Malware development has seen diversity in terms of architecture and features. This advancement in the competencies of malware poses a severe threat and opens new research dimensions in malware detection. This study is focused on metamorphic malware, which is the most advanced member of the malware family. It is quite impossible for anti-virus applications using traditional signature-based methods to detect metamorphic malware, which makes it difficult to classify this type of malware accordingly. Recent research literature about malware detection and classification discusses this issue related to malware behavior. The main goal of this paper is to develop a classification method according to malware types by taking into consideration the behavior of malware. We started this research by developing a new dataset containing API calls made on the windows operating system, which represents the behavior of malicious software. The types of malicious malware included in the dataset are Adware, Backdoor, Downloader, Dropper, spyware, Trojan, Virus, and Worm. The classification method used in this study is LSTM (Long Short-Term Memory), which is a widely used classification method in sequential data. The results obtained by the classifier demonstrate accuracy up to 95% with 0.83 $F_1$-score, which is quite satisfactory. We also run our experiments with binary and multi-class malware datasets to show the classification performance of the LSTM model. Another significant contribution of this research paper is the development of a new dataset for Windows operating systems based on API calls. To the best of our knowledge, there is no such dataset available before our research. The availability of our dataset on GitHub facilitates the research community in the domain of malware detection to benefit and make a further contribution to this domain.
Download full-text PDF |
Source |
|---|---|
| http://www.ncbi.nlm.nih.gov/pmc/articles/PMC7924690 | PMC |
| http://dx.doi.org/10.7717/peerj-cs.285 | DOI Listing |
Publication Analysis
Top Keywords
Similar Publications
Impact of AI on the Cyber Kill Chain: A Systematic Review.
Heliyon
December 2024
Innovative Cognitive Computing (IC2) Research Center, School of Information Technology (SIT) King Mongkut's University of Technology Thonburi, Bangkok, Thailand.
The Cyber Kill Chain (CKC) defense model aims to assist subject matter experts in planning, identifying, and executing against cyber intrusion activity, by outlining seven stages required for adversaries to execute an attack. Recent advancements in Artificial Intelligence (AI) have empowered adversaries to execute sophisticated attacks to exploit system vulnerabilities. As a result, it is essential to consider how AI-based tools change the cyber threat landscape and affect the current standard CKC model.
View Article and Find Full Text PDFAdvancing cybersecurity and privacy with artificial intelligence: current trends and future research directions.
Front Big Data
December 2024
School of Business, Amrita Vishwa Vidyapeetham, Amritapuri, Kollam, Kerala, India.
Introduction: The rapid escalation of cyber threats necessitates innovative strategies to enhance cybersecurity and privacy measures. Artificial Intelligence (AI) has emerged as a promising tool poised to enhance the effectiveness of cybersecurity strategies by offering advanced capabilities for intrusion detection, malware classification, and privacy preservation. However, this work addresses the significant lack of a comprehensive synthesis of AI's use in cybersecurity and privacy across the vast literature, aiming to identify existing gaps and guide further progress.
View Article and Find Full Text PDFDetecting Unusual Repetitive Patterns of Behavior Indicative of a Loop-Based Attack in IoT.
Sensors (Basel)
November 2024
College of Computer Science and Engineering, University of Jeddah, Jeddah 21959, Saudi Arabia.
Given the high risk of Internet of Things (IoT) device compromise, it is crucial to discuss the attack detection aspect. However, due to the physical limitations of IoT, such as battery life and sensing and processing power, the widely used detection techniques, such as signature-based or anomaly-based detection, are quite ineffective. This research extracted loop-based cases from the transmission session dataset of "CTU-IoT-Malware-Capture-7-1" ("Linux, Mirai") and implemented a loop-based detection machine learning approach.
View Article and Find Full Text PDFEnhancing ransomware defense: deep learning-based detection and family-wise classification of evolving threats.
PeerJ Comput Sci
November 2024
Department of Computer Engineering, College of Computer and Information Sciences, King Saud University, Riyadh, Saudi Arabia.
Ransomware is a type of malware that locks access to or encrypts its victim's files for a ransom to be paid to get back locked or encrypted data. With the invention of obfuscation techniques, it became difficult to detect its new variants. Identifying the exact malware category and family can help to prepare for possible attacks.
View Article and Find Full Text PDFPermQRDroid: Android malware detection with novel attention layered mini-ResNet architecture over effective permission information image.
PeerJ Comput Sci
October 2024
IoTLab, Department of Computer Engineering, Gazi University, Ankara, Turkey.
Background: The Android operating system holds the vast majority of the market share in smart device usage worldwide. The Android operating system, which is of interest to users, is increasing its usage rate day by day due to its open source nature and free applications. Applications can be installed on the Android operating system from official application markets and unofficial third-party environments, which poses a great risk to users' privacy and security.
View Article and Find Full Text PDFWant AI Summaries of new PubMed Abstracts delivered to your In-box?
Enter search terms and have AI summaries delivered each week - change queries or unsubscribe any time!