• Title/Summary/Keyword: malware analysis

Search Result 262, Processing Time 0.027 seconds

Detecting A Crypto-mining Malware By Deep Learning Analysis

  • Aljehani, Shahad;Alsuwat, Hatim
    • International Journal of Computer Science & Network Security
    • /
    • v.22 no.6
    • /
    • pp.172-180
    • /
    • 2022
  • Crypto-mining malware (known as crypto-jacking) is a novel cyber-attack that exploits the victim's computing resources such as CPU and GPU to generate illegal cryptocurrency. The attacker get benefit from crypto-jacking by using someone else's mining hardware and their electricity power. This research focused on the possibility of detecting the potential crypto-mining malware in an environment by analyzing both static and dynamic approaches of deep learning. The Program Executable (PE) files were utilized with deep learning methods which are Long Short-Term Memory (LSTM). The finding revealed that LTSM outperformed both SVM and RF in static and dynamic approaches with percentage of 98% and 96%, respectively. Future studies will focus on detecting the malware using larger dataset to have more accurate and realistic results.

Stacked Autoencoder Based Malware Feature Refinement Technology Research (Stacked Autoencoder 기반 악성코드 Feature 정제 기술 연구)

  • Kim, Hong-bi;Lee, Tae-jin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.4
    • /
    • pp.593-603
    • /
    • 2020
  • The advent of malicious code has increased exponentially due to the spread of malicious code generation tools in accordance with the development of the network, but there is a limit to the response through existing malicious code detection methods. According to this situation, a machine learning-based malicious code detection method is evolving, and in this paper, the feature of data is extracted from the PE header for machine-learning-based malicious code detection, and then it is used to automate the malware through autoencoder. Research on how to extract the indicated features and feature importance. In this paper, 549 features composed of information such as DLL/API that can be identified from PE files that are commonly used in malware analysis are extracted, and autoencoder is used through the extracted features to improve the performance of malware detection in machine learning. It was proved to be successful in providing excellent accuracy and reducing the processing time by 2 times by effectively extracting the features of the data by compressively storing the data. The test results have been shown to be useful for classifying malware groups, and in the future, a classifier such as SVM will be introduced to continue research for more accurate malware detection.

A Study on Robustness Evaluation and Improvement of AI Model for Malware Variation Analysis (악성코드 변종 분석을 위한 AI 모델의 Robust 수준 측정 및 개선 연구)

  • Lee, Eun-gyu;Jeong, Si-on;Lee, Hyun-woo;Lee, Tea-jin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.32 no.5
    • /
    • pp.997-1008
    • /
    • 2022
  • Today, AI(Artificial Intelligence) technology is being extensively researched in various fields, including the field of malware detection. To introduce AI systems into roles that protect important decisions and resources, it must be a reliable AI model. AI model that dependent on training dataset should be verified to be robust against new attacks. Rather than generating new malware detection, attackers find malware detection that succeed in attacking by mass-producing strains of previously detected malware detection. Most of the attacks, such as adversarial attacks, that lead to misclassification of AI models, are made by slightly modifying past attacks. Robust models that can be defended against these variants is needed, and the Robustness level of the model cannot be evaluated with accuracy and recall, which are widely used as AI evaluation indicators. In this paper, we experiment a framework to evaluate robustness level by generating an adversarial sample based on one of the adversarial attacks, C&W attack, and to improve robustness level through adversarial training. Through experiments based on malware dataset in this study, the limitations and possibilities of the proposed method in the field of malware detection were confirmed.

Probabilistic K-nearest neighbor classifier for detection of malware in android mobile (안드로이드 모바일 악성 앱 탐지를 위한 확률적 K-인접 이웃 분류기)

  • Kang, Seungjun;Yoon, Ji Won
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.25 no.4
    • /
    • pp.817-827
    • /
    • 2015
  • In this modern society, people are having a close relationship with smartphone. This makes easier for hackers to gain the user's information by installing the malware in the user's smartphone without the user's authority. This kind of action are threats to the user's privacy. The malware characteristics are different to the general applications. It requires the user's authority. In this paper, we proposed a new classification method of user requirements method by each application using the Principle Component Analysis(PCA) and Probabilistic K-Nearest Neighbor(PKNN) methods. The combination of those method outputs the improved result to classify between malware and general applications. By using the K-fold Cross Validation, the measurement precision of PKNN is improved compare to the previous K-Nearest Neighbor(KNN). The classification which difficult to solve by KNN also can be solve by PKNN with optimizing the discovering the parameter k and ${\beta}$. Also the sample that has being use in this experiment is based on the Contagio.

Automatic Binary Execution Environment based on Real-machines for Intelligent Malware Analysis (지능형 악성코드 분석을 위한 리얼머신 기반의 바이너리 자동실행 환경)

  • Cho, Homook;Yoon, KwanSik;Choi, Sangyong;Kim, Yong-Min
    • KIISE Transactions on Computing Practices
    • /
    • v.22 no.3
    • /
    • pp.139-144
    • /
    • 2016
  • There exist many threats in cyber space, however current anti-virus software and other existing solutions do not effectively respond to malware that has become more complex and sophisticated. It was shown experimentally that it is possible for the proposed approach to provide an automatic execution environment for the detection of malicious behavior of active malware, comparing the virtual-machine environment with the real-machine environment based on user interaction. Moreover, the results show that it is possible to provide a dynamic analysis environment in order to analyze the intelligent malware effectively, through the comparison of malicious behavior activity in an automatic binary execution environment based on real-machines and the malicious behavior activity in a virtual-machine environment.

