Kode :
Exp :
ieeexplore : http://ieeexplore.ieee.org/document/4195161/
sciendirect: http://www.sciencedirect.com/science/article/pii/S2452315117300899
nb: copy deretan angka atau kode yang bercetak tebal pada bagian akhir dari link/url yang akan di download dan paste ke inputbox Kode.
Input/Paste kode atau nomor yang di copy dari ieeexplore.ieee.org atau dari sciencedirect.com, dan click "Open and Download" untuk membuka dan mendownloadnya, tips ini didapat dari hackhub.com.
Exp :
ieeexplore : http://ieeexplore.ieee.org/document/4195161/
sciendirect: http://www.sciencedirect.com/science/article/pii/S2452315117300899
nb: copy deretan angka atau kode yang bercetak tebal pada bagian akhir dari link/url yang akan di download dan paste ke inputbox Kode.
BAB I
Update Soon.....:).
Referensi Papers | ColumnRows
No.
JUDUL
PENULIS
ABSTRAK
FILE
1. Paper
Automated malware detection using artifacts in forensic memory images
Penulis :
Rui Li, Bo Yuan dkk.
Abstrak :
Malware is one of the greatest and most rapidly growing threats to the digital world. Traditional signature-based detection is no longer adequate to detect new variants and highly targeted malware. Furthermore, dynamic detection is often circumvented with anti-VM and/or anti-debugger techniques.
Recently heuristic approaches have been explored to enhance detection accuracy while maintaining the generality of a model to detect unknown malware samples. In this paper, we investigate three feature types extracted from memory images – registry activity, imported libraries, and API function calls. After evaluating the importance of the different features, different machine learning techniques are implemented to compare performances of malware detection using the three feature types, respectively.
The highest accuracy achieved was 96%, and was reached using a support vector machine model, fitted on data extracted from registry activity.
2. Paper
Classification of Malware Families Based on N-grams Sequential Pattern Features
Penulis :
Chatchai L., Ohm Sornil
Abstrak :
Malware family identification is a complex process involving extraction of distinctive characteristics from a set of malware samples. Malware authors employ various techniques to prevent the identification of unique characteristics of their programs, such as, encryption and obfuscation. In this paper, we
present n-gram based sequential features extracted from content of the files. N-grams are extracted from files; sequential n-gram patterns are determined; pattern statistics are calculated and reduced by the sequential floating forward selection method; and a classifier is used to determine the family of malware. Three classification models: C4.5, multilayer perceptron, and support vector machine are studied. Experimental results on a standard malware test collection show that the proposed method performs well, with the classification accuracy of 96.64%.
3. Paper
Comparative Analysis of Feature Extraction Methods of Malware Detection
Penulis :
Smita Ranveer, Swapnaja Hiray
Abstrak :
Recent years have encountered massive growth in malwares which poses a severe threat to modern computers and internet security. Existing malware detection systems are confronting with unknown malware variants. Recently developed malware detection systems investigated that the diverse forms of malware exhibit similar patterns in their structure with minor variations. Hence, it is required to discriminate the types of features extracted for detecting malwares. So that potential of malware detection system can be leveraged to combat with unfamiliar malwares. We mainly focus on the categorization of features based on malware analysis. This paper highlights general framework of malware detection system and pinpoints strengths and weaknesses of each method. Finally we presented overview of performance of present malware detection systems based on features.
4. Paper
Feature Selection and Extraction for Malware Classification
Penulis :
CHIH-TA LIN, NAI-JIAN WANG dkk
Abstrak :
The explosive amount of malware continues their threats in network and operating systems. Signature-based method is widely used for detecting malware. Unfortunately, it is unable to determine variant malware on-the-fly. On the hand, behavior-based method can effectively characterize the behaviors of malware. However, it is time-consuming to train and predict for each specific family of malware. We propose a generic and efficient algorithm to classify malware. Our method combines the selection and the extraction of features, which significantly reduces the dimensionality of features for training and clas- sification. Based on malware behaviors collected from a sandbox environment, our method proceeds in five steps: (a) extracting n-gram feature space data from behavior logs; (b) building a support vector machine (SVM) classifier for malware classification; (c) selecting a subset of features; (d) transforming high-dimensional feature vectors into low-dimensional feature vectors; and (e) selecting models. Experiments were conducted on a real-world data set with 4,288 samples from 9 families, which demonstrated the ef- fectiveness and the efficiency of our approach.
5. Paper
A STATIC MALWARE DETECTION SYSTEM USING DATA MINING METHODS
Penulis :
Usukhbayar Baldangombo, Nyamjav Jambaljav, Shi-Jinn Horng
Abstrak :
A serious threat today is malicious executables. It is designed to damage computer system and some of them spread over network without the knowledge of the owner using the system. Two approaches have been derived for it i.e. Signature Based Detection and Heuristic Based Detection. These approaches performed well against known malicious programs but cannot catch the new malicious programs. Different researchers have proposed methods using data mining and machine learning for detecting new malicious programs. The method based on data mining and machine learning has shown good results compared to other approaches. This work presents a static malware detection system using data mining techniques such as Information Gain, Principal component analysis, and three classifiers: SVM, J48, and Naïve Bayes. For overcoming the lack of usual anti-virus products, we use methods of static analysis to extract valuable features of Windows PE file. We extract raw features of Windows executables which are PE header information, DLLs, and API functions inside each DLL of Windows PE file. Thereafter, Information Gain, calling frequencies of the raw features are calculated to select valuable subset features, and then Principal Component Analysis is used for dimensionality reduction of the selected features. By adopting the concepts of machine learning and data-mining, we construct a static malware detection system which has a detection rate of 99.6%.
