The Experts below are selected from a list of 41976 Experts worldwide ranked by ideXlab platform
Yi Zhang - One of the best experts on this subject based on the ideXlab platform.
-
malware collusion attack against machine learning based methods issues and countermeasures
International Conference on Cloud Computing, 2018Co-Authors: Hongyi Chen, Jinshu Su, Linbo Qiao, Yi ZhangAbstract:Android has become the most popular platform for mobile devices, and also it has become a popular target for malware developers. At the same time, researchers have proposed a large number of methods, both static and dynamic analysis methods, to fight against Malwares. Among these, Machine learning based methods are quite effective in Android malware detection, the accuracy of which can be up to 98%. Thus, malware developers have the incentives to develop more advanced Malwares to evade detection. This paper presents an adversary attack pattern that will compromise current machine learning based malware detection methods. The malware developers can perform this attack easily by splitting malicious payload into two or more apps. The split apps will all be classified as benign by current methods. Thus, we proposed a method to deal with this issue. This approach, realized in a tool, called ColluDroid, can identify the collusion apps by analyzing the communication between apps. The evaluation results show that ColluDroid is effective in finding out the collusion apps. Also, we showed that it’s easy to split an app to evade detection. According to our split simulation, the evasion rate is 78%, when split into two apps; while the evasion rate comes to 94.8%, when split into three apps.
Hongyi Chen - One of the best experts on this subject based on the ideXlab platform.
-
malware collusion attack against machine learning based methods issues and countermeasures
International Conference on Cloud Computing, 2018Co-Authors: Hongyi Chen, Jinshu Su, Linbo Qiao, Yi ZhangAbstract:Android has become the most popular platform for mobile devices, and also it has become a popular target for malware developers. At the same time, researchers have proposed a large number of methods, both static and dynamic analysis methods, to fight against Malwares. Among these, Machine learning based methods are quite effective in Android malware detection, the accuracy of which can be up to 98%. Thus, malware developers have the incentives to develop more advanced Malwares to evade detection. This paper presents an adversary attack pattern that will compromise current machine learning based malware detection methods. The malware developers can perform this attack easily by splitting malicious payload into two or more apps. The split apps will all be classified as benign by current methods. Thus, we proposed a method to deal with this issue. This approach, realized in a tool, called ColluDroid, can identify the collusion apps by analyzing the communication between apps. The evaluation results show that ColluDroid is effective in finding out the collusion apps. Also, we showed that it’s easy to split an app to evade detection. According to our split simulation, the evasion rate is 78%, when split into two apps; while the evasion rate comes to 94.8%, when split into three apps.
Boudhir Anouar Abdelhakim - One of the best experts on this subject based on the ideXlab platform.
-
deep learning for detecting android Malwares
Proceedings of the 4th International Conference on Smart City Applications, 2019Co-Authors: Soussi Ilham, Ghadi Abderrahim, Boudhir Anouar AbdelhakimAbstract:The revolution and development of Malwares over time necessitate an intensive researches on advanced techniques to secure user's personal and critical information, the most challenging task is to build a strong and robust classifier allows to detect different types of Malwares and being able to defeat zero-day malware attacks. Machine learning algorithms as SVM (support vector machine), Random Forest and Naive Bayes are well-known choices for building the malware classifier, even though the deep learning which is a subfield of machine learning, has a portion in classifying android Malwares with high precision. In this paper we present a modest study on difference between using both techniques and proposition of an approach based on deep learning technique applied on Apk of android applications belong to a heterogeneous data combined of benign and malware applications of different types.
