Deep Learning Based Hybrid Analysis of Malware Detection and Classification: A Recent Review
DOI:
https://doi.org/10.13052/jcsm2245-1439.1314Keywords:
Malware detection, distributed denial of services, artificial intelligence, Deep Learning, static and dynamic analysisAbstract
Globally extensive digital revolutions involved with every process related to human progress can easily create the critical issues in security aspects. This is promoted due to the important factors like financial crises and geographical connectivity in worse condition of the nations. By this fact, the authors are well motivated to present a precise literature on malware detection with deep learning approach. In this literature, the basic overview includes the nature of nature of malware detection i.e., static, dynamic, and hybrid approach. Another major component of this articles is the investigation of the backgrounds from recently published and highly cited state-of-the-arts on malware detection, prevention and prediction with deep learning frameworks. The technologies engaged in providing solutions are utilized from AI based frameworks like machine learning, deep learning, and hybrid frameworks. The main motivations to produce this article is to portrait clear pictures of the option challenging issues and corresponding solution for developing robust malware-free devices. In the lack of a robust malware-free devices, highly growing geographical and financial disputes at wide globes can be extensively provoked by malicious groups. Therefore, exceptionally high demand of the malware detection devices requires a very strong recommendation to ensure the security of a nation. In terms preventing and recovery, Zero-day threats can be handled by recent methodology used in deep learning. In the conclusion, we also explored and investigated the future patterns of malware and how deals with in upcoming years. Such review may extend towards the development of IoT based applications used many fields such as medical devices, home appliances, academic systems.
Downloads
References
D. Vasan, M. Alazab, S. Wassan, H. Naeem, B. Safaei, and Q. Zheng, “Imcfn: Image-based malware classification using fine-tuned convolutional neural network architecture,” Computer Networks, vol. 171, p. 107138, 2020.
M. Alazab, M. Alazab, A. Shalaginov, A. Mesleh, and A. Awajan, “Intelligent mobile malware detection using permission requests and api calls,” Future Generation Computer Systems, vol. 107, pp. 509–521, 2020.
K. A. Talha, D. I. Alper, and C. Aydin, “Apk auditor: Permission-based android malware detection system,” Digital Investigation, vol. 13, pp. 1–14, 2015.
K. Xu, Y. Li, and R. H. Deng, “Iccdetector: Icc-based malware detection on android,” IEEE Transactions on Information Forensics and Security, vol. 11, no. 6, pp. 1252–1264, 2016.
P. Shemitha and J. P. M. Dhas, “Research perceptions on ransomware attack: a complete analysis on conventional authentication protocols in network,” Evolutionary Intelligence, pp. 1–16, 2020.
J.-Y. Kim and S.-B. Cho, “Obfuscated malware detection using deep generative model based on global/local features,” Computers & Security, vol. 112, p. 102501, 2022.
A. Arora, S. K. Peddoju, and M. Conti, “Permpair: Android malware detection using permission pairs,” IEEE Transactions on Information Forensics and Security, vol. 15, pp. 1968–1982, 2019.
N. Kumar and N. Sukavanam, “Weakly supervised deep network for spatiotemporal localization and detection of human actions in wild conditions,” The Visual Computer, vol. 36, no. 9, pp. 1809–1821, 2020.
N. Kumar, “Large scale deep network architecture of cnn for unconstraint visual activity analytics,” in International Conference on Intelligent Systems Design and Applications. Springer, 2017, pp. 251–261.
F. A Ghaleb, F. Saeed, M. Al-Sarem, B. Ali Saleh Al-rimy, W. Boulila, A. Eljialy, K. Aloufi, and M. Alazab, “Misbehavior-aware on-demand collaborative intrusion detection system using distributed ensemble learning for vanet,” Electronics, vol. 9, no. 9, p. 1411, 2020.
B. Geluvaraj, P. Satwik, and T. Ashok Kumar, “The future of cybersecurity: Major role of artificial intelligence, machine learning, and deep learning in cyberspace,” in International Conference on Computer Networks and Communication Technologies. Springer, 2019, pp. 739–747.
