In recent years, studies on malware analysis have noticeably increased in the cybersecurity community. Most recent studies concentrate on malware classification and detection or malicious patterns identification, but as to malware activity, it still relies heavily on manual analysis for high-level semantic descriptions. We develop a sequence-to-sequence (seq2seq) neural network, called TagSeq, to investigate a sequence of Windows API calls recorded from malware execution, and produce tags to label their malicious behavior. We propose embedding modules to transform Windows API function parameters, registry, filenames, and URLs into low-dimension vectors, while still preserving the closeness property. Moreover, we utilize an attention mechanism to capture the relations between generated tags and certain API invocation calls. Results show that the most possible malicious actions are identified by TagSeq. Examples and a case study demonstrate that the proposed embedding modules preserve semantic-physical relations and that the predicted tags reflect malicious intentions. We believe this work is suitable as a tool to help security analysts recognize malicious behavior and intent with easy-to-understand tags.
Download full-text PDF |
Source |
|---|---|
| http://www.ncbi.nlm.nih.gov/pmc/articles/PMC9109923 | PMC |
| http://journals.plos.org/plosone/article?id=10.1371/journal.pone.0263644 | PLOS |
Publication Analysis
Top Keywords
Similar Publications
Summon a demon and bind it: A grounded theory of LLM red teaming.
PLoS One
January 2025
Department of Computer Science, IT University of Copenhagen, Copenhagen, Denmark.
Engaging in the deliberate generation of abnormal outputs from Large Language Models (LLMs) by attacking them is a novel human activity. This paper presents a thorough exposition of how and why people perform such attacks, defining LLM red-teaming based on extensive and diverse evidence. Using a formal qualitative methodology, we interviewed dozens of practitioners from a broad range of backgrounds, all contributors to this novel work of attempting to cause LLMs to fail.
View Article and Find Full Text PDFAnalysis of Autonomous Penetration Testing Through Reinforcement Learning and Recommender Systems.
Sensors (Basel)
January 2025
Group of Analysis, Security and Systems (GASS), Department of Software Engineering and Artificial Intelligence (DISIA), Faculty of Computer Science and Engineering, Office 431, Universidad Complutense de Madrid (UCM), Calle Profesor José García Santesmases, 9, Ciudad Universitaria, 28040 Madrid, Spain.
Conducting penetration testing (pentesting) in cybersecurity is a crucial turning point for identifying vulnerabilities within the framework of Information Technology (IT), where real malicious offensive behavior is simulated to identify potential weaknesses and strengthen preventive controls. Given the complexity of the tests, time constraints, and the specialized level of expertise required for pentesting, analysis and exploitation tools are commonly used. Although useful, these tools often introduce uncertainty in findings, resulting in high rates of false positives.
View Article and Find Full Text PDFA Petri Net and LSTM Hybrid Approach for Intrusion Detection Systems in Enterprise Networks.
Sensors (Basel)
December 2024
Department of Electrical and Information Engineering, Polytechnic University of Bari, 70126 Bari, Italy.
Intrusion Detection Systems (IDSs) are a crucial component of modern corporate firewalls. The ability of IDS to identify malicious traffic is a powerful tool to prevent potential attacks and keep a corporate network secure. In this context, Machine Learning (ML)-based methods have proven to be very effective for attack identification.
View Article and Find Full Text PDFA novel deep synthesis-based insider intrusion detection (DS-IID) model for malicious insiders and AI-generated threats.
Sci Rep
January 2025
College of Computer and Information Sciences, Imam Mohammad Ibn Saud Islamic University (IMSIU), Riyadh, 11432, Saudi Arabia.
Insider threats pose a significant challenge to IT security, particularly with the rise of generative AI technologies, which can create convincing fake user profiles and mimic legitimate behaviors. Traditional intrusion detection systems struggle to differentiate between real and AI-generated activities, creating vulnerabilities in detecting malicious insiders. To address this challenge, this paper introduces a novel Deep Synthesis Insider Intrusion Detection (DS-IID) model.
View Article and Find Full Text PDFA novel numerical solution of nonlinear stochastic model for the propagation of malicious codes in Wireless Sensor Networks using a high order spectral collocation technique.
Sci Rep
January 2025
Computer Engineering Department, College of Computer and Information Sciences, King Saud University, Riyadh, Saudi Arabia.
The open nature of Wireless Sensor Networks (WSNs) renders them an easy target to malicious code propagation, posing a significant and persistent threat to their security. Various mathematical models have been studied in recent literature for understanding the dynamics and control of the propagation of malicious codes in WSNs. However, due to the inherent randomness and uncertainty present in WSNs, stochastic modeling approach is essential for a comprehensive understanding of the propagation of malicious codes in WSNs.
View Article and Find Full Text PDFWant AI Summaries of new PubMed Abstracts delivered to your In-box?
Enter search terms and have AI summaries delivered each week - change queries or unsubscribe any time!