEURAL NETWORK FOR CONTINUOUS OPERATION

This article describes the problem of detecting malicious programs in running systems of users of mobile applications. Because users can download any application on their phone, which over time can pull up additional settings, which can store malicious routines for monitoring both personal life and their personal data, such as logins, passwords, bank data. The detection of such routines is based on dynamic analysis and is formulated as a weakly controlled problem. The article contains an analysis of information on the development of researchers who worked on detection models and methods such as: statistical and dynamic intrusion detection methods, anomaly detection model, settings classification methods, machine and deep learning methods. Machine learning, and especially deep learning, has become an extremely useful and interesting topic in cybersecurity over the past few years. In this context, the detection of malicious software has received considerable attention. The article considers the problem of detecting the activity of malicious software of mobile operating systems in the time domain by analyzing behavioral sequences of a large amount of industrial data. When malware executes on a system, its behavior consists of a series of distinct actions placed along the time axis, and there is only a subsequence of actions that lead to malicious activity. Very often, malicious software does not manifest itself immediately, and at some point in the execution, malicious activity is formed. Therefore, the main task and difficulty is to identify such a subsequence in the entire sequence of events. Due to this, it is proposed to develop a behavior model that would analyze the dynamic behavior of the program in the system during execution. For this, a sequence of API/function calls generated by the program at runtime is used as input data and a recurrent neural network (RNN) architecture is proposed to detect malicious activity. The article describes the training method of the proposed model and provides verification of its performance on a large sample of industrial data consisting of a large number of samples generated on the emulator farm. Many mobile phone vendors strive for hardware acceleration on the device to provide better support. Therefore, it can be considered that the deployment of a model based on RNM directly on the device as one of the security levels can become a viable solution. The test data of the model described in the article show sufficiently high positive results when detecting malicious activities.

Detection of Malicious software and control using Artificial Intelligence

Due to growing pervasiveness of malware in the contemporary digital environment, it is imperative to establish efficient identification and management systems to protect computer systems and networks. Conventional approaches to malware detection frequently encounter difficulties in keeping pace with the swiftly progressing characteristics of malevolent software. However, the emergence of artificial intelligence (AI) has unlocked fresh prospects for augmenting malware detection and control. This article investigates the implementation of AI methodologies in malware detection and mitigation, elucidating the benefits and obstacles connected with this strategy.

Analysis of the capacity of existing anti-virus protection systems and their based methods for detecting new malware in military information systems

The article solves the task of analyzing the ability of existing anti-virus systems and the methods based on them to detect new malicious software in information systems of critical infrastructure, in particular, the sector of the state defense forces. It is noted that the official data of the developers of antivirus systems often do not confirm the declared level of accuracy of detecting new malicious software in practice. In addition, in most cases, the declared accuracy rate of detecting new malware is higher than the similar rate of detection of known malware, which indicates that the antivirus systems in question are tested in specific conditions that are too different from real ones. The properties of new malicious software are described in order to find the most suitable class of computer viruses. Classes of polymorphic (oligomorphic) and metamorphic viruses demonstrate the most complete compliance with the specified properties, which allows us to assert their significant share in the use of new malicious software. The characteristics of malicious software detection methods are given, which due to their properties are able to adapt to a certain extent to their metamorphic (polymorphic) nature. Methods based on the theory of fuzzy logic demonstrate the most complete correspondence. The direction of improvement of the existing anti-virus systems in order to increase the adaptability to the detection of new (polymorphic, metamorphic) classes of malicious software is proposed. The obtained results should be considered as a basis for the implementation of new approaches to the detection of malicious software in order to identify previously unknown instances of it, which will allow to significantly increase the effectiveness of ensuring cyber security of modern information systems and networks.

Detection of Malicious Software by Analyzing Distinct Artifacts Using Machine Learning and Deep Learning Algorithms

Malware is one of the most significant threats in today’s computing world since the number of websites distributing malware is increasing at a rapid rate. Malware analysis and prevention methods are increasingly becoming necessary for computer systems connected to the Internet. This software exploits the system’s vulnerabilities to steal valuable information without the user’s knowledge, and stealthily send it to remote servers controlled by attackers. Traditionally, anti-malware products use signatures for detecting known malware. However, the signature-based method does not scale in detecting obfuscated and packed malware. Considering that the cause of a problem is often best understood by studying the structural aspects of a program like the mnemonics, instruction opcode, API Call, etc. In this paper, we investigate the relevance of the features of unpacked malicious and benign executables like mnemonics, instruction opcodes, and API to identify a feature that classifies the executable. Prominent features are extracted using Minimum Redundancy and Maximum Relevance (mRMR) and Analysis of Variance (ANOVA). Experiments were conducted on four datasets using machine learning and deep learning approaches such as Support Vector Machine (SVM), Naïve Bayes, J48, Random Forest (RF), and XGBoost. In addition, we also evaluate the performance of the collection of deep neural networks like Deep Dense network, One-Dimensional Convolutional Neural Network (1D-CNN), and CNN-LSTM in classifying unknown samples, and we observed promising results using APIs and system calls. On combining APIs/system calls with static features, a marginal performance improvement was attained comparing models trained only on dynamic features. Moreover, to improve accuracy, we implemented our solution using distinct deep learning methods and demonstrated a fine-tuned deep neural network that resulted in an F1-score of 99.1% and 98.48% on Dataset-2 and Dataset-3, respectively.