S. I. Bae, G. B. Lee, and E. G. Im, “Ransomware detection using machine learning algorithms,” Concurrency and Computation: Practice and Experience, vol. 32, no. 18, p. e5422, 2020.
K. Sunitha Krishnan and S. M. Thampi, “Deep learning approaches for iot security in the big data era,” in Combating Security Challenges in the Age of Big Data. Springer, 2020, pp. 105–135.
H. Faris, M. Habib, I. Almomani, M. Eshtay, and I. Aljarah, “Optimizing extreme learning machines using chains of salps for efficient android ransomware detection,” Applied Sciences, vol. 10, no. 11, p. 3706, 2020.
B. A. S. Al-rimy, M. A. Maarof, Y. A. Prasetyo, S. Z. M. Shaid, and A. F. M. Ariffin, “Zero-day aware decision fusion-based model for crypto-ransomware early detection,” International Journal of Integrated Engineering, vol. 10, no. 6, 2018.
N. Andronio, S. Zanero, and F. Maggi, “Heldroid: Dissecting and detecting mobile ransomware,” in international symposium on recent advances in intrusion detection. Springer, 2015, pp. 382–404.
F. Mercaldo, V. Nardone, A. Santone, and C. A. Visaggio, “Ransomware steals your phone. formal methods rescue it,” in International Conference on Formal Techniques for Distributed Objects, Components, and Systems. Springer, 2016, pp. 212–221.
D. Maiorca, F. Mercaldo, G. Giacinto, C. A. Visaggio, and F. Martinelli, “R-packdroid: Api package-based characterization and detection of mobile ransomware,” in Proceedings of the symposium on applied computing, 2017, pp. 1718–1723.
H. Zhang, X. Xiao, F. Mercaldo, S. Ni, F. Martinelli, and A. K. Sangaiah, “Classification of ransomware families with machine learning based onngram of opcodes,” Future Generation Computer Systems, vol. 90, pp. 211–221, 2019.
B. Zhang, W. Xiao, X. Xiao, A. K. Sangaiah, W. Zhang, and J. Zhang, “Ransomware classification using patch-based cnn and self-attention network on embedded n-grams of opcodes,” Future Generation Computer Systems, vol. 110, pp. 708–720, 2020.
N. Scaife, H. Carter, P. Traynor, and K. R. Butler, “Cryptolock (and drop it): stopping ransomware attacks on user data,” in 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS). IEEE, 2016, pp. 303–312.
Y. Feng, C. Liu, and B. Liu, “Poster: A new approach to detecting ransomware with deception,” in 38th IEEE Symposium on Security and Privacy, 2017.
C. Moore, “Detecting ransomware with honeypot techniques,” 2016.
K. Cabaj, P. Gawkowski, K. Grochowski, and D. Osojca, “Network activity analysis of cryptowall ransomware,” Przeglad Elektrotechniczny, vol. 91, no. 11, pp. 201–204, 2015.
A. Damodaran, F. Di Troia, C. A. Visaggio, T. H. Austin, and M. Stamp, “A comparison of static, dynamic, and hybrid analysis for malware detection,” Journal of Computer Virology and Hacking Techniques, vol. 13, no. 1, pp. 1–12, 2017.
B. Lokuketagoda, M. P. Weerakoon, U. M. Kuruppu, A. N. Senarathne, and K. Y. Abeywardena, “R-killer: An email based ransomware protection tool,” in 2018 13th International Conference on Computer Science & Education (ICCSE). IEEE, 2018, pp. 1–7.
S. Kok, A. Abdullah, and N. Jhanjhi, “Early detection of cryptoransomware using pre-encryption detection algorithm,” Journal of King Saud University-Computer and Information Sciences, 2020.
A. Ashraf, A. Aziz, U. Zahoora, M. Rajarajan, and A. Khan, “Ransomware analysis using feature engineering and deep neural networks,” arXiv preprint arXiv:1910.00286, 2019.
B. A. S. Al-rimy, M. A. Maarof, and S. Z. M. Shaid, “Ransomware threat success factors, taxonomy, and countermeasures: A survey and research directions,” Computers & Security, vol. 74, pp. 144–166, 2018.
