Visible to the public Biblio

Found 340 results

Filters: Keyword is Malware  [Clear All Filters]
2021-04-08
Colbaugh, R., Glass, K., Bauer, T..  2013.  Dynamic information-theoretic measures for security informatics. 2013 IEEE International Conference on Intelligence and Security Informatics. :45–49.
Many important security informatics problems require consideration of dynamical phenomena for their solution; examples include predicting the behavior of individuals in social networks and distinguishing malicious and innocent computer network activities based on activity traces. While information theory offers powerful tools for analyzing dynamical processes, to date the application of information-theoretic methods in security domains has focused on static analyses (e.g., cryptography, natural language processing). This paper leverages information-theoretic concepts and measures to quantify the similarity of pairs of stochastic dynamical systems, and shows that this capability can be used to solve important problems which arise in security applications. We begin by presenting a concise review of the information theory required for our development, and then address two challenging tasks: 1.) characterizing the way influence propagates through social networks, and 2.) distinguishing malware from legitimate software based on the instruction sequences of the disassembled programs. In each application, case studies involving real-world datasets demonstrate that the proposed techniques outperform standard methods.
Ayub, M. A., Continella, A., Siraj, A..  2020.  An I/O Request Packet (IRP) Driven Effective Ransomware Detection Scheme using Artificial Neural Network. 2020 IEEE 21st International Conference on Information Reuse and Integration for Data Science (IRI). :319–324.
In recent times, there has been a global surge of ransomware attacks targeted at industries of various types and sizes from retail to critical infrastructure. Ransomware researchers are constantly coming across new kinds of ransomware samples every day and discovering novel ransomware families out in the wild. To mitigate this ever-growing menace, academia and industry-based security researchers have been utilizing unique ways to defend against this type of cyber-attacks. I/O Request Packet (IRP), a low-level file system I/O log, is a newly found research paradigm for defense against ransomware that is being explored frequently. As such in this study, to learn granular level, actionable insights of ransomware behavior, we analyze the IRP logs of 272 ransomware samples belonging to 18 different ransomware families captured during individual execution. We further our analysis by building an effective Artificial Neural Network (ANN) structure for successful ransomware detection by learning the underlying patterns of the IRP logs. We evaluate the ANN model with three different experimental settings to prove the effectiveness of our approach. The model demonstrates outstanding performance in terms of accuracy, precision score, recall score, and F1 score, i.e., in the range of 99.7%±0.2%.
2021-03-29
Zimmo, S., Refaey, A., Shami, A..  2020.  Trusted Boot for Embedded Systems Using Hypothesis Testing Benchmark. 2020 IEEE Canadian Conference on Electrical and Computer Engineering (CCECE). :1—2.

Security has become a crucial consideration and is one of the most important design goals for an embedded system. This paper examines the type of boot sequence, and more specifically a trusted boot which utilizes the method of chain of trust. After defining these terms, this paper will examine the limitations of the existing safe boot, and finally propose the method of trusted boot based on hypothesis testing benchmark and the cost it takes to perform this method.

