ZeVigilante: Detecting Zero-Day Malware Using Machine Learning and Sandboxing Analysis Techniques

Author:

Alhaidari Fahd12ORCID,Shaib Nouran Abu2,Alsafi Maram2,Alharbi Haneen2,Alawami Majd2,Aljindan Reem2,Rahman Atta-ur3ORCID,Zagrouba Rachid14

Affiliation:

1. Saudi Aramco Cybersecurity Chair, Dhahran, Saudi Arabia

2. Department of Networks and Communications, College of Computer Science and Information Technology (CCSIT), Imam Abdulrahman Bin Faisal University, P.O. Box 1982, Dammam 31441, Saudi Arabia

3. Department of Computer Science, College of Computer Science and Information Technology (CCSIT), Imam Abdulrahman Bin Faisal University, P.O. Box 1982, Dammam 31441, Saudi Arabia

4. Department of Computer Information Systems, College of Computer Science and Information Technology (CCSIT), Imam Abdulrahman Bin Faisal University, P.O. Box 1982, Dammam 31441, Saudi Arabia

Abstract

For the enormous growth and the hysterical impact of undocumented malicious software, otherwise known as Zero-Day malware, specialized practices were joined to implement systems capable of detecting these kinds of software to avert possible disastrous consequences. Owing to the nature of developed Zero-Day malware, distinct evasion tactics are used to remain stealth. Hence, there is a need for advance investigations of the methods that can identify such kind of malware. Machine learning (ML) is among the promising techniques for such type of predictions, while the sandbox provides a safe environment for such experiments. After thorough literature review, carefully chosen ML techniques are proposed for the malware detection, under Cuckoo sandboxing (CS) environment. The proposed system is coined as Zero-Day Vigilante (ZeVigilante) to detect the malware considering both static and dynamic analyses. We used adequate datasets for both analyses incorporating sufficient samples in contrast to other studies. Consequently, the processed datasets are used to train and test several ML classifiers including Random Forest (RF), Neural Networks (NN), Decision Tree (DT), k-Nearest Neighbor (kNN), Naïve Bayes (NB), and Support Vector Machine (SVM). It is observed that RF achieved the best accuracy for both static and dynamic analyses, 98.21% and 98.92%, respectively.

Funder

Imam Abdulrahman Bin Faisal University

Publisher

Hindawi Limited

Subject

General Mathematics,General Medicine,General Neuroscience,General Computer Science

Reference50 articles.

1. AVTEST;A. Marx

2. Zero-day attack detection using machine learning techniques;P. Patidar;International Journal of Research and Analytical Reviews,2019

3. Review of malware and techniques for combating zero-day attacks;V. T. Emmah;International Journal of Engineering Research and Technology,2017

4. Use of Data Visualisation for Zero-Day Malware Detection

5. A Survey on Zero-Day Polymorphic Worm Detection Techniques

Cited by 12 articles. 订阅此论文施引文献 订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献

1. Zero Day Attack Detection and Simulation through Deep Learning Techniques;2024 14th International Conference on Cloud Computing, Data Science & Engineering (Confluence);2024-01-18

2. ML-Based Prediction of Ideal Discipline for UG Students: A Sustainable Educational Perspective;Technical and Vocational Education and Training: Issues, Concerns and Prospects;2024

3. Cybersecurity for autonomous vehicles against malware attacks in smart-cities;Cluster Computing;2023-10-03

4. Zero-Vuln: Using deep learning and zero-shot learning techniques to detect zero-day Android malware;2023 3rd International Conference on Electrical, Computer, Communications and Mechatronics Engineering (ICECCME);2023-07-19

5. Classification and Detection of Malware in Android: An Analysis;2023 International Conference on Computational Intelligence and Sustainable Engineering Solutions (CISES);2023-04-28

同舟云学术

1.学者识别学者识别

2.学术分析学术分析

3.人才评估人才评估

"同舟云学术"是以全球学者为主线,采集、加工和组织学术论文而形成的新型学术文献查询和分析系统,可以对全球学者进行文献检索和人才价值评估。用户可以通过关注某些学科领域的顶尖人物而持续追踪该领域的学科进展和研究前沿。经过近期的数据扩容,当前同舟云学术共收录了国内外主流学术期刊6万余种,收集的期刊论文及会议论文总量共计约1.5亿篇,并以每天添加12000余篇中外论文的速度递增。我们也可以为用户提供个性化、定制化的学者数据。欢迎来电咨询!咨询电话:010-8811{复制后删除}0370

www.globalauthorid.com

TOP

Copyright © 2019-2024 北京同舟云网络信息技术有限公司
京公网安备11010802033243号  京ICP备18003416号-3