M. Shukla, S. Mondal, and S. Lodha, “Poster: Locally virtualized environment for mitigating ransomware threat,” in proceedings of the 2016 ACM SIGSAC conference on computer and communications security, 2016, pp. 1784–1786.
J. A. H. Silva and M. Hernández-Alvarez, “Large scale ransomware detection by cognitive security,” in 2017 IEEE Second Ecuador Technical Chapters Meeting (ETCM). IEEE, 2017, pp. 1–4.
B. A. S. Al-rimy, M. A. Maarof, and S. Z. M. Shaid, “A 0-day aware crypto-ransomware early behavioral detection framework,” in International Conference of Reliable Information and Communication Technology. Springer, 2017, pp. 758–766.
K. C. Roy and Q. Chen, “Deepran: Attention-based bilstm and crf for ransomware early detection and classification,” Information Systems Frontiers, vol. 23, no. 2, pp. 299–315, 2021.
O. Or-Meir, N. Nissim, Y. Elovici, and L. Rokach, “Dynamic malware analysis in the modern era—a state of the art survey,” ACM Computing Surveys (CSUR), vol. 52, no. 5, pp. 1–48, 2019.
G. Jacob, P. M. Comparetti, M. Neugschwandtner, C. Kruegel, and G. Vigna, “A static, packer-agnostic filter to detect similar malware samples,” in International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 2012, pp. 102–122.
D. Arp, M. Spreitzenbarth, M. Hubner, H. Gascon, K. Rieck, and C. Siemens, “Drebin: Effective and explainable detection of android malware in your pocket.” in Ndss, vol. 14, 2014, pp. 23–26.
S. Y. Yerima, S. Sezer, G. McWilliams, and I. Muttik, “A new android malware detection approach using bayesian classification,” in 2013 IEEE 27th international conference on advanced information networking and applications (AINA). IEEE, 2013, pp. 121–128.
A. Armando, G. Chiarelli, G. Costa, G. De Maglie, R. Mammoliti, and A. Merlo, “Mobile app security analysis with the maveric static analysis module.” J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl., vol. 5, no. 4, pp. 103–119, 2014.
Y. Pan, X. Ge, C. Fang, and Y. Fan, “A systematic literature review of android malware detection using static analysis,” IEEE Access, vol. 8, pp. 116363–116379, 2020.
V. Syrris and D. Geneiatakis, “On machine learning effectiveness for malware detection in android os using static analysis data,” Journal of Information Security and Applications, vol. 59, p. 102794, 2021.
F. Idrees, M. Rajarajan, M. Conti, T. M. Chen, and Y. Rahulamathavan, “Pindroid: A novel android malware detection system using ensemble learning methods,” Computers & Security, vol. 68, pp. 36–46, 2017.
A. Feizollah, N. B. Anuar, R. Salleh, G. Suarez-Tangil, and S. Furnell, “Androdialysis: Analysis of android intent effectiveness in malware detection,” computers & security, vol. 65, pp. 121–134, 2017.
I. You and K. Yim, “Malware obfuscation techniques: A brief survey,” in 2010 International conference on broadband, wireless computing, communication and applications. IEEE, 2010, pp. 297–300.
E. Kolodenker, W. Koch, G. Stringhini, and M. Egele, “Paybreak: Defense against cryptographic ransomware,” in Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, 2017, pp. 599–611.
S. Gupta, H. Sharma, and S. Kaur, “Malware characterization using windows api call sequences,” in International Conference on Security, Privacy, and Applied Cryptography Engineering. Springer, 2016, pp. 271–280.
Y. Ki, E. Kim, and H. K. Kim, “A novel approach to detect malware based on api call sequence analysis,” International Journal of Distributed Sensor Networks, vol. 11, no. 6, p. 659101, 2015.
S. Peisert, M. Bishop, S. Karin, and K. Marzullo, “Analysis of computer intrusions using sequences of function calls,” IEEE Transactions on dependable and secure computing, vol. 4, no. 2, pp. 137–150, 2007.
Y. Qiao, Y. Yang, L. Ji, and J. He, “Analyzing malware by abstracting the frequent itemsets in api call sequences,” in 2013 12th IEEE international conference on trust, security and privacy in computing and communications. IEEE, 2013, pp. 265–270.