Moti, Z., Hashemi, S., Jahromi, A. N..  2020.  A Deep Learning-based Malware Hunting Technique to Handle Imbalanced Data. 2020 17th International ISC Conference on Information Security and Cryptology (ISCISC). :48–53.
Nowadays, with the increasing use of computers and the Internet, more people are exposed to cyber-security dangers. According to antivirus companies, malware is one of the most common threats of using the Internet. Therefore, providing a practical solution is critical. Current methods use machine learning approaches to classify malware samples automatically. Despite the success of these approaches, the accuracy and efficiency of these techniques are still inadequate, especially for multiple class classification problems and imbalanced training data sets. To mitigate this problem, we use deep learning-based algorithms for classification and generation of new malware samples. Our model is based on the opcode sequences, which are given to the model without any pre-processing. Besides, we use a novel generative adversarial network to generate new opcode sequences for oversampling minority classes. Also, we propose the model that is a combination of Convolutional Neural Network (CNN) and Long Short Term Memory (LSTM) to classify malware samples. CNN is used to consider short-term dependency between features; while, LSTM is used to consider longer-term dependence. The experiment results show our method could classify malware to their corresponding family effectively. Our model achieves 98.99% validation accuracy.
Chauhan, R., Heydari, S. Shah.  2020.  Polymorphic Adversarial DDoS attack on IDS using GAN. 2020 International Symposium on Networks, Computers and Communications (ISNCC). :1–6.
Intrusion Detection systems are important tools in preventing malicious traffic from penetrating into networks and systems. Recently, Intrusion Detection Systems are rapidly enhancing their detection capabilities using machine learning algorithms. However, these algorithms are vulnerable to new unknown types of attacks that can evade machine learning IDS. In particular, they may be vulnerable to attacks based on Generative Adversarial Networks (GAN). GANs have been widely used in domains such as image processing, natural language processing to generate adversarial data of different types such as graphics, videos, texts, etc. We propose a model using GAN to generate adversarial DDoS attacks that can change the attack profile and can be undetected. Our simulation results indicate that by continuous changing of attack profile, defensive systems that use incremental learning will still be vulnerable to new attacks.
2021-03-22
Sai, C. C., Prakash, C. S., Jose, J., Mana, S. C., Samhitha, B. K..  2020.  Analysing Android App Privacy Using Classification Algorithm. 2020 4th International Conference on Trends in Electronics and Informatics (ICOEI)(48184). :551–555.
The interface permits the client to scan for a subjective utility on the Play Store; the authorizations posting and the protection arrangement are then routinely recovered, on all events imaginable. The client has then the capability of choosing an interesting authorization, and a posting of pertinent sentences are separated with the guide of the privateer's inclusion and introduced to them, alongside a right depiction of the consent itself. Such an interface allows the client to rapidly assess the security-related dangers of an Android application, by utilizing featuring the pertinent segments of the privateer's inclusion and by introducing helpful data about shrewd authorizations. A novel procedure is proposed for the assessment of privateer's protection approaches with regards to Android applications. The gadget actualized widely facilitates the way toward understanding the security ramifications of placing in 1/3 birthday celebration applications and it has just been checked in a situation to feature troubling examples of uses. The gadget is created in light of expandability, and correspondingly inclines in the strategy can without trouble be worked in to broaden the unwavering quality and adequacy. Likewise, if your application handles non-open or delicate individual information, it would be ideal if you also allude to the extra necessities in the “Individual and Sensitive Information” territory underneath. These Google Play necessities are notwithstanding any prerequisites endorsed by method for material security or data assurance laws. It has been proposed that, an individual who needs to perform the establishment and utilize any 1/3 festival application doesn't perceive the significance and which methods for the consents mentioned by method for an application, and along these lines sincerely gives all the authorizations as a final product of which unsafe applications furthermore get set up and work their malevolent leisure activity in the rear of the scene.
2021-03-15
Wang, B., Dou, Y., Sang, Y., Zhang, Y., Huang, J..  2020.  IoTCMal: Towards A Hybrid IoT Honeypot for Capturing and Analyzing Malware. ICC 2020 - 2020 IEEE International Conference on Communications (ICC). :1—7.

Nowadays, the emerging Internet-of-Things (IoT) emphasize the need for the security of network-connected devices. Additionally, there are two types of services in IoT devices that are easily exploited by attackers, weak authentication services (e.g., SSH/Telnet) and exploited services using command injection. Based on this observation, we propose IoTCMal, a hybrid IoT honeypot framework for capturing more comprehensive malicious samples aiming at IoT devices. The key novelty of IoTC-MAL is three-fold: (i) it provides a high-interactive component with common vulnerable service in real IoT device by utilizing traffic forwarding technique; (ii) it also contains a low-interactive component with Telnet/SSH service by running in virtual environment. (iii) Distinct from traditional low-interactive IoT honeypots[1], which only analyze family categories of malicious samples, IoTCMal primarily focuses on homology analysis of malicious samples. We deployed IoTCMal on 36 VPS1 instances distributed in 13 cities of 6 countries. By analyzing the malware binaries captured from IoTCMal, we discover 8 malware families controlled by at least 11 groups of attackers, which mainly launched DDoS attacks and digital currency mining. Among them, about 60% of the captured malicious samples ran in ARM or MIPs architectures, which are widely used in IoT devices.

2021-03-09
Murali, R., Velayutham, C. S..  2020.  A Conceptual Direction on Automatically Evolving Computer Malware using Genetic and Evolutionary Algorithms. 2020 International Conference on Inventive Computation Technologies (ICICT). :226—229.

The widespread use of computing devices and the heavy dependence on the internet has evolved the cyberspace to a cyber world - something comparable to an artificial world. This paper focuses on one of the major problems of the cyber world - cyber security or more specifically computer malware. We show that computer malware is a perfect example of an artificial ecosystem with a co-evolutionary predator-prey framework. We attempt to merge the two domains of biologically inspired computing and computer malware. Under the aegis of proactive defense, this paper discusses the possibilities, challenges and opportunities in fusing evolutionary computing techniques with malware creation.

