Toward accurate and intelligent detection of malware

Malware is a constant threat to the safety of the public Internet and private networks. It also affects the security of endpoint devices. An infected endpoint device can take part in aggressive or slow distributed denial of service attacks globally. Polymorphic malware has rendered traditional signature‐based detection ineffective. Hence the efforts to identify malware have been focused on behavioral modeling to identify and classify malware. This behavioral identification paved the way for artificial intelligence (AI) in cybersecurity. AI can detect a zero‐day attack and malware, but it suffers from several false positives. This article presents an extensive analysis of traditional and AI‐based methods for malware detection and related challenges. AI is vulnerable to attacks, such as dataset poisoning and adversarial data input, which can reduce model accuracy and increase false negatives. AI has helped to improve malware detection and reduce manual work through automation of feature extraction and feature selection. It is also beneficial to create models that are less prone to malware variations and capture the malicious behavior holistically. This article explores the transition of malware detection from traditional to AI‐based techniques. Furthermore, it also explains how some conventional approaches are still relevant today in terms of detection speed.

[1]  Yi Sun,et al.  Malware Detection Based on Deep Learning of Behavior Graphs , 2019, Mathematical Problems in Engineering.

[2]  Ali Hamzeh,et al.  A survey on heuristic malware detection techniques , 2013, The 5th Conference on Information and Knowledge Technology.

[3]  Subodha Charles,et al.  Hardware-Assisted Malware Detection using Machine Learning , 2021, 2021 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[4]  P. J. García-Nieto,et al.  Review: machine learning techniques applied to cybersecurity , 2019, International Journal of Machine Learning and Cybernetics.

[5]  Kevin Jones,et al.  Early Stage Malware Prediction Using Recurrent Neural Networks , 2017, Comput. Secur..

[6]  Nur Azman Abu,et al.  Malware Detection: Issues and Challenges , 2021, Journal of Physics: Conference Series.

[7]  Arzu Gorgulu Kakisim,et al.  Metamorphic malware identification using engine-specific patterns based on co-opcode graphs , 2020, Comput. Stand. Interfaces.

[8]  Christopher Krügel,et al.  Limits of Static Analysis for Malware Detection , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[9]  Karan Bajaj,et al.  A hybrid pattern based text mining approach for malware detection using DBScan , 2016, CSI Transactions on ICT.

[10]  Mansour Ahmadi,et al.  Microsoft Malware Classification Challenge , 2018, ArXiv.

[11]  Mark Stamp,et al.  An analysis of Android adware , 2018, Journal of Computer Virology and Hacking Techniques.

[12]  Mehdi Hosseinzadeh,et al.  Detection and Elimination of Spyware and Ransomware by Intercepting Kernel-Level System Routines , 2018, IEEE Access.

[13]  Machine Learning Methods for Malware Detection , 2019 .

[14]  Ramesh Karri,et al.  NumChecker: Detecting kernel control-flow modifying rootkits by using Hardware Performance Counters , 2013, 2013 50th ACM/EDAC/IEEE Design Automation Conference (DAC).

[15]  Sanjay Chakraborty,et al.  A rule based probabilistic technique for malware code detection , 2017, Multiagent Grid Syst..

[16]  Salvatore J. Stolfo,et al.  Data mining methods for detection of new malicious executables , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[17]  Daniel Gibert,et al.  Using convolutional neural networks for classification of malware represented as images , 2018, Journal of Computer Virology and Hacking Techniques.

[18]  Roberto Perdisci,et al.  Towards Measuring the Role of Phone Numbers in Twitter-Advertised Spam , 2018, AsiaCCS.

[19]  Ratan K. Guha,et al.  Detecting Obfuscated Viruses Using Cosine Similarity Analysis , 2007, First Asia International Conference on Modelling & Simulation (AMS'07).

[20]  Tudor Dumitras,et al.  Vulnerability Disclosure in the Age of Social Media: Exploiting Twitter for Predicting Real-World Exploits , 2015, USENIX Security Symposium.

[21]  Mark Stamp,et al.  Convolutional neural networks and extreme learning machines for malware classification , 2020, Journal of Computer Virology and Hacking Techniques.

[22]  Flora S. Tsai,et al.  Detecting Cyber Security Threats in Weblogs Using Probabilistic Models , 2007, PAISI.

[23]  Roberto Baldoni,et al.  Survey on the Usage of Machine Learning Techniques for Malware Analysis , 2017, Comput. Secur..

[24]  Daniel Gibert,et al.  The rise of machine learning for detection and classification of malware: Research developments, trends and challenges , 2020, J. Netw. Comput. Appl..

[25]  Konstantin Berlin,et al.  Deep neural network based malware detection using two dimensional binary program features , 2015, 2015 10th International Conference on Malicious and Unwanted Software (MALWARE).

[26]  Ajay Joshi,et al.  Hardware Performance Counters Can Detect Malware: Myth or Fact? , 2018, AsiaCCS.

[27]  Yanfang Ye,et al.  Gotcha - Sly Malware!: Scorpion A Metagraph2vec Based Malware Detection System , 2018, KDD.

[28]  Refik Samet,et al.  A Comprehensive Review on Malware Detection Approaches , 2020, IEEE Access.

[29]  R. Nigel Horspool,et al.  Sliding window and control flow weight for metamorphic malware detection , 2014, Journal of Computer Virology and Hacking Techniques.

[30]  Joseph Stephen Bassi,et al.  Performance Evaluation of Machine Learning Algorithms for Detection and Prevention of Malware Attacks , 2019 .