U. Bayer, C. Kruegel, and E. Kirda, TTAnalyze: A tool for analyzing malware. Citeseer, 2006.
D. Sgandurra, L. Muñoz-González, R. Mohsen, and E. C. Lupu, “Automated dynamic analysis of ransomware: Benefits, limitations and use for detection,” arXiv preprint arXiv:1609.03020, 2016.
A. Kharraz, W. Robertson, D. Balzarotti, L. Bilge, and E. Kirda, “Cutting the gordian knot: A look under the hood of ransomware attacks,” in International conference on detection of intrusions and malware, and vulnerability assessment. Springer, 2015, pp. 3–24.
A. Continella, A. Guagnelli, G. Zingaro, G. De Pasquale, A. Barenghi, S. Zanero, and F. Maggi, “Shieldfs: a self-healing, ransomware-aware filesystem,” in Proceedings of the 32nd annual conference on computer security applications, 2016, pp. 336–347.
M. Ahmadi, D. Ulyanov, S. Semenov, M. Trofimov, and G. Giacinto, “Novel feature extraction, selection and fusion for effective malware family classification,” in Proceedings of the sixth ACM conference on data and application security and privacy, 2016, pp. 183–194.
Y. Zhang, Y. Sui, S. Pan, Z. Zheng, B. Ning, I. Tsang, and W. Zhou, “Familial clustering for weakly-labeled android malware using hybrid representation learning,” IEEE Transactions on Information Forensics and Security, vol. 15, pp. 3401–3414, 2019.
R. Richardson and M. M. North, “Ransomware: Evolution, mitigation and prevention,” International Management Review, vol. 13, no. 1, p. 10, 2017.
A. Cimitile, F. Mercaldo, V. Nardone, A. Santone, and C. A. Visaggio, “Talos: no more ransomware victims with formal methods,” International Journal of Information Security, vol. 17, no. 6, pp. 719–738, 2018.
I. Bello, H. Chiroma, U. A. Abdullahi, A. Y. Gital, F. Jauro, A. Khan, J. O. Okesola, and S. M. Abdulhamid, “Detecting ransomware attacks using intelligent algorithms: Recent development and next direction from deep learning and big data perspectives,” Journal of Ambient Intelligence and Humanized Computing, vol. 12, no. 9, pp. 8699–8717, 2021.
J. A. H. Silva, L. I. B. López, Á. L. V. Caraguay, and M. HernándezÁlvarez, “A survey on situational awareness of ransomware attacks—detection and prevention parameters,” Remote Sensing, vol. 11, no. 10, 2019.
S. Alsoghyer and I. Almomani, “On the effectiveness of application permissions for android ransomware detection,” in 2020 6th conference on data science and machine learning applications (CDMA). IEEE, 2020, pp. 94–99.
U. Adamu and I. Awan, “Ransomware prediction using supervised learning algorithms,” in 2019 7th International Conference on Future Internet of Things and Cloud (FiCloud). IEEE, 2019, pp. 57–63.
M. Humayun, N. Jhanjhi, A. Alsayat, and V. Ponnusamy, “Internet of things and ransomware: Evolution, mitigation and prevention,” Egyptian Informatics Journal, vol. 22, no. 1, pp. 105–117, 2021.
S. Song, B. Kim, and S. Lee, “The effective ransomware prevention technique using process monitoring on android platform,” Mobile Information Systems, vol. 2016, 2016.
Z. Yuan, Y. Lu, Z. Wang, and Y. Xue, “Droid-sec: deep learning in android malware detection,” in Proceedings of the 2014 ACM conference on SIGCOMM, 2014, pp. 371–372.
G. Cusack, O. Michel, and E. Keller, “Machine learning-based detection of ransomware using sdn,” in Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization, 2018, pp. 1–6.
D. Kim and S. Kim, “Design of quantification model for ransom ware prevent,” World Journal of Engineering and Technology, vol. 3, no. 03, p. 203, 2015.
J.-Y. Paik, K. Shin, and E.-S. Cho, “Poster: Self-defensible storage devices based on flash memory against ransomware,” in Proceedings of IEEE Symposium on Security and Privacy, 2016.