ПРОГРАММНЫЙ КОМПЛЕКС ОЦЕНКИ ИНФОРМАЦИОННОЙ БЕЗОПАСНОСТИ ПРОГРАММНОГО ОБЕСПЕЧЕНИЯ БЕЗ ИСХОДНЫХ ТЕКСТОВ

Introduction: Digitalisation affects all sectors of human activity, resulting in the creation of a variety of software that implements business logic and technical processes in complex systems. Under these conditions, the issue of identifying malware becomes even more important. The solution to this problem is complicated by the lack of source code and the need to quickly make a decision on the presence or absence of malicious functionality. Research Aim: The aim of the research is to create an approach to assess the information security of software without source code. It is proposed that the approach is based on the use of a hypervisor that provides control over the operation of software with memory as a key characteristic of the presence/absence of its malicious functionality. It is proposed to calculate a software security score as a security metric. Methods: the solution of the set issue is based on the use of virtualization mechanism providing control over all operations over the memory realized by the software and on the use of probability theory methods to get a complex security estimate which takes into account the reliability of the software functioning and its security. Results: the methodology of getting a complex estimation of software functioning security is developed which takes into account the security of software functioning; network security — vulnerabilities and network ports detected by scanning; potentially insecure changes in file system and register and also potentially dangerous operations connected with the use of memory. The architecture of the software prototype that implements the proposed approach is described and its experimental testing is carried out, as a result of which only regular software samples received high security assessment. Practical significance: the developed system can be used for automated analysis of software operating in various complex systems. An important advantage of the software prototype is its scalability and trustworthiness ensured through the use of virtualization tools that do not allow damaging the work of a computer system in case of detection of malicious software.

Detection of malicious software by analyzing the behavioral artifacts using machine learning algorithms

Malicious software deliberately affects the computer systems. Malware are analyzed using static or dynamic analysis techniques. Using these techniques, unique patterns are extracted to detect malware correctly. In this paper, a behavior-based malware detection technique is proposed. Various runtime features are extracted by setting up a dynamic analysis environment using the Cuckoo sandbox. Three primary features are processed for developing malware classifier. Firstly, printable strings are processed word by word using text mining techniques which produced a very high dimension matrix of the string features. Then we apply the singular value decomposition technique for reducing dimensions of string features. Secondly, Shannon entropy is computed over the printable strings and API calls to consider the randomness of API and PSI features. In addition to these features, behavioral features regarding file operations, registry key modification and network activities are used in malware detection. Finally, all features are integrated in the training feature set to develop the malware classifiers using the machine learning algorithms. The proposed technique is validated with 16489 malware and 8422 benign files. Our experimental results show the accuracy of 99.54% in malware detection using ensemble machine learning algorithms. Moreover, it aims to develop a behavior-based malware detection technique of high accuracy by processing the runtime features in a new way.

International Biobanking Interface Service – A Concept for Health Sciences in the Digital Age

Cyber security has become an increasingly important topic in recent years. The increasing popularity of systems and devices such as computers, servers, smartphones, tablets and smart home devices is causing a rapidly increasing attack surface. In addition, there are a variety of security vulnerabilities in software and hardware that make the security situation more complex and unclear. Many of these systems and devices also process personal or secret data and control critical processes in the industry. The need for security is tremendously high. The owners and administrators of modern computer systems are often overwhelmed with the task of securing their systems as the systems become more complex and the attack methods increasingly intelligent. In these days a there are a lot of encryption and hiding techniques available. They are used to make the detection of malicious software with signature based scanning methods very difficult. Therefore, novel methods for the detection of such threats are necessary. This paper examines whether cyber threats can be detected using modern artificial intelligence methods. We develop, describe and test a prototype for windows systems based on neural networks. In particular, an anomaly detection based on autoencoders is used. As this approach has shown, it is possible to detect a wide range of threats using artificial intelligence. Based on the approach in this work, this research topic should be continued to be investigated. Especially cloud-based solutions based on this principle seem to be very promising to protect against modern threats in the world of cyber security.