[31]  Fauzan Mirza,et al.  Determining malicious executable distinguishing attributes and low-complexity detection , 2011, Journal in Computer Virology.

[32]  Bo Yu,et al.  Automatic malware classification and new malware detection using machine learning , 2017, Frontiers of Information Technology & Electronic Engineering.

[33]  Ramesh Karri,et al.  Are hardware performance counters a cost effective way for integrity checking of programs , 2011, STC '11.

[34]  James B. Fraley,et al.  Polymorphic malware detection using topological feature extraction with data mining , 2016, SoutheastCon 2016.

[35]  Gang Wang,et al.  Crowdsourcing Cybersecurity: Cyber Attack Detection using Social Media , 2017, CIKM.

[36]  W. Mwangi,et al.  OPERATING SYSTEM INTEGRITY CHECK FRAMEWORK ALGORITHM FOR THREAT POSED BY ROOTKITS , 2016 .

[37]  Bezawada Bruhadeshwar,et al.  Signature Generation and Detection of Malware Families , 2008, ACISP.

[38]  Houssain Kettani,et al.  On the Top Threats to Cyber Systems , 2019, 2019 IEEE 2nd International Conference on Information and Computer Technologies (ICICT).

[39]  Yuval Elovici,et al.  Deep feature transfer learning for trusted and automated malware signature generation in private cloud environments , 2020, Neural Networks.

[40]  Bhawana Rudra,et al.  Study of a Hybrid Approach Towards Malware Detection in Executable Files , 2021, SN Computer Science.

[41]  Hamad Naeem,et al.  Visual Malware Classification Using Local and Global Malicious Pattern , 2019 .

[42]  Javed Ahmed,et al.  Data augmentation based malware detection using convolutional neural networks , 2020, PeerJ Comput. Sci..

[43]  Tzi-cker Chiueh,et al.  Automatic Generation of String Signatures for Malware Detection , 2009, RAID.

[44]  Salvatore J. Stolfo,et al.  A Study of Malcode-Bearing Documents , 2007, DIMVA.

[45]  Thar Baker,et al.  BotDet: A System for Real Time Botnet Command and Control Traffic Detection , 2018, IEEE Access.

[46]  Yanfang Ye,et al.  Malicious sequential pattern mining for automatic malware detection , 2016, Expert Syst. Appl..

[47]  Khairuddin Omar,et al.  A Survey on Malware Analysis Techniques: Static, Dynamic, Hybrid and Memory Analysis , 2018, International Journal on Advanced Science, Engineering and Information Technology.

[48]  Srinivas Mukkamala,et al.  Malware detection using assembly and API call sequences , 2011, Journal in Computer Virology.

[49]  William M. Campbell,et al.  Finding Malicious Cyber Discussions in Social Media , 2015 .

[50]  Houman Homayoun,et al.  When Machine Learning Meets Hardware Cybersecurity: Delving into Accurate Zero-Day Malware Detection , 2021, 2021 22nd International Symposium on Quality Electronic Design (ISQED).

[51]  Sakir Sezer,et al.  Evolution of ransomware , 2018, IET Networks.

[52]  Ömer Aslan,et al.  Investigation of Possibilities to Detect Malware Using Existing Tools , 2017, 2017 IEEE/ACS 14th International Conference on Computer Systems and Applications (AICCSA).

[53]  Lior Rokach,et al.  Dynamic Malware Analysis in the Modern Era—A State of the Art Survey , 2019, ACM Comput. Surv..

[54]  Ehud Gudes,et al.  Bypassing system calls–based intrusion detection systems , 2017, Concurr. Comput. Pract. Exp..

[55]  Rajesh Kumar,et al.  Analysis of ResNet and GoogleNet models for malware detection , 2018, Journal of Computer Virology and Hacking Techniques.

[56]  Salvatore J. Stolfo,et al.  On the feasibility of online malware detection with performance counters , 2013, ISCA.

[57]  Luke Jones,et al.  Heuristic malware detection via basic block comparison , 2013, 2013 8th International Conference on Malicious and Unwanted Software: "The Americas" (MALWARE).

[58]  Sattar Hashemi,et al.  HDM-Analyser: a hybrid analysis approach based on data mining techniques for malware detection , 2013, Journal of Computer Virology and Hacking Techniques.

[59]  Stavros D. Nikolopoulos,et al.  A graph-based model for malware detection and classification using system-call groups , 2017, Journal of Computer Virology and Hacking Techniques.

[60]  DemmeJohn,et al.  On the feasibility of online malware detection with performance counters , 2013 .

[62]  Adam Doupé,et al.  Towards Automated Threat Intelligence Fusion , 2016, 2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC).

[63]  Benjamin C. M. Fung,et al.  Malware classification and composition analysis: A survey of recent developments , 2021, J. Inf. Secur. Appl..

[64]  Somesh Jha,et al.  Static Analysis of Executables to Detect Malicious Patterns , 2003, USENIX Security Symposium.

[65]  Yanfang Ye,et al.  DL 4 MD : A Deep Learning Framework for Intelligent Malware Detection , 2016 .

[66]  Xin Li,et al.  DeepAM: a heterogeneous deep learning framework for intelligent malware detection , 2018, Knowledge and Information Systems.

[67]  Priyanka Sharma,et al.  Malware Analysis: Tools and Techniques , 2016, ICTCS '16.

[68]  Lotfi Ben Romdhane,et al.  Minimal contrast frequent pattern mining for malware detection , 2016, Comput. Secur..