Light-weight Classification Model for Android Malware through the Dimensional Reduction of API Call Sequence using PCA

  • Jeon, Dong-Ha;Lee, Soo-Jin
    • Journal of the Korea Society of Computer and Information
    • /
    • v.27 no.11
    • /
    • pp.123-130
    • /
    • 2022
  • Recently, studies on the detection and classification of Android malware based on API Call sequence have been actively carried out. However, API Call sequence based malware classification has serious limitations such as excessive time and resource consumption in terms of malware analysis and learning model construction due to the vast amount of data and high-dimensional characteristic of features. In this study, we analyzed various classification models such as LightGBM, Random Forest, and k-Nearest Neighbors after significantly reducing the dimension of features using PCA(Principal Component Analysis) for CICAndMal2020 dataset containing vast API Call information. The experimental result shows that PCA significantly reduces the dimension of features while maintaining the characteristics of the original data and achieves efficient malware classification performance. Both binary classification and multi-class classification achieve higher levels of accuracy than previous studies, even if the data characteristics were reduced to less than 1% of the total size.

Machine Learning Based Malware Detection Using API Call Time Interval (API Call Time Interval을 활용한 머신러닝 기반의 악성코드 탐지)

  • Cho, Young Min;Kwon, Hun Yeong
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.1
    • /
    • pp.51-58
    • /
    • 2020
  • The use of malware in cyber threats continues to be used in all ages, and will continue to be a major attack method even if IT technology advances. Therefore, researches for detecting such malicious codes are constantly tried in various ways. Recently, with the development of AI-related technology, many researches related to machine learning have been conducted to detect malware. In this paper, we propose a method to detect malware using machine learning. For machine learning detection, we create a feature around each call interval, ie Time Interval, in which API calls occur among dynamic analysis data, and then apply the result to machine learning techniques.

A Study on Malware Clustering Technique Using API Call Sequence and Locality Sensitive Hashing (API 콜 시퀀스와 Locality Sensitive Hashing을 이용한 악성코드 클러스터링 기법에 관한 연구)

  • Goh, Dong Woo;Kim, Huy Kang
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.1
    • /
    • pp.91-101
    • /
    • 2017
  • API call sequence analysis is a kind of analysis using API call information extracted in target program. Compared to other techniques, this is advantageous as it can characterize the behavior of the target. However, existing API call sequence analysis has an issue of identifying same characteristics to different function during the analysis. To resolve the identification issue and improve performance of analysis, this study includes the method of API abstraction technique in addition to existing analysis. From there on, similarity between target programs is computed and clustered into similar types by applying LSH to abstracted API call sequence from analyzed target. Thus, this study can attribute in improving the accuracy of the malware analysis based on discovered information on the types of malware identified.

ELPA: Emulation-Based Linked Page Map Analysis for the Detection of Drive-by Download Attacks

  • Choi, Sang-Yong;Kim, Daehyeok;Kim, Yong-Min
    • Journal of Information Processing Systems
    • /
    • v.12 no.3
    • /
    • pp.422-435
    • /
    • 2016
  • Despite the convenience brought by the advances in web and Internet technology, users are increasingly being exposed to the danger of various types of cyber attacks. In particular, recent studies have shown that today's cyber attacks usually occur on the web via malware distribution and the stealing of personal information. A drive-by download is a kind of web-based attack for malware distribution. Researchers have proposed various methods for detecting a drive-by download attack effectively. However, existing methods have limitations against recent evasion techniques, including JavaScript obfuscation, hiding, and dynamic code evaluation. In this paper, we propose an emulation-based malicious webpage detection method. Based on our study on the limitations of the existing methods and the state-of-the-art evasion techniques, we will introduce four features that can detect malware distribution networks and we applied them to the proposed method. Our performance evaluation using a URL scan engine provided by VirusTotal shows that the proposed method detects malicious webpages more precisely than existing solutions.

HB-DIPM: Human Behavior Analysis-Based Malware Detection and Intrusion Prevention Model in the Future Internet

  • Lee, Jeong Kyu;Moon, Seo Yeon;Park, Jong Hyuk
    • Journal of Information Processing Systems
    • /
    • v.12 no.3
    • /
    • pp.489-501
    • /
    • 2016
  • As interest in the Internet increases, related technologies are also quickly progressing. As smart devices become more widely used, interest is growing in words are missing here like "improving the" or "figuring out how to use the" future Internet to resolve the fundamental issues of transmission quality and security. The future Internet is being studied to improve the limits of existing Internet structures and to reflect new requirements. In particular, research on words are missing here like "finding new forms of" or "applying new forms of" or "studying various types of" or "finding ways to provide more" reliable communication to connect the Internet to various services is in demand. In this paper, we analyze the security threats caused by malicious activities in the future Internet and propose a human behavior analysis-based security service model for malware detection and intrusion prevention to provide more reliable communication. Our proposed service model provides high reliability services by responding to security threats by detecting various malware intrusions and protocol authentications based on human behavior.