6. Paper
New Malicious Code Detection Based on N-Gram Analysis and Rough Set Theory
Penulis :
Boyun Zhang, Jianping Yin, Jingbo Hao, dkk.
Abstrak :
Motivated by the standard signature-based technique for detecting viruses, we explore the idea of automatically detecting malicious code using the N-gram analysis. The method is based on statistical learning and not strictly dependent on certain viruses. We propose the use of rough set theory to reduce the feature dimension. An efficient implementation to calculate relative core, based on positive region definition is presented also. The k nearest neighbor and support vector machine classifiers are used to categorize a program as either normal or abnormal. The experimental results are promising and show that the proposed scheme results in low rate of false positive.
7. Book
DATA MINING METHODS FOR MALWARE DETECTION
Penulis :
MUAZZAM AHMED SIDDIQUI
Abstrak :
This research investigates the use of data mining methods for malware (malicious programs) de-
tection and proposed a framework as an alternative to the traditional signature detection methods.
The traditional approaches using signatures to detect malicious programs fails for the new and un-
known malwares case, where signatures are not available. We present a data mining framework to
detect malicious programs. We collected, analyzed and processed several thousand malicious and
clean programs to find out the best features and build models that can classify a given program
into a malware or a clean class. Our research is closely related to information retrieval and classification techniques and borrows a number of ideas from the field. We used a vector space model to represent the programs in our collection. Our data mining framework includes two separate
and distinct classes of experiments. The first are the supervised learning experiments that used a
dataset, consisting of several thousand malicious and clean program samples to train, validate and
test, an array of classifiers. In the second class of experiments, we proposed using sequential as
sociation analysis for feature selection and automatic signature extraction. With our experiments,
we were able to achieve as high as 98.4% detection rate and as low as 1.9% false positive rate on
novel malwares.
8. Book
Feature Extraction and Static Analysis for Large-Scale Detection of Malware Types and Families
Penulis :
Lars Strande Grini
Abstrak :
There exist different methods of identifying malware, and widespread method is the one found in almost every antivirus solution on the market today; the signature based ap- proach. This approach uses a one-way cryptographic function to generate a unique hash of each file. Afterwards, each hash is checked against a database of hashes of known mal- ware. This method provides close to none false positives, but this does also mean that this approach can only detect previously known malware, and will in many cases also provide a number of false negatives. Malware authors exploit this weakness in the way that they change a small part of the malicious code, and thereby changes the entire hash of the file, which then leaves the malicious code undetectable until the sample is discovered, analyzed and updated in the vendors database(s). In the light of this relatively easy mit- igation for malware authors, it is clear that we need other ways to identify malware. The other two main approaches for this are static analysis and behavior based/dynamic ana- lysis. The primary goal of such analysis and previous research has been focused around detecting whether a file is malicious or benign (binary classification). There has been comprehensive work in these fields the last few years. In the work we are proposing, we will leverage results from static analysis using machine learning methods, to distin- guish malicious Windows executables. Not just benign/malicious as in many researches, but by malware family affiliation. To do this we will use a database consisting of about of 330.000 malicious executables. A challenge in this work will be the naming of the samples and families as different antivirus vendors labels samples with different names and follows no standard naming scheme. This is exemplified by e.g. the VirusTotal online scanner which scans a hash in 57 malware databases. For the static analysis we will use the VirusTotal scanner as well as an open source tool for analyzing portable executables, PEframe. The work performed in the thesis presents a novel approach to extract and construct features that can be used to make an estimation of which type and family a malicious file is an instance of, which can be useful for analysis and antivirus scanners. This contribution is novel because multinominal classification is applied to distinguish between different types and families.
9. Paper
An Approach for Malware Behavior Identification and Classification
Penulis :
Mohamad Fadli Zolkipli, Aman Jantan
Abstrak :
Malware is one of the major security threats that can break computer operation. However, commercial anti- virus or anti-spyware that used signature-based matching to detects malware cannot solve that kind of threats. Nowadays malware writers try to avoid detection by using several techniques such as polymorphic, metamorphic and also hiding technique. In order to overcome that issue, we proposed a new framework for malware behavior identification and classification that apply dynamic approach. This framework consists of two major processes such as behavior identification and malware classification. These two major processes will integrate together as interrelated process in our proposed framework. Result from this study is a new framework that able to identify and classify malware based on it behaviors.
10.Paper
Automated Classification and Analysis of Internet Malware
Penulis :
Michael Bailey, Jon Oberheide, dkk.
Abstrak :
Numerous attacks, such as worms, phishing, and botnets, threaten the availability of the Internet, the integrity of its hosts, and the privacy of its users. A core element of defense against these attacks is anti-virus(AV)–a service that detects, removes, and characterizes these threats. The ability of these prod- ucts to successfully characterize these threats has far-reaching effects—from facilitating sharing across organizations, to detecting the emergence of new threats, and assessing risk in quarantine and cleanup. In this paper, we examine the ability of existing host-based anti-virus products to provide semantically meaningful information about the malicious software and tools (or malware) used by attackers. Using a large, recent collection of malware that spans a variety of attack vectors (e.g., spyware, worms, spam), we show that different AV products characterize malware in ways that are inconsistent across AV products, incomplete across malware, and that fail to be concise in their semantics. To address these limitations, we propose a new classification technique that describes malware behavior in terms of system state changes (e.g., files written, processes created) rather than in sequences or patterns of system calls. To address the sheer volume of malware and diversity of its behavior, we provide a method for automatically catego- rizing these profiles of malware into groups that reflect similar classes of behaviors and demonstrate how behavior-based clustering provides a more direct and effective way of classifying and analyzing Internet malware