M. Alam, S. Sinha, S. Bhattacharya, S. Dutta, D. Mukhopadhyay, and A. Chattopadhyay, “Rapper: Ransomware prevention via performance counters,” arXiv preprint arXiv:2004.01712, 2020.
M. Basnet, S. Poudyal, M. H. Ali, and D. Dasgupta, “Ransomware detection using deep learning in the scada system of electric vehicle charging station,” in 2021 IEEE PES Innovative Smart Grid Technologies Conference-Latin America (ISGT Latin America). IEEE, 2021, pp. 1–5.
Y. Li, J. Jang, X. Hu, and X. Ou, “Android malware clustering through malicious payload mining,” in International symposium on research in attacks, intrusions, and defenses. Springer, 2017, pp. 192–214.
W. Wang, Y. Li, X. Wang, J. Liu, and X. Zhang, “Detecting android malicious apps and categorizing benign apps with ensemble of classifiers,” Future generation computer systems, vol. 78, pp. 987–994, 2018.
P. Xu and A. E. Khairi, “Android-coco: Android malware detection with graph neural network for byte-and native-code,” arXiv preprint arXiv:2112.10038, 2021.
A. Krizhevsky, I. Sutskever, and G. E. Hinton, “Imagenet classification with deep convolutional neural networks,” Advances in neural information processing systems, vol. 25, pp. 1097–1105, 2012.
I. Sutskever, O. Vinyals, and Q. V. Le, “Sequence to sequence learning with neural networks,” in Advances in neural information processing systems, 2014, pp. 3104–3112.
T. Young, D. Hazarika, S. Poria, and E. Cambria, “Recent trends in deep learning based natural language processing,” ieee Computational intelligenCe magazine, vol. 13, no. 3, pp. 55–75, 2018.
R. Coulter, Q.-L. Han, L. Pan, J. Zhang, and Y. Xiang, “Code analysis for intelligent cyber systems: A data-driven approach,” Information sciences, vol. 524, pp. 46–58, 2020.
N. Kumar, “Recent issues with machine vision applications for deep network architectures,” in Cognitive Computing Systems. Apple Academic Press, 2021, pp. 267–284.
R. Feng, S. Chen, X. Xie, G. Meng, S.-W. Lin, and Y. Liu, “A performance-sensitive malware detection system using deep learning on mobile devices,” IEEE Transactions on Information Forensics and Security, vol. 16, pp. 1563–1578, 2020.
Z. Wang, G. Li, Z. Zhuo, X. Ren, Y. Lin, and J. Gu, “A deep learning method for android application classification using semantic features,” Security and Communication Networks, vol. 2022, 2022.
D. Barrera, H. G. Kayacik, P. C. Van Oorschot, and A. Somayaji, “A methodology for empirical analysis of permission-based security models and its application to android,” in Proceedings of the 17th ACM conference on Computer and communications security, 2010, pp. 73–84.
B. P. Sarma, N. Li, C. Gates, R. Potharaju, C. Nita-Rotaru, and I. Molloy, “Android permissions: a perspective combining risks and benefits,” in Proceedings of the 17th ACM symposium on Access Control Models and Technologies, 2012, pp. 13–22.
H. Peng, C. Gates, B. Sarma, N. Li, Y. Qi, R. Potharaju, C. Nita-Rotaru, and I. Molloy, “Using probabilistic generative models for ranking risks of android apps,” in Proceedings of the 2012 ACM conference on Computer and communications security, 2012, pp. 241–252.
Y. Aafer, W. Du, and H. Yin, “Droidapiminer: Mining api-level features for robust malware detection in android,” in International conference on security and privacy in communication systems. Springer, 2013, pp. 86–103.
I. Burguera, U. Zurutuza, and S. Nadjm-Tehrani, “Crowdroid: behaviorbased malware detection system for android,” in Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, 2011, pp. 15–26.
S. Chakradeo, B. Reaves, P. Traynor, and W. Enck, “Mast: Triage for market-scale mobile malware analysis,” in Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks, 2013, pp. 13–24.