Akram, B., Ogi, D..  2020.  The Making of Indicator of Compromise using Malware Reverse Engineering Techniques. 2020 International Conference on ICT for Smart Society (ICISS). CFP2013V-ART:1—6.

Malware threats often go undetected immediately, because attackers can camouflage well within the system. The users realize this after the devices stop working and cause harm for them. One way to deceive malicious content detection, malware authors use packers. Malware analysis is an activity to gain knowledge about malware. Reverse engineering is a technique used to identify and deal with new viruses or to understand malware behavior. Therefore, this technique can be the right choice for conducting malware analysis, especially for malware with packers. The results of the analysis are used as a source for making creating indicator of compromise in the YARA rule format. YARA rule is used as a component for detecting malware using the indicators obtained in the analysis process.

Susanto, Stiawan, D., Arifin, M. A. S., Idris, M. Y., Budiarto, R..  2020.  IoT Botnet Malware Classification Using Weka Tool and Scikit-learn Machine Learning. 2020 7th International Conference on Electrical Engineering, Computer Sciences and Informatics (EECSI). :15—20.

Botnet is one of the threats to internet network security-Botmaster in carrying out attacks on the network by relying on communication on network traffic. Internet of Things (IoT) network infrastructure consists of devices that are inexpensive, low-power, always-on, always connected to the network, and are inconspicuous and have ubiquity and inconspicuousness characteristics so that these characteristics make IoT devices an attractive target for botnet malware attacks. In identifying whether packet traffic is a malware attack or not, one can use machine learning classification methods. By using Weka and Scikit-learn analysis tools machine learning, this paper implements four machine learning algorithms, i.e.: AdaBoost, Decision Tree, Random Forest, and Naïve Bayes. Then experiments are conducted to measure the performance of the four algorithms in terms of accuracy, execution time, and false positive rate (FPR). Experiment results show that the Weka tool provides more accurate and efficient classification methods. However, in false positive rate, the use of Scikit-learn provides better results.

Memos, V. A., Psannis, K. E..  2020.  AI-Powered Honeypots for Enhanced IoT Botnet Detection. 2020 3rd World Symposium on Communication Engineering (WSCE). :64—68.

Internet of Things (IoT) is a revolutionary expandable network which has brought many advantages, improving the Quality of Life (QoL) of individuals. However, IoT carries dangers, due to the fact that hackers have the ability to find security gaps in users' IoT devices, which are not still secure enough and hence, intrude into them for malicious activities. As a result, they can control many connected devices in an IoT network, turning IoT into Botnet of Things (BoT). In a botnet, hackers can launch several types of attacks, such as the well known attacks of Distributed Denial of Service (DDoS) and Man in the Middle (MitM), and/or spread various types of malicious software (malware) to the compromised devices of the IoT network. In this paper, we propose a novel hybrid Artificial Intelligence (AI)-powered honeynet for enhanced IoT botnet detection rate with the use of Cloud Computing (CC). This upcoming security mechanism makes use of Machine Learning (ML) techniques like the Logistic Regression (LR) in order to predict potential botnet existence. It can also be adopted by other conventional security architectures in order to intercept hackers the creation of large botnets for malicious actions.

Lingenfelter, B., Vakilinia, I., Sengupta, S..  2020.  Analyzing Variation Among IoT Botnets Using Medium Interaction Honeypots. 2020 10th Annual Computing and Communication Workshop and Conference (CCWC). :0761—0767.

Through analysis of sessions in which files were created and downloaded on three Cowrie SSH/Telnet honeypots, we find that IoT botnets are by far the most common source of malware on connected systems with weak credentials. We detail our honeypot configuration and describe a simple method for listing near-identical malicious login sessions using edit distance. A large number of IoT botnets attack our honeypots, but the malicious sessions which download botnet software to the honeypot are almost all nearly identical to one of two common attack patterns. It is apparent that the Mirai worm is still the dominant botnet software, but has been expanded and modified by other hackers. We also find that the same loader devices deploy several different botnet malware strains to the honeypot over the course of a 40 day period, suggesting multiple botnet deployments from the same source. We conclude that Mirai continues to be adapted but can be effectively tracked using medium interaction honeypots such as Cowrie.

