malware detection

Detecting and preventing malware infections in systems is become a critical necessity. This paper presents a hybrid method for malware detection, utilizing data mining algorithms such as simulated annealing (SA), support vector machine (SVM), genetic algorithm (GA), and K-means. The proposed method combines these algorithms to achieve effective malware detection. Initially, the SA-SVM method is employed for feature selection, where the SVM algorithm identifies the best features, and the SA algorithm calculates the SVM parameters. Subsequently, the GA-K-means method is utilized to identify attacks. The GA algorithm selects the best chromosome for cluster centers, and the K-means algorithm has applied to identify malware. To evaluate the performance of the proposed method, two datasets, Andro-Autopsy and CICMalDroid 2020, have been utilized. The evaluation results demonstrate that the proposed method achieves high true positive rates (0.964, 0.985), true negative rates (0.985, 0.989), low false negative rates (0.036, 0.015), and false positive rates (0.022, 0.043). This indicates that the method effectively detects malware while reasonably minimizing false identifications.

Through the use of malware, particularly JavaScript, cybercriminals have turned online applications into one of their main targets for impersonation. Detection of such dangerous code in real-time, therefore, becomes crucial in order to prevent any harmful action. By categorizing the salient characteristics of the malicious code, this study suggests an effective technique for identifying malicious Java scripts that were previously unknown, employing an interceptor on the client side. By employing the wrapper approach for dimensionality reduction, a feature subset was generated. In this paper, we propose an approach for handling the malware detection task in imbalanced data situations. Our approach utilizes two main imbalanced solutions namely, Synthetic Minority Over Sampling Technique (SMOTE) and Tomek Links with the object of augmenting the data and then applying a Deep Neural Network (DNN) for classifying the scripts. The conducted experiments demonstrate the efficient performance of our approach and it achieves an accuracy of 94.00%.

Today, with the advancement of science and technology, the use of smartphones has become very common, and the Android operating system has been able to gain lots of popularity in the meantime. However, these devices face manysecurity challenges, including malware. Malware may cause many problems in both the security and privacy of users. So far, the state-of-the-art method in malware detection is based on deep learning, however, this approach requires a lot of computing resources and leads to high battery usage, which is unacceptable in smartphone devices. This paper proposes the knowledge distillation approach for lightening android malware detection. To this end, first, a heavy model is taught and then with the knowledge distillation approach, its knowledge is transferred to a light model called student. To simplify the learning process, soft labels are used here. The resulting model, although slightly less accurate in identification, has a much smaller size than the heavier model. Moreover, ensemble learning was proposed to recover the dropped accuracy. We have tested the proposed approach on CISC datasets including dynamic and static features, and the results show that the proposed method is not only able to lighten the model up to 99%, but also maintain the accuracy of the lightened model to the extent of the heavy model.

The internet of things (IoT) is a promising expansion of the traditional Internet, which provides the foundation for millions of devices to interact with each other. IoT enables these smart devices, such as home appliances, different types of vehicles, sensor controllers, and security cameras, to share information, and this has been successfully done to enhance the quality of user experience. IoT-based mediums in day-to-day life are, in fact, minuscule computational resources, which are adjusted to be thoroughly domain-specific. As a result, monitoring and detecting various attacks on these devices becomes feasible. As the statistics prove, in the Mirai and Brickerbot botnets, Distributed Denial-of-Service (DDoS) attacks have become increasingly ubiquitous. To ameliorate this, in this paper, we propose a novel approach for detecting IoT malware from the preprocessed binary data using transfer learning. Our method comprises two feature extractors, named ResNet101 and VGG16, which learn to classify input data as malicious and non-malicious. The input data is built from preprocessing and converting the binary format of data into gray-scale images. The feature maps obtained from these two models are fused together to further be classified. Extensive experiments exhibit the efficiency of the proposed approach in a well-known dataset, achieving the accuracy, precision, and recall of 96.31%, 95.31%, and 94.80%, respectively.

The security of the mobile devices has become a major issue since hackers target them through malwares in order to harm the systems or gather sensitive information and get access to the systems remotely. Recently, new ways have been introduced to confront malwares and other viruses. Two main techniques for recognizing malwares are dynamic analysis and static analysis. This paper proposes a new method using the static analysis to help improve the accuracy of the malwares in detecting threats faster and with lower processing time. For this purpose, our suggested method has utilized the android application’s main components to recognize the malwares using the machine learning algorithms. Furthermore, our method has used the feature selection algorithms to reduce the processing overload and to enhance the speed and accuracy. Our method have used the following components as the classification features in our suggested algorithms: API calls, Intents, network address and IPs, services and provider, activities and permissions. In addition to these individual features, our method has also employed complex features to improve malware recognition. We have used 123,446 software and 5,561 malwares to evaluate the accuracy and the precision of the suggested method, demonstrating to be 99.4 percent.