malware detection
در نشریات گروه فناوری اطلاعات-
Journal of Artificial Intelligence, Applications, and Innovations, Volume:1 Issue: 3, Summer 2024, PP 31 -37
Today, smartphones are prevalent for personal and corporate use and have become the new personal computer due to their portability, ease of use, and functionality (such as video conferencing, Internet browsing, e-mail, continuous wireless and data connectivity, worldwide map location services, and countless mobile applications such as banking applications). On the other hand, we store many sensitive and private information daily on smart devices. This information is of interest to malicious writers who are developing malware to steal information from mobile devices. Unfortunately, the open source and widespread adoption of the Android operating system has made it the most targeted of the four popular mobile platforms by malware writers. Many researchers have tried to identify malware using program signatures, which have been successful to some extent. However, the signature cannot effectively identify new and unknown malware. For this reason, in this article, we propose a method that designs a machine-learning model for Android malware detection based on the properties of Permissions, Intents APKs. In this study, we evaluated more than 25,000 Android samples belonging to malware and trusted samples. Experimental results show the effectiveness of the proposed method by obtaining 96.27% accuracy.
Keywords: Malware Detection, Artificial Intelligence, Machine Learning, Anti-Malware, Android, Xgboost, Ensemble Classifier -
امروزه تشخیص حملات سطح مرورگر چالشی جدی برای حفاظت از اطلاعات کاربران محسوب می شود. حمله فردی در مرورگر (MitB ،(نوع مهمی از این حملات است که با استفاده از تروجان ها می تواند منجر به تغییر در محتویات صفحه وب، مداخله در ترافیک شبکه، سرقت نشست و سرقت اطلاعات کاربر شود. در این مقاله ابزاری کارآمد برای شناسایی بلادرنگ حملات MitB از طریق تحلیل پویای صفحات وب بر اساس توصیف الگوی حملات ارایه می شود. مزیت ابزار پیشنهادی نسبت به روش های مشابه این است که محدود به شناسایی یک یا چند حمله خاص نیست و کد روش شناسایی در ابزار تعبیه نشده است، بلکه الگوی حملات مختلف به صورت جداگانه توصیف می شود. جهت ارزیابی ابزار ارایه شده، دو سرویس وب آسیب پذیر ارایه شده توسط OWASP که دارای طیف وسیعی از آسیب پذیری های شناخته شده هستند، به همراه چارچوب آزمون نفوذپذیری BeEF مورد استفاده قرار گرفت و مجموعه ای از حملات MitB به صورت عملی پیاده سازی و توسط ابزار مورد ارزیابی قرار گرفت. همین آزمایش ها با استفاده از سه ابزار مشابه دیگر نیز عینا انجام و با ابزار ارایه شده مقایسه شد. علاوه بر برتری ابزار ارایه شده از جهت استقلال توصیف حملات از خود ابزار، نتایج حاصل نشان دهنده بهتر بودن معیارهای دقت و بازخوانی تشخیص آن نسبت به ابزارهای مشابه است.
کلید واژگان: حمله فردی در مرورگر، بدافزار، تشخیص بدافزار، تحلیل پویاDetection of browser attacks is considered a serious challenge in today’s web applications. Man in the Browser (MitB) attack is an important type of these attacks that can lead to changes in web page contents, interference in network traffic, session hijacking, and user information theft by using Trojans. In this paper, an efficient tool for real-time detection of MitB attacks through dynamic analysis of web pages based on the description of attack patterns is presented. The advantage of the proposed tool is that it is not limited to identifying one or more specific attacks and the identification method code is not embedded in the tool, but the patterns of different attacks are specified separately. In order to evaluate the presented tool, two vulnerable web services provided by OWASP, which have a wide range of known vulnerabilities, were used along with the BeEF penetration test framework, and a set of MitB attacks were practically implemented and evaluated by the tool. The same tests were performed using three other similar tools and compared with the developed tool. In addition to the superiority of the presented tool in terms of the independence of attack descriptions from the tool itself, the results show that the accuracy and readability of its diagnosis are better than similar tools.
Keywords: MitB attacks, malware, malware detection, dynamic analysis -
With the widespread using Internet in any device and services, several homes and workplace applications have been provided to avoid attacks. Connecting a system or device to an insecure network can create the possibility of being infected by unwanted files. Detecting such files is a vital task in any system. Employing machine learning (ML) is the most efficient method to detect these penetrations. On the other hand, malware programmers try to design malicious files that are hard to detect. A file can hide from detection in a feature view, but concealing in all views would be very difficult. In this paper, inspiring Multi-View Learning (MVL), we proposed to incorporate some various features such as Opcodes, Bytecodes, and System-calls to achieve complementary information to identify a file. In this way, we developed a modified version of Sparse Representation based Classifier (SRC) to aggregate the effect of all modalities in a unified classifier. To show the efficiency of the proposed method, we used several real datasets. Experimental results show the high performance of the proposed approach and its ability to cope with the imbalanced conditions.
Keywords: Multiview Learning, Sparse representation, Malware Detection, Malware Identification, Imbalanced Condition
- نتایج بر اساس تاریخ انتشار مرتب شدهاند.
- کلیدواژه مورد نظر شما تنها در فیلد کلیدواژگان مقالات جستجو شدهاست. به منظور حذف نتایج غیر مرتبط، جستجو تنها در مقالات مجلاتی انجام شده که با مجله ماخذ هم موضوع هستند.
- در صورتی که میخواهید جستجو را در همه موضوعات و با شرایط دیگر تکرار کنید به صفحه جستجوی پیشرفته مجلات مراجعه کنید.
©2000-2025 magiran.com All Rights Reserved.