Muhammad, A., Asad, M., Javed, A. R..  2020.  Robust Early Stage Botnet Detection using Machine Learning. 2020 International Conference on Cyber Warfare and Security (ICCWS). :1—6.

Among the different types of malware, botnets are rising as the most genuine risk against cybersecurity as they give a stage to criminal operations (e.g., Distributed Denial of Service (DDOS) attacks, malware dispersal, phishing, and click fraud and identity theft). Existing botnet detection techniques work only on specific botnet Command and Control (C&C) protocols and lack in providing early-stage botnet detection. In this paper, we propose an approach for early-stage botnet detection. The proposed approach first selects the optimal features using feature selection techniques. Next, it feeds these features to machine learning classifiers to evaluate the performance of the botnet detection. Experiments reveals that the proposed approach efficiently classifies normal and malicious traffic at an early stage. The proposed approach achieves the accuracy of 99%, True Positive Rate (TPR) of 0.99 %, and False Positive Rate (FPR) of 0.007 % and provide an efficient detection rate in comparison with the existing approach.

Kamilin, M. H. B., Yamaguchi, S..  2020.  White-Hat Worm Launcher Based on Deep Learning in Botnet Defense System. 2020 IEEE International Conference on Consumer Electronics - Asia (ICCE-Asia). :1—2.

This paper proposes a deep learning-based white-hat worm launcher in Botnet Defense System (BDS). BDS uses white-hat botnets to defend an IoT system against malicious botnets. White-hat worm launcher literally launches white-hat worms to create white-hat botnets according to the strategy decided by BDS. The proposed launcher learns with deep learning where is the white-hat worms' right place to successfully drive out malicious botnets. Given a system situation invaded by malicious botnets, it predicts a worms' placement by the learning result and launches them. We confirmed the effect of the proposed launcher through simulating evaluation.

2021-03-04
Afreen, A., Aslam, M., Ahmed, S..  2020.  Analysis of Fileless Malware and its Evasive Behavior. 2020 International Conference on Cyber Warfare and Security (ICCWS). :1—8.

Malware is any software that causes harm to the user information, computer systems or network. Modern computing and internet systems are facing increase in malware threats from the internet. It is observed that different malware follows the same patterns in their structure with minimal alterations. The type of threats has evolved, from file-based malware to fileless malware, such kind of threats are also known as Advance Volatile Threat (AVT). Fileless malware is complex and evasive, exploiting pre-installed trusted programs to infiltrate information with its malicious intent. Fileless malware is designed to run in system memory with a very small footprint, leaving no artifacts on physical hard drives. Traditional antivirus signatures and heuristic analysis are unable to detect this kind of malware due to its sophisticated and evasive nature. This paper provides information relating to detection, mitigation and analysis for such kind of threat.

Matin, I. Muhamad Malik, Rahardjo, B..  2020.  A Framework for Collecting and Analysis PE Malware Using Modern Honey Network (MHN). 2020 8th International Conference on Cyber and IT Service Management (CITSM). :1—5.

Nowadays, Windows is an operating system that is very popular among people, especially users who have limited knowledge of computers. But unconsciously, the security threat to the windows operating system is very high. Security threats can be in the form of illegal exploitation of the system. The most common attack is using malware. To determine the characteristics of malware using dynamic analysis techniques and static analysis is very dependent on the availability of malware samples. Honeypot is the most effective malware collection technique. But honeypot cannot determine the type of file format contained in malware. File format information is needed for the purpose of handling malware analysis that is focused on windows-based malware. For this reason, we propose a framework that can collect malware information as well as identify malware PE file type formats. In this study, we collected malware samples using a modern honey network. Next, we performed a feature extraction to determine the PE file format. Then, we classify types of malware using VirusTotal scanning. As the results of this study, we managed to get 1.222 malware samples. Out of 1.222 malware samples, we successfully extracted 945 PE malware. This study can help researchers in other research fields, such as machine learning and deep learning, for malware detection.

Ferryansa, Budiono, A., Almaarif, A..  2020.  Analysis of USB Based Spying Method Using Arduino and Metasploit Framework in Windows Operating System. 2020 3rd International Conference on Computer and Informatics Engineering (IC2IE). :437—442.

