Features Engineering to Differentiate between Malware and Legitimate Software-Reference-Cited by-同舟云学术

Features Engineering to Differentiate between Malware and Legitimate Software

Published:2023-02-03 Issue:3 Volume:13 Page:1972
ISSN:2076-3417
Container-title:Applied Sciences
language:en
Short-container-title:Applied Sciences

Author:

Daeef Ammar Yahya¹^ORCID,Al-Naji Ali²³^ORCID,Nahar Ali K.⁴,Chahl Javaan³^ORCID

Affiliation:

1. Technical Institute for Administration, Middle Technical University, Baghdad 10074, Iraq

2. Electrical Engineering Technical College, Middle Technical University, Baghdad 10022, Iraq

3. School of Engineering, University of South Australia, Mawson Lakes, SA 5095, Australia

4. Electrical Engineering Department, University of Technology, Baghdad 10066, Iraq

Abstract

Malware is the primary attack vector against the modern enterprise. Therefore, it is crucial for businesses to exclude malware from their computer systems. The most responsive solution to this issue would operate in real time at the edge of the IT system using artificial intelligence. However, a lightweight solution is crucial at the edge because these options are restricted by the lack of available memory and processing power. The best contender to offer such a solution is application programming interface (API) calls. However, creating API call characteristics that offer a high malware detection rate with quick execution is a significant challenge. This work uses visualisation analysis and Jaccard similarity to uncover the hidden patterns produced by different API calls in order to accomplish this goal. This study also compared neural networks which use long sequences of API calls with shallow machine learning classifiers. Three classifiers are used: support vector machine (SVM), k-nearest neighbourhood (KNN), and random forest (RF). The benchmark data set comprises 43,876 examples of API call sequences, divided into two categories: malware and legitimate. The results showed that RF performed similarly to long short-term memory (LSTM) and deep graph convolutional neural networks (DGCNNs). They also suggest the potential for performing inference on edge devices in a real-time setting.

Publisher

MDPI AG

Subject

Fluid Flow and Transfer Processes,Computer Science Applications,Process Chemistry and Technology,General Engineering,Instrumentation,General Materials Science

Link

https://www.mdpi.com/2076-3417/13/3/1972/pdf

Reference47 articles.

1. Al-Dwairi, M., Shatnawi, A.S., Al-Khaleel, O., and Al-Duwairi, B. (2022). Ransomware-Resilient Self-Healing XML Documents. Future Internet, 14.

2. Braue, D. (2022, November 27). Global Ransomware Damage Costs Predicted to Exceed 265 Billion by 2031. Available online: https://cybersecurityventures.com.

3. Institute, A.T. (2022, November 25). ATLAS Malware & PUA. Available online: https://portal.av-atlas.org/malware.

4. Akhtar, M.S., and Feng, T. (2022). Malware Analysis and Detection Using Machine Learning Algorithms. Symmetry, 14.

5. Kimmell, J.C., Abdelsalam, M., and Gupta, M. (2021, January 23–27). Analyzing machine learning approaches for online malware detection in cloud. Proceedings of the 2021 IEEE International Conference on Smart Computing (SMARTCOMP), IEEE, Irvine, CA, USA.

Cited by 9 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Multimodal-based abnormal behavior detection method in virtualization environment;Computers & Security;2024-08

2. Analysis And Identification of Malware Using Machine Learning with Optimized Features selections;2024 International Conference on Intelligent Systems for Cybersecurity (ISCS);2024-05-03

3. Convnext-Eesnn: An effective deep learning based malware detection in edge based IIOT;Journal of Intelligent & Fuzzy Systems;2024-04-18

4. Malware Detection and Classification with Machine Learning Algorithms;Lecture Notes in Networks and Systems;2024

5. Feature Engineering Techniques for Stegware Analysis: An Extensive Survey;Communications in Computer and Information Science;2024