M. Kalash, M. Rochan, N. Mohammed, N. D. Bruce, Y. Wang, and F. Iqbal, “Malware classification with deep convolutional neural networks,” in 2018 9th IFIP international conference on new technologies, mobility and security (NTMS). IEEE, 2018, pp. 1–5.
D. Gibert, C. Mateu, J. Planes, and R. Vicens, “Using convolutional neural networks for classification of malware represented as images,” Journal of Computer Virology and Hacking Techniques, vol. 15, no. 1, pp. 15–28, 2019.
N. Marastoni, R. Giacobazzi, and M. Dalla Preda, “Data augmentation and transfer learning to classify malware images in a deep learning context,” Journal of Computer Virology and Hacking Techniques, vol. 17, no. 4, pp. 279–297, 2021.
N. Bhodia, P. Prajapati, F. Di Troia, and M. Stamp, “Transfer learning for image-based malware classification,” arXiv preprint arXiv:1903.11551, 2019.
P. Prajapati and M. Stamp, “An empirical analysis of image-based learning techniques for malware classification,” in Malware Analysis Using Artificial Intelligence and Deep Learning. Springer, 2021, pp. 411–435.
X. Pei, X. Deng, S. Tian, L. Zhang, and K. Xue, “A knowledge transferbased semi-supervised federated learning for iot malware detection,” IEEE Transactions on Dependable and Secure Computing, 2022.
S. Yajamanam, V. R. S. Selvin, F. Di Troia, and M. Stamp, “Deep learning versus gist descriptors for image-based malware classification.” in Icissp, 2018, pp. 553–561.
M. Douze, H. Jégou, H. Sandhawalia, L. Amsaleg, and C. Schmid, “Evaluation of gist descriptors for web-scale image search,” in Proceedings of the ACM International Conference on Image and Video Retrieval, 2009, pp. 1–8.
D. Vasan, M. Alazab, S. Wassan, B. Safaei, and Q. Zheng, “Image-based malware classification using ensemble of cnn architectures (imcec),” Computers & Security, vol. 92, p. 101748, 2020.
M. Jain, W. Andreopoulos, and M. Stamp, “Convolutional neural networks and extreme learning machines for malware classification,” Journal of Computer Virology and Hacking Techniques, vol. 16, no. 3, pp. 229–244, 2020.
Y. A. Ahmed, B. Koçer, S. Huda, B. A. S. Al-rimy, and M. M. Hassan, “A system call refinement-based enhanced minimum redundancy maximum relevance method for ransomware early detection,” Journal of Network and Computer Applications, vol. 167, p. 102753, 2020.
H. Zuhair and A. Selamat, “Rands: A machine learning-based antiransomware tool for windows platforms,” in Advancing Technology Industrialization Through Intelligent Software Methodologies, Tools and Techniques. IOS Press, 2019, pp. 573–587.
S. Homayoun, A. Dehghantanha, M. Ahmadzadeh, S. Hashemi, R. Khayami, K.-K. R. Choo, and D. E. Newton, “Drthis: Deep ransomware threat hunting and intelligence system at the fog layer,” Future Generation Computer Systems, vol. 90, pp. 94–104, 2019.
B. A. S. Al-rimy, M. A. Maarof, and S. Z. M. Shaid, “Crypto-ransomware early detection model using novel incremental bagging with enhanced semi-random subspace selection,” Future Generation Computer Systems, vol. 101, pp. 476–491, 2019.
S. Kok, A. Azween, and N. Jhanjhi, “Evaluation metric for cryptoransomware detection using machine learning,” Journal of Information Security and Applications, vol. 55, p. 102646, 2020.
L. Fernandez Maimo, A. Huertas Celdran, A. L. Perales Gomez, F. J. Garcia Clemente, J. Weimer, and I. Lee, “Intelligent and dynamic ransomware spread detection and mitigation in integrated clinical environments,” Sensors, vol. 19, no. 5, p. 1114, 2019.
A. O. Almashhadani, M. Kaiiali, S. Sezer, and P. O’Kane, “A multiclassifier network-based crypto ransomware detection system: A case study of locky ransomware,” Ieee Access, vol. 7, pp. 47053–47067, 2019.
