• Journal of Convergence for Information Technology
• /
• v.11 no.11
• /
• pp.137-142
• /
• 2021

Although the internet has gained many conveniences and benefits, it is causing economic and social damage to users due to intelligent malware. Most of the signature-based anti-virus programs are used to detect and defend this, but it is insufficient to prevent malware variants becoming more intelligent. Therefore, we proposes a model that detects and defends the intelligent malware that is pouring out in the paper. The proposed model learns by imaging the characteristics of malware based on deeplearning, and detects newly detected malware variants using the learned model. It was shown that the proposed model detects not only the existing malware but also most of the variants that transform the existing malware.

• International Journal of Computer Science & Network Security
• /
• v.21 no.6
• /
• pp.286-293
• /
• 2021

Recently, the quick development rate of apps in the Android platform has led to an accelerated increment in creating malware applications by cyber attackers. Numerous Android malware detection tools have utilized conventional signature-based approaches to detect malware apps. However, these conventional strategies can't identify the latest apps on whether applications are malware or not. Many new malware apps are periodically discovered but not all malware Apps can be accurately detected. Hence, there is a need to propose intelligent approaches that are able to detect the newly developed Android malware applications. In this study, Radial Basis Function (RBF) networks are trained using known Android applications and then used to detect the latest and new Android malware applications. Initially, the optimal permission features of Android apps are selected using Information Gain Ratio (IGR). Appropriately, the features selected by IGR are utilized to train the RBF networks in order to detect effectively the new Android malware apps. The empirical results showed that RBF achieved the best detection accuracy (97.20%) among other common machine learning techniques. Furthermore, RBF accomplished the best detection results in most of the other measures.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.5
• /
• pp.1466-1488
• /
• 2022

Recently, the importance and necessity of artificial intelligence (AI), especially machine learning, has been emphasized. In fact, studies are actively underway to solve complex and challenging problems through the use of AI systems, such as intelligent CCTVs, intelligent AI security systems, and AI surgical robots. Information security that involves analysis and response to security vulnerabilities of software is no exception to this and is recognized as one of the fields wherein significant results are expected when AI is applied. This is because the frequency of malware incidents is gradually increasing, and the available security technologies are limited with regard to the use of software security experts or source code analysis tools. We conducted a study on MalDC, a technique that converts malware into images using machine learning, MalDC showed good performance and was able to analyze and classify different types of malware. MalDC applies a preprocessing step to minimize the noise generated in the image conversion process and employs an image augmentation technique to reinforce the insufficient dataset, thus improving the accuracy of the malware classification. To verify the feasibility of our method, we tested the malware classification technique used by MalDC on a dataset provided by Microsoft and malware data collected by the Korea Internet & Security Agency (KISA). Consequently, an accuracy of 97% was achieved.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.8
• /
• pp.2964-2983
• /
• 2015

As the Android operating system has become a key target for malware authors, Android protection has become a thriving research area. Beside the proved importance of system permissions for malware analysis, there is a lot of overlapping in permissions between malware apps and goodware apps. The exploitation of them effectively in malware detection is still an open issue. In this paper, to investigate the feasibility of neuro-fuzzy techniques to Android protection based on system permissions, we introduce a self-adaptive neuro-fuzzy inference system to classify the Android apps into malware and goodware. According to the framework introduced, the most significant permissions that characterize optimally malware apps are identified using Information Gain Ratio method and encapsulated into patterns of features. The patterns of features data is used to train and test the system using stratified cross-validation methodologies. The experiments conducted conclude that the proposed classifier can be effective in Android protection. The results also underline that the neuro-fuzzy techniques are feasible to employ in the field.