The use of a very wide windows operating system is undeniably also followed by increasing attacks on the operating system. Universal Serial Bus (USB) is one of the mechanisms used by many people with plug and play functionality that is very easy to use, making data transfers fast and easy compared to other hardware. Some research shows that the Windows operating system has weaknesses so that it is often exploited by using various attacks and malware. There are various methods used to exploit the Windows operating system, one of them by using a USB device. By using a USB device, a criminal can plant a backdoor reverse shell to exploit the victim's computer just by connecting the USB device to the victim's computer without being noticed. This research was conducted by planting a reverse shell backdoor through a USB device to exploit the victim's device, especially the webcam and microphone device on the target computer. From 35 experiments that have been carried out, it was found that 83% of spying attacks using USB devices on the Windows operating system were successfully carried out.

2021-02-22
Oliver, J., Ali, M., Hagen, J..  2020.  HAC-T and Fast Search for Similarity in Security. 2020 International Conference on Omni-layer Intelligent Systems (COINS). :1–7.
Similarity digests have gained popularity for many security applications like blacklisting/whitelisting, and finding similar variants of malware. TLSH has been shown to be particularly good at hunting similar malware, and is resistant to evasion as compared to other similarity digests like ssdeep and sdhash. Searching and clustering are fundamental tools which help the security analysts and security operations center (SOC) operators in hunting and analyzing malware. Current approaches which aim to cluster malware are not scalable enough to keep up with the vast amount of malware and goodware available in the wild. In this paper, we present techniques which allow for fast search and clustering of TLSH hash digests which can aid analysts to inspect large amounts of malware/goodware. Our approach builds on fast nearest neighbor search techniques to build a tree-based index which performs fast search based on TLSH hash digests. The tree-based index is used in our threshold based Hierarchical Agglomerative Clustering (HAC-T) algorithm which is able to cluster digests in a scalable manner. Our clustering technique can cluster digests in O (n logn) time on average. We performed an empirical evaluation by comparing our approach with many standard and recent clustering techniques. We demonstrate that our approach is much more scalable and still is able to produce good cluster quality. We measured cluster quality using purity on 10 million samples obtained from VirusTotal. We obtained a high purity score in the range from 0.97 to 0.98 using labels from five major anti-virus vendors (Kaspersky, Microsoft, Symantec, Sophos, and McAfee) which demonstrates the effectiveness of the proposed method.
2021-02-10
Banerjee, R., Baksi, A., Singh, N., Bishnu, S. K..  2020.  Detection of XSS in web applications using Machine Learning Classifiers. 2020 4th International Conference on Electronics, Materials Engineering Nano-Technology (IEMENTech). :1—5.
Considering the amount of time we spend on the internet, web pages have evolved over a period of time with rapid progression and momentum. With such advancement, we find ourselves fronting a few hostile ideologies, breaching the security levels of webpages as such. The most hazardous of them all is XSS, known as Cross-Site Scripting, is one of the attacks which frequently occur in website-based applications. Cross-Site Scripting (XSS) attacks happen when malicious data enters a web application through an untrusted source. The spam attacks happen in the form of Wall posts, News feed, Message spam and mostly when a user is open to download content of webpages. This paper investigates the use of machine learning to build classifiers to allow the detection of XSS. Establishing our approach, we target the detection modus operandi of XSS attack via two features: URLs and JavaScript. To predict the level of XSS threat, we will be using four machine learning algorithms (SVM, KNN, Random forest and Logistic Regression). Proposing these classified algorithms, webpages will be branded as malicious or benign. After assessing and calculating the dataset features, we concluded that the Random Forest Classifier performed most accurately with the lowest False Positive Rate of 0.34. This precision will ensure a method much efficient to evaluate threatening XSS for the smooth functioning of the system.
Kascheev, S., Olenchikova, T..  2020.  The Detecting Cross-Site Scripting (XSS) Using Machine Learning Methods. 2020 Global Smart Industry Conference (GloSIC). :265—270.
This article discusses the problem of detecting cross-site scripting (XSS) using machine learning methods. XSS is an attack in which malicious code is embedded on a page to interact with an attacker’s web server. The XSS attack ranks third in the ranking of key web application risks according to Open Source Foundation for Application Security (OWASP). This attack has not been studied for a long time. It was considered harmless. However, this is fallacious: the page or HTTP Cookie may contain very vulnerable data, such as payment document numbers or the administrator session token. Machine learning is a tool that can be used to detect XSS attacks. This article describes an experiment. As a result the model for detecting XSS attacks was created. Following machine learning algorithms are considered: the support vector method, the decision tree, the Naive Bayes classifier, and Logistic Regression. The accuracy of the presented methods is made a comparison.