Methods for detecting bot nets in computer systems

Object. The process of the botnets detection in the corporate area networks based on network traffic analysis and on the of computer systems software’s behavior. Subject. Methods for botnets detection in computer systems. Goal. Increasing of the botnet detection efficiency by developing new methods for its detection in the corporate networks. Results. A new approach for the botnet detection in the corporate area networks based on the analysis of the bots’ behavior is proposed. The detection of botnets is accomplished by applying the developed two methods: by means of network-level and host-level analysis. The first method allows you to analyze the behavior of the software on the host, which may indicate the possible presence of the bot directly on the host and the detection of malicious software, while the second method involves monitoring and analysis of DNS traffic, which also allows to make a conclusion about infection of network hosts with botnets. Based on the proposed methods, an effective tool for botnet detection - BotGRABBER - was developed. It is capable of detecting bots that use such evasion methods as IP mapping, fast flux, domain flux, and DNS tunneling. Conclusions. The usage of the developed system allows to detect the hosts infected with botnet and localize malware with high efficiency - up to 96%, and also shows low rate of false positives 3-5%. A feature of the proposed approach is that the detection of botnets is "invisible" to botnet owners.

Formal Model of Process Functioning in the Operating System

The article presents a formal model of the functioning of the process in the operating system, created on the basis of a subject-object approach to the separation of the main elements of the operating system. A feature of the presented model is a high-level abstraction of the interaction between the operating system processes and resources, which allows applying the obtained results to a wide range of similar systems. The use of this model is necessary for carrying out the transition from the real world object (process) to a formal model to take into account the significant properties of the behavior of the process both during the static analysis phase of a binary executable file and the dynamic phase of monitoring its implementation. The system of safe execution of code is an extension of the composition of such approaches to the detection of malicious software as the application of the formal verification method «Model checking» and the use of machine safety to monitor the implementation of the studied program. This system allows using in corporate information and computer networks only such software, reliability of which is confirmed by a formal mathematical proof and continuous monitoring of its execution.

Methods of Detection of Malicious Software in Operating Systems for Mobile Devices (for Example, the Android Operating System)

Methods of Detection of Malicious Software in Operating Systems for Mobile Devices (for Example, the Android Operating System)

A dynamic malware analyzer against virtual machine aware malicious software

ABSTRACTNowadays, cyber‐world is being enriched by a large variety of digital information technology‐based services. An increasing rate of remote and mobile usage leads to a remarkable dependency on information security. Analysis and detection of malicious software or so‐called malware is a challenging task due to the introduction of advanced obfuscation techniques by malware authors. In this study, we mainly concentrate on anti‐virtual machine evasion techniques to provide secure and reproducible environments for malware analysis and its implementation issues. Malwares are identified on the basis of their behaviors by taking precautions related to the anti‐virtual machine detection techniques. The dynamic malware analyzer tool is deployed to execute anti‐virtual machine‐aware malware samples in VMware environment. Dynamic malware analyzer monitors system resources such as connections, processes, windows registry, and file operations. Success ratio of detection is tested by using public malware sets with an accuracy of 92%. The effectiveness and success of the behavior‐based malware analyzer tool is exploited and current state of the art of malware detection schemes is presented. Copyright © 2013 John Wiley & Sons, Ltd.

Deriving common malware behavior through graph clustering

Detection of malicious software (malware) continues to be a problem as hackers devise new ways to evade available methods. The proliferation of malware and malware variants requires new advanced methods to detect them. This paper proposes a method to construct a common behavioral graph representing the execution behavior of a family of malware instances. The method generates one common behavioral graph by clustering a set of individual behavioral graphs, which represent kernel objects and their attributes based on system call traces. The resulting common behavioral graph has a common path, called HotPath, which is observed in all the malware instances in the same family. The proposed method shows high detection rates and false positive rates close to 0%. The derived common behavioral graph is highly scalable regardless of new instances added. It is also robust against system call attacks.

Improving malware detection by applying multi-inducer ensemble

Detection of malicious software (malware) using machine learning methods has been explored extensively to enable fast detection of new released malware. The performance of these classifiers depends on the induction algorithms being used. In order to benefit from multiple different classifiers, and exploit their strengths we suggest using an ensemble method that will combine the results of the individual classifiers into one final result to achieve overall higher detection accuracy. In this paper we evaluate several combining methods using five different base inducers (C4.5 Decision Tree, Naïve Bayes, KNN, VFI and OneR) on five malware datasets. The main goal is to find the best combining method for the task of detecting malicious files in terms of accuracy, AUC and Execution time.