• ETRI Journal
• /
• v.43 no.2
• /
• pp.332-343
• /
• 2021

With cyberattack techniques on the rise, there have been increasing developments in the detection techniques that defend against such attacks. However, cyber attackers are now developing fileless malware to bypass existing detection techniques. To combat this trend, security vendors are publishing analysis reports to help manage and better understand fileless malware. However, only fragmentary analysis reports for specific fileless cyberattacks exist, and there have been no comprehensive analyses on the variety of fileless cyberattacks that can be encountered. In this study, we analyze 10 selected cyberattacks that have occurred over the past five years in which fileless techniques were utilized. We also propose a methodology for classification based on the attack techniques and characteristics used in fileless cyberattacks. Finally, we describe how the response time can be improved during a fileless attack using our quick and effective classification technique.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.3
• /
• pp.519-529
• /
• 2019

Nowadays, intelligent Android malware applies anti-analysis techniques to hide malicious behaviors and make it difficult for anti-virus vendors to detect its presence. Malware can use background components to hide harmful operations, use activity-alias to get around with automation script, or wipe the logcat to avoid forensics. During our study, several static analysis tools can not extract these hidden components like main activity, and dynamic analysis tools also have problem with code coverage due to partial execution of android malware. In this paper, we design and implement a system to analyze intelligent malware that uses anti-analysis techniques to improve detection rate of evasive malware. It extracts the hidden components of malware, runs background components like service, and generates all the intent events defined in the app. We also implemented a real-time logging system that uses modified logcat to block deleting logs from malware. As a result, we improve detection rate from 70.9% to 89.6% comparing other container based dynamic analysis platform with proposed system.

• Convergence Security Journal
• /
• v.10 no.2
• /
• pp.43-49
• /
• 2010

Nowadays, the occurrence of Malware is steadily increasing. The Malware is also becoming more intelligent, advanced and changing into various types. With the development of the information industry, the economic and monetary value of the information is going up and the damage due to the leaked information by the Malware is also increasing. This paper investigates the general usage of the User Agent in the HTTP Header, studies the Malware production techniques by transformation of the User-Agent information and suggests the technical and political counterplan against them.

• International Journal of Advanced Culture Technology
• /
• v.9 no.3
• /
• pp.291-297
• /
• 2021

Recently, as the number of new and variant malicious codes has increased exponentially, malware warnings are being issued to PC and smartphone users. Malware is becoming more and more intelligent. Efforts to protect personal information are becoming more and more important as social issues are used to stimulate the interest of PC users and allow users to directly download malicious codes. In this way, it is difficult to prevent malicious code because malicious code infiltrates in various forms. As a countermeasure to solve these problems, many studies are being conducted to apply deep learning. In this paper, we investigate and analyze various deep learning methods to detect and classify malware.

• KIISE Transactions on Computing Practices
• /
• v.22 no.3
• /
• pp.139-144
• /
• 2016

There exist many threats in cyber space, however current anti-virus software and other existing solutions do not effectively respond to malware that has become more complex and sophisticated. It was shown experimentally that it is possible for the proposed approach to provide an automatic execution environment for the detection of malicious behavior of active malware, comparing the virtual-machine environment with the real-machine environment based on user interaction. Moreover, the results show that it is possible to provide a dynamic analysis environment in order to analyze the intelligent malware effectively, through the comparison of malicious behavior activity in an automatic binary execution environment based on real-machines and the malicious behavior activity in a virtual-machine environment.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.6
• /
• pp.3230-3253
• /
• 2017

Android malware steals users' private information, and embedded unsafe advertisement (ad) libraries, which execute unsafe code causing damage to users. The majority of such traffic is HTTP and is mixed with other normal traffic, which makes the detection of malware and unsafe ad libraries a challenging problem. To address this problem, this work describes a novel HTTP traffic flow mining approach to detect and categorize Android malware and unsafe ad library. This work designed AndroCollector, which can automatically execute the Android application (app) and collect the network traffic traces. From these traces, this work extracts HTTP traffic features along three important dimensions: quantitative, timing, and semantic and use these features for characterizing malware and unsafe ad libraries. Based on these HTTP traffic features, this work describes a supervised classification scheme for detecting malware and unsafe ad libraries. In addition, to help network operators, this work describes a fine-grained categorization method by generating fingerprints from HTTP request methods for each malware family and unsafe ad libraries. This work evaluated the scheme using HTTP traffic traces collected from 10778 Android apps. The experimental results show that the scheme can detect malware with 97% accuracy and unsafe ad libraries with 95% accuracy when tested on the popular third-party Android markets.