Gomes, F., Correia, M..  2020.  Cryptojacking Detection with CPU Usage Metrics. 2020 IEEE 19th International Symposium on Network Computing and Applications (NCA). :1—10.
Cryptojacking is currently being exploited by cyber-criminals. This form of malware runs in the computers of victims without their consent. It often infects browsers and does CPU-intensive computations to mine cryptocurrencies on behalf of the cyber-criminal, which takes the profits without paying for the resources consumed. Such attacks degrade computer performance and potentially reduce the hardware lifetime. We introduce a new cryptojacking detection mechanism based on monitoring the CPU usage of the visited web pages. This may look like an unreliable way to detect mining malware since many web sites are heavy computationally and that malware often throttles CPU usage. However, by combining a set of CPU monitoring features and using machine learning, we manage to obtain metrics like precision and recall close to 1.
Aktepe, S., Varol, C., Shashidhar, N..  2020.  MiNo: The Chrome Web Browser Add-on Application to Block the Hidden Cryptocurrency Mining Activities. 2020 8th International Symposium on Digital Forensics and Security (ISDFS). :1—5.
Cryptocurrencies are the digital currencies designed to replace the regular cash money while taking place in our daily lives especially for the last couple of years. Mining cryptocurrencies are one of the popular ways to have them and make a profit due to unstable values in the market. This attracts attackers to utilize malware on internet users' computer resources, also known as cryptojacking, to mine cryptocurrencies. Cryptojacking started to be a major issue in the internet world. In this case, we developed MiNo, a web browser add-on application to detect these malicious mining activities running without the user's permission or knowledge. This add-on provides security and efficiency for the computer resources of the internet users. MiNo designed and developed with double-layer protection which makes it ahead of its competitors in the market.
Gomes, G., Dias, L., Correia, M..  2020.  CryingJackpot: Network Flows and Performance Counters against Cryptojacking. 2020 IEEE 19th International Symposium on Network Computing and Applications (NCA). :1—10.
Cryptojacking, the appropriation of users' computational resources without their knowledge or consent to obtain cryp-tocurrencies, is a widespread attack, relatively easy to implement and hard to detect. Either browser-based or binary, cryptojacking lacks robust and reliable detection solutions. This paper presents a hybrid approach to detect cryptojacking where no previous knowledge about the attacks or training data is needed. Our Cryp-tojacking Intrusion Detection Approach, Cryingjackpot, extracts and combines flow and performance counter-based features, aggregating hosts with similar behavior by using unsupervised machine learning algorithms. We evaluate Cryingjackpot experimentally with both an artificial and a hybrid dataset, achieving F1-scores up to 97%.
Tanana, D., Tanana, G..  2020.  Advanced Behavior-Based Technique for Cryptojacking Malware Detection. 2020 14th International Conference on Signal Processing and Communication Systems (ICSPCS). :1—4.
With rising value and popularity of cryptocurrencies, they inevitably attract cybercriminals seeking illicit profits within blockchain ecosystem. Two of the most popular methods are ransomware and cryptojacking. Ransomware, being the first and more obvious threat has been extensively studied in the past. Unlike that, scientists have often neglected cryptojacking, because it’s less obvious and less harmful than ransomware. In this paper, we’d like to propose enhanced detection program to combat cryptojacking, additionally briefly touching history of cryptojacking, also known as malicious mining and reviewing most notable previous attempts to detect and combat cryptojacking. The review would include out previous work on malicious mining detection and our current detection program is based on its previous iteration, which mostly used CPU usage heuristics to detect cryptojacking. However, we will include additional metrics for malicious mining detection, such as network usage and calls to cryptographic libraries, which result in a 93% detection rate against the selected number of cryptojacking samples, compared to 81% rate achieved in previous work. Finally, we’ll discuss generalization of proposed detection technique to include GPU cryptojackers.
2021-02-08
Zhang, J..  2020.  DeepMal: A CNN-LSTM Model for Malware Detection Based on Dynamic Semantic Behaviours. 2020 International Conference on Computer Information and Big Data Applications (CIBDA). :313–316.
Malware refers to any software accessing or being installed in a system without the authorisation of administrators. Various malware has been widely used for cyber-criminals to accomplish their evil intentions and goals. To combat the increasing amount and reduce the threat of malicious programs, a novel deep learning framework, which uses NLP techniques for reference, combines CNN and LSTM neurones to capture the locally spatial correlations and learn from sequential longterm dependency is proposed. Hence, high-level abstractions and representations are automatically extracted for the malware classification task. The classification accuracy improves from 0.81 (best one by Random Forest) to approximately 1.0.