A proactive malicious software identification approach for digital
forensic examiners
- URL: http://arxiv.org/abs/2109.09567v1
- Date: Mon, 20 Sep 2021 14:22:58 GMT
- Title: A proactive malicious software identification approach for digital
forensic examiners
- Authors: Muhammad Ali, Stavros Shiaeles, Nathan Clarke, Dimitrios Kontogeorgis
- Abstract summary: This paper investigates the behaviour of malware upon various Windows operating system versions in order to determine and correlate the relationship between malicious software and OS artifacts.
This will enable an investigator to be more efficient in identifying the presence of new malware and provide a starting point for further investigation.
- Score: 0.6845629632971971
- License: http://creativecommons.org/licenses/by-nc-sa/4.0/
- Abstract: Digital investigators often get involved with cases, which seemingly point
the responsibility to the person to which the computer belongs, but after a
thorough examination malware is proven to be the cause, causing loss of
precious time. Whilst Anti-Virus (AV) software can assist the investigator in
identifying the presence of malware, with the increase in zero-day attacks and
errors that exist in AV tools, this is something that cannot be relied upon.
The aim of this paper is to investigate the behaviour of malware upon various
Windows operating system versions in order to determine and correlate the
relationship between malicious software and OS artifacts. This will enable an
investigator to be more efficient in identifying the presence of new malware
and provide a starting point for further investigation.
Related papers
- Understanding crypter-as-a-service in a popular underground marketplace [51.328567400947435]
Crypters are pieces of software whose main goal is to transform a target binary so it can avoid detection from Anti Viruses (AVs) applications.
The crypter-as-a-service model has gained popularity, in response to the increased sophistication of detection mechanisms.
This paper provides the first study on an online underground market dedicated to crypter-as-a-service.
arXiv Detail & Related papers (2024-05-20T08:35:39Z) - A survey on hardware-based malware detection approaches [45.24207460381396]
Hardware-based malware detection approaches leverage hardware performance counters and machine learning prowess.
We meticulously analyze the approach, unraveling the most common methods, algorithms, tools, and datasets that shape its contours.
The discussion extends to crafting mixed hardware and software approaches for collaborative efficacy, essential enhancements in hardware monitoring units, and a better understanding of the correlation between hardware events and malware applications.
arXiv Detail & Related papers (2023-03-22T13:00:41Z) - DRSM: De-Randomized Smoothing on Malware Classifier Providing Certified
Robustness [58.23214712926585]
We develop a certified defense, DRSM (De-Randomized Smoothed MalConv), by redesigning the de-randomized smoothing technique for the domain of malware detection.
Specifically, we propose a window ablation scheme to provably limit the impact of adversarial bytes while maximally preserving local structures of the executables.
We are the first to offer certified robustness in the realm of static detection of malware executables.
arXiv Detail & Related papers (2023-03-20T17:25:22Z) - Multi-view Representation Learning from Malware to Defend Against
Adversarial Variants [11.45498656419419]
We propose Adversarially Robust Multiview Malware Defense (ARMD), a novel multi-view learning framework to improve the robustness of DL-based malware detectors against adversarial variants.
Our experiments on three renowned open-source deep learning-based malware detectors across six common malware categories show that ARMD is able to improve the adversarial robustness by up to seven times on these malware detectors.
arXiv Detail & Related papers (2022-10-25T22:25:50Z) - Malware Detection and Prevention using Artificial Intelligence
Techniques [7.583480439784955]
Security has become a major issue due to the increase in malware activity.
In this study, we emphasize Artificial Intelligence (AI) based techniques for detecting and preventing malware activity.
arXiv Detail & Related papers (2022-06-26T02:41:46Z) - Adversarial Attacks against Windows PE Malware Detection: A Survey of
the State-of-the-Art [44.975088044180374]
This paper focuses on malware with the file format of portable executable (PE) in the family of Windows operating systems, namely Windows PE malware.
We first outline the general learning framework of Windows PE malware detection based on ML/DL.
We then highlight three unique challenges of performing adversarial attacks in the context of PE malware.
arXiv Detail & Related papers (2021-12-23T02:12:43Z) - Mate! Are You Really Aware? An Explainability-Guided Testing Framework
for Robustness of Malware Detectors [49.34155921877441]
We propose an explainability-guided and model-agnostic testing framework for robustness of malware detectors.
We then use this framework to test several state-of-the-art malware detectors' abilities to detect manipulated malware.
Our findings shed light on the limitations of current malware detectors, as well as how they can be improved.
arXiv Detail & Related papers (2021-11-19T08:02:38Z) - A Novel Malware Detection Mechanism based on Features Extracted from
Converted Malware Binary Images [0.22843885788439805]
We use malware binary images and then extract different features from the same and then employ different ML-classifiers on the dataset thus obtained.
We show that this technique is successful in differentiating classes of malware based on the features extracted.
arXiv Detail & Related papers (2021-04-14T06:55:52Z) - Early Detection of In-Memory Malicious Activity based on Run-time
Environmental Features [4.213427823201119]
We present a novel end-to-end solution for in-memory malicious activity detection done prior to exploitation.
This solution achieves reduced overhead and false positives as well as deployment simplicity.
arXiv Detail & Related papers (2021-03-30T02:19:00Z) - Being Single Has Benefits. Instance Poisoning to Deceive Malware
Classifiers [47.828297621738265]
We show how an attacker can launch a sophisticated and efficient poisoning attack targeting the dataset used to train a malware classifier.
As opposed to other poisoning attacks in the malware detection domain, our attack does not focus on malware families but rather on specific malware instances that contain an implanted trigger.
We propose a comprehensive detection approach that could serve as a future sophisticated defense against this newly discovered severe threat.
arXiv Detail & Related papers (2020-10-30T15:27:44Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.