-
machine learning application for Malwares classification using visualization technique
Proceedings of the 4th International Conference on Smart City Applications, 2019Co-Authors: Ben Abdel Ouahab Ikram, Boudhir Anouar Abdelhakim, Bouhorma Mohammed, El Aachak Lotfi, Bassam ZafarAbstract:Nowadays attackers work hard to develop efficient cyberthreats and exploit new techniques. So defenders need to use advanced methodologies to combat the latest threats and safely remove them from computers, mobiles and connected devices. Without the intelligent techniques, these devices would be at increased risk of damage from malicious programs. Recently a novel approach of processing Malwares was appeared; it passes from malware binaries into malware images. Researchers found similarities in Malwares images by extracting specific features. This paper presents Malwares classifier using KNN and malware visualization technique. We used a database of 9339 samples of Malwares from 25 families. We calculated the GIST descriptor for grayscale malware images. Then a KNN model was trained and evaluated many times to reach a score of 97%, which is very close to results found on literature.
-
Clustering Android Applications Using K-Means Algorithm Using Permissions
Innovations in Smart Cities Applications Edition 2, 2019Co-Authors: Soussi Ilham, Ghadi Abderrahim, Boudhir Anouar AbdelhakimAbstract:In field of mobile security android malware is well known as a problematic never can finally solved despite of many solutions that have been proposed over time by researchers because of revolution and development of attackers techniques used in codes of their Malwares that override anti-Malwares and malware detection techniques by hiding the real behavior of malware when it is getting to scan moreover by obfuscating the source code of this last which make it difficult for researchers to view the source code of malicious application in order to analyze the element of this last and required features by it. The revolution of this malicious techniques make the solution proposed even using newest technologies of machine learning and reverse engineering get more limited over time in detecting Malwares especially new released ones. For this reason the main objective of researchers in this field is to find a new solutions that can bear with this revolution. In this paper we proposed an approach based on clustering android applications into malware or benign using permissions as features in order to detect Malwares in android applications by the application of filter feature selection algorithms to select features and k-Mean machine learning algorithm for clustering purpose.
Sattar Hashemi - One of the best experts on this subject based on the ideXlab platform.
-
FIT - A General Paradigm for Normalizing Metamorphic Malwares
2012 10th International Conference on Frontiers of Information Technology, 2012Co-Authors: Seyed Emad Armoun, Sattar HashemiAbstract:Nowadays Malwares are one of the most important problems of computer society and even people society according to the expansion of computer applications in every dimension of our life. Malware is a malicious code that can harm computer systems and thus makes disorder in their performance. In order to escape from malware detectors, Malwares use some obfuscation methods to change their appearance. This problem cannot be solved using traditional malware detection methods since these methods are highly dependent on malware's signatures. So normalization (de-obfuscation) methods have been proposed to confront with these problems. In this paper we propose a general malware normalizer that can store lots of obfuscation methods in the form of automata structures and use them for normalizing metamorphic Malwares. Each obfuscation method is modeled using an Augmented DFA, ADFA in short. This paradigm searches the occurrence of obfuscated codes in the source code by traversing these ADFAs. If an obfuscated code is detected in the code, it will be normalized in the next phase and thus the obfuscated malware will be detected easily by traditional malware detectors. The main contribution of this paper is its high generality. It can normalize a wide range of obfuscation methods against current methods that are proposed for confronting with one or a limited set of obfuscation methods. The presented approach is developed and tested on a diverse set of Malwares and the results are promising for detecting metamorphic Malwares.
-
a graph mining approach for detecting unknown Malwares
Journal of Visual Languages and Computing, 2012Co-Authors: Mojtaba Eskandari, Sattar HashemiAbstract:Nowadays malware is one of the serious problems in the modern societies. Although the signature based malicious code detection is the standard technique in all commercial antivirus softwares, it can only achieve detection once the virus has already caused damage and it is registered. Therefore, it fails to detect new Malwares (unknown Malwares). Since most of Malwares have similar behavior, a behavior based method can detect unknown Malwares. The behavior of a program can be represented by a set of called API's (application programming interface). Therefore, a classifier can be employed to construct a learning model with a set of programs' API calls. Finally, an intelligent malware detection system is developed to detect unknown Malwares automatically. On the other hand, we have an appealing representation model to visualize the executable files structure which is control flow graph (CFG). This model represents another semantic aspect of programs. This paper presents a robust semantic based method to detect unknown Malwares based on combination of a visualize model (CFG) and called API's. The main contribution of this paper is extracting CFG from programs and combining it with extracted API calls to have more information about executable files. This new representation model is called API-CFG. In addition, to have fast learning and classification process, the control flow graphs are converted to a set of feature vectors by a nice trick. Our approach is capable of classifying unseen benign and malicious code with high accuracy. The results show a statistically significant improvement over n-grams based detection method.
