Integrating a Rule-Based Approach to Malware Detection with an LSTM-Based Feature Selection Technique

被引：0

作者：

Bhardwaj S. ^{[1
]}

Dave M. ^{[1
]}

机构：

[1] Department of Computer Engineering, National Institute of Technology Kurukshetra, Kurukshetra

来源：

SN Computer Science | / 4卷 / 6期

关键词：

Feature importance; Feature selection; LSTM; Malware detection; Rule-based; YARA rules;

D O I：

10.1007/s42979-023-02177-2

中图分类号：

学科分类号：

摘要：

Technology has amplified malware activity, affecting network and users. Before being forwarded to the next host, network traffic must be dynamically analysed for malware. By exploiting network vulnerabilities, attackers gain control of the system and implement their own network rules to enable malicious traffic. Yet, another recursive acronym (YARA) rules are effective string and pattern-matching malware analysis approaches. The quality and amount of YARA rules utilized in analysis determine its effectiveness. YARA rules focus on whether to activate a rule for a suspicious sample after examining its rule condition. YARA rules rely on binary conclusion on malware analysis, which may limit its use and results. Thus, the proposed approach selects malware features using the ML-based LSTM model. Rule-based traffic analysis and long-short term memory (LSTM)-based feature selection strengthen the malware detection model in the proposed approach. By comparing performance results with and without LSTM-based feature (parameter) selection, this research assesses model integrity. Due to LSTM-based feature selection, the model achieved its best accuracy of 97%, proving its suitability for malware detection on diverse datasets belonging to different network environments. © 2023, The Author(s), under exclusive licence to Springer Nature Singapore Pte Ltd.

引用

共 39 条

[1]

Tahir R., A study on malware and malware detection techniques, Int J Edu Mgmt Engg, 8, 2, (2018)

[2]

Faruk M.J., Miner P., Coughlan R., Masum M., Shahriar H., Clincy V., Cetinkaya C., Smart connected aircraft: Towards security, privacy, and ethical hacking, In: International Conference on Security of Information and Networks (SIN). IEEE, pp. 1-5, (2021)

[3]

Zhang K., A machine learning based approach to identify SQL injection vulnerabilities, IEEE/ACM International Conference on Automated Software Engineering (ASE). IEEE., pp. 1286-1288, (2019)

[4]

Kim M.S.A., Study on the Attack Index Packet Filtering Algorithm Based on Web Vulnerability, pp. 145-152

[5]

Shandilya S.K., Ganguli C., Izonin I., Nagar A.K., Cyber attack evaluation dataset for deep packet inspection and analysis, Data Brief, 46, (2023)

[6]

Catal C., Giray G., Tekinerdogan B., Applications of deep learning for mobile malware detection: A systematic literature review, Neur Comp Appl, pp. 1-26, (2022)

[7]

Naik N., Jenkins P., Savage N., Yang L., Cyberthreat Hunting-Part 1: Triaging ransomware using fuzzy hashing, import hashing and YARA rules, In: IEEE International Conference on Fuzzy Systems (FUZZ-IEEE). IEEE., pp. 1-6, (2019)

[8]

Mira F., Huang W., Performance evaluation of string based malware detection methods, In: International Conference on Automation and Computing (ICAC). IEEE, pp. 1-6, (2018)

[9]

Xiao X., Zhang S., Mercaldo F., Hu G., Sangaiah A.K., Android malware detection based on system call sequences and LSTM, Multim Tls Appl, 78, pp. 3979-3999, (2019)

[10]

Zhang J., A practical logic obfuscation technique for hardware security, IEEE Trans VLSI sys, 24, 3, pp. 1193-1197, (2015)

← 1 2 3 4 →