A multi-dimensional machine learning approach to predict advanced malware

被引:17
作者
Bahtiyar, Serif [1 ]
Yaman, Mehmet Baris [1 ]
Altinigne, Can Yilmaz [1 ]
机构
[1] Istanbul Tech Univ Maslak, Dept Comp Engn, TR-34469 Istanbul, Turkey
关键词
Advanced malware; Machine learning; API Call; Prediction; Classification; BANKING; ATTACKS; CLASSIFICATION;
D O I
10.1016/j.comnet.2019.06.015
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
The growth of cyber-attacks that are carried out with malware have become more sophisticated on almost all networks. Furthermore, attacks with advanced malware have the greatest complexity which makes them very hard to detect. Advanced malware is able to obfuscate much of their traces through many mechanisms, such as metamorphic engines. Therefore, predictions and detections of such malware have become significant challenge for malware analyses mechanisms. In this paper, we propose a multidimensional machine learning approach to predict Stuxnet like malware from a dataset that consists of malware samples by using five distinguishing features of advanced malware. We define the features by analyzing advanced malware samples in the wild. Our approach uses regression models to predict advanced malware. We create a malware dataset from existing datasets that contain real samples for experimental purposes. Analyses results show that there are high correlations among some features of advanced malware. These provide better predictions scores, such as R-2 = 0.8203 score for Stuxnet closeness feature. Experimental analyses show that our approach is able to predict Stuxnet like advanced malware if prediction features defined. (C) 2019 Elsevier B.V. All rights reserved.
引用
收藏
页码:118 / 129
页数:12
相关论文
共 42 条
[1]   "Less Give More": Evaluate and zoning Android applications [J].
Ab Razak, Mohd Faizal ;
Anuar, Nor Badrul ;
Salleh, Rosli ;
Firdaus, Ahmad ;
Faiz, Muhammad ;
Alamri, Hammoudeh S. .
MEASUREMENT, 2019, 133 :396-411
[2]   Ransomware threat success factors, taxonomy, and countermeasures: A survey and research directions [J].
Al-rimy, Bander Ali Saleh ;
Maarof, Mohd Aizaini ;
Shaid, Syed Zainudeen Mohd .
COMPUTERS & SECURITY, 2018, 74 :144-166
[3]  
Alazab M., 2010, Proceedings Second Cybercrime and Trustworthy Computing Workshop (CTC 2010), P52, DOI 10.1109/CTC.2010.8
[4]   Anatomy of targeted attacks with smart malware [J].
Bahtiyar, Serif .
SECURITY AND COMMUNICATION NETWORKS, 2016, 9 (18) :6215-6226
[5]   A survey of similarities in banking malware behaviours [J].
Black, Paul ;
Gondal, Iqbal ;
Layton, Robert .
COMPUTERS & SECURITY, 2018, 77 :756-772
[6]  
Bonfante G, 2013, PROCEEDINGS OF THE 2013 8TH INTERNATIONAL CONFERENCE ON MALICIOUS AND UNWANTED SOFTWARE: THE AMERICAS (MALWARE), P109, DOI 10.1109/MALWARE.2013.6703692
[7]   Malware classification using self organising feature maps and machine activity data [J].
Burnap, Pete ;
French, Richard ;
Turner, Frederick ;
Jones, Kevin .
COMPUTERS & SECURITY, 2018, 73 :399-410
[8]  
CERT-UK, 2014, INTR MALW
[9]  
Clark A, 2013, P AMER CONTR CONF, P4140
[10]  
Firdaus A., 2018, J MED SYST, V42, DOI [10.1007/x10916-018-0966-x.112:1-112:23, DOI 10.1007/X10916-018-0966-X.112:1-112:23]