-
A General Paradigm for Normalizing Metamorphic Malwares
2012 10th International Conference on Frontiers of Information Technology, 2012Co-Authors: Seyed Emad Armoun, Sattar HashemiAbstract:Nowadays Malwares are one of the most important problems of computer society and even people society according to the expansion of computer applications in every dimension of our life. Malware is a malicious code that can harm computer systems and thus makes disorder in their performance. In order to escape from malware detectors, Malwares use some obfuscation methods to change their appearance. This problem cannot be solved using traditional malware detection methods since these methods are highly dependent on malware's signatures. So normalization (de-obfuscation) methods have been proposed to confront with these problems. In this paper we propose a general malware normalizer that can store lots of obfuscation methods in the form of automata structures and use them for normalizing metamorphic Malwares. Each obfuscation method is modeled using an Augmented DFA, ADFA in short. This paradigm searches the occurrence of obfuscated codes in the source code by traversing these ADFAs. If an obfuscated code is detected in the code, it will be normalized in the next phase and thus the obfuscated malware will be detected easily by traditional malware detectors. The main contribution of this paper is its high generality. It can normalize a wide range of obfuscation methods against current methods that are proposed for confronting with one or a limited set of obfuscation methods. The presented approach is developed and tested on a diverse set of Malwares and the results are promising for detecting metamorphic Malwares.
Songqing Chen - One of the best experts on this subject based on the ideXlab platform.
-
ASAP - Run-Time Detection of Malwares via Dynamic Control-Flow Inspection
2009 20th IEEE International Conference on Application-specific Systems Architectures and Processors, 2009Co-Authors: Yong-joon Park, Zhao Zhang, Songqing ChenAbstract:Conventional approach of detecting Malwares relies on static scanning of malware signature. However, it may not work on the Malwares that use software protection methods such as encryption and packing with run-time decryption and unpacking. We propose a hardware-assisted malware detection system that detects Malwares during program run time to complement the conventional approach. It searches for control flow-based signature of malware during program execution, therefore bypassing the protection method used by those Malwares. A new hardware design is used to assist the collection of control flow information. We have implemented and evaluated a prototype system on top of a full-system simulator based on the Intel x86 architecture. The experimental results show that the system can successfully distinguish all 30 malware variants and other benign programs that we have randomly collected, and that the overall run-time performance overhead is negligible. In short, the study demonstrates that it is a viable approach to detect malware in run time using control flow-based signature.
-
run time detection of Malwares via dynamic control flow inspection
Application-Specific Systems Architectures and Processors, 2009Co-Authors: Yong-joon Park, Zhao Zhang, Songqing ChenAbstract:Conventional approach of detecting Malwares relies on static scanning of malware signature. However, it may not work on the Malwares that use software protection methods such as encryption and packing with run-time decryption and unpacking. We propose a hardware-assisted malware detection system that detects Malwares during program run time to complement the conventional approach. It searches for control flow-based signature of malware during program execution, therefore bypassing the protection method used by those Malwares. A new hardware design is used to assist the collection of control flow information. We have implemented and evaluated a prototype system on top of a full-system simulator based on the Intel x86 architecture. The experimental results show that the system can successfully distinguish all 30 malware variants and other benign programs that we have randomly collected, and that the overall run-time performance overhead is negligible. In short, the study demonstrates that it is a viable approach to detect malware in run time using control flow-based signature.