S. Aurangzeb, R. N. B. Rais, M. Aleem, M. A. Islam, and M. A. Iqbal, “On the classification of microsoft-windows ransomware using hardware profile,” PeerJ Computer Science, vol. 7, p. e361, 2021.
B. Jethva, I. Traoré, A. Ghaleb, K. Ganame, and S. Ahmed, “Multilayer ransomware detection using grouped registry key operations, file entropy and file signature monitoring,” Journal of Computer Security, vol. 28, no. 3, pp. 337–373, 2020.
S. K. Shaukat and V. J. Ribeiro, “Ransomwall: A layered defense system against cryptographic ransomware attacks using machine learning,” in 2018 10th International Conference on Communication Systems & Networks (COMSNETS). IEEE, 2018, pp. 356–363.
S. Aurangzeb, M. Aleem, M. A. Iqbal, M. A. Islam et al., “Ransomware: a survey and trends,” J. Inf. Assur. Secur, vol. 6, no. 2, pp. 48–58, 2017.
N. K. Popli and A. Girdhar, “Behavioural analysis of recent ransomwares and prediction of future attacks by polymorphic and metamorphic ransomware,” in Computational Intelligence: Theories, Applications and Future Directions-Volume II. Springer, 2019, pp. 65–80.
B. A. S. Al-Rimy, M. A. Maarof, M. Alazab, F. Alsolami, S. Z. M. Shaid, F. A. Ghaleb, T. Al-Hadhrami, and A. M. Ali, “A pseudo feedbackbased annotated tf-idf technique for dynamic crypto-ransomware preencryption boundary delineation and features extraction,” IEEE Access, vol. 8, pp. 140586–140598, 2020.
R. Vinayakumar, K. Soman, K. S. Velan, and S. Ganorkar, “Evaluating shallow and deep networks for ransomware detection and classification,” in 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI). IEEE, 2017, pp. 259–265.
F. Khan, C. Ncube, L. K. Ramasamy, S. Kadry, and Y. Nam, “A digital dna sequencing engine for ransomware detection using machine learning,” IEEE Access, vol. 8, pp. 119710–119719, 2020.
M. M. Hasan and M. M. Rahman, “Ranshunt: A support vector machines based ransomware analysis framework with integrated feature set,” in 2017 20th International Conference of Computer and Information Technology (ICCIT). IEEE, 2017, pp. 1–7.
S. Sharmeen, Y. A. Ahmed, S. Huda, B. S¸. Koçer, and M. M. Hassan, “Avoiding future digital extortion through robust protection against ransomware threats using deep learning based adaptive approaches,” IEEE Access, vol. 8, pp. 24522–24534, 2020.
S. Kok, A. Abdullah, N. Jhanjhi, and M. Supramaniam, “Ransomware, threat and detection techniques: A review,” Int. J. Comput. Sci. Netw. Secur, vol. 19, no. 2, p. 136, 2019.
C. Do Xuan and D. Huong, “A new approach for apt malware detection based on deep graph network for endpoint systems,” Applied Intelligence, pp. 1–20, 2022.
J. Hwang, J. Kim, S. Lee, and K. Kim, “Two-stage ransomware detection using dynamic analysis and machine learning techniques,” Wireless Personal Communications, vol. 112, no. 4, pp. 2597–2609, 2020.
A. Kharaz, S. Arshad, C. Mulliner, W. Robertson, and E. Kirda, “{UNVEIL}: A {Large-Scale}, automated approach to detecting ransomware,” in 25th USENIX security symposium (USENIX security 16), 2016, pp. 757–772.
A. Mallik, A. Khetarpal, and S. Kumar, “Conrec: malware classification using convolutional recurrence,” Journal of Computer Virology and Hacking Techniques, pp. 1–17, 2022.
J. Zhu, J. Jang-Jaccard, A. Singh, I. Welch, A.-S. Harith, and S. Camtepe, “A few-shot meta-learning based siamese neural network using entropy features for ransomware classification,” Computers & Security, vol. 117, p. 102691, 2022.
U. Ahmed, J. C.-W. Lin, and G. Srivastava, “Mitigating adversarial evasion attacks of ransomware using ensemble learning,” Computers and Electrical Engineering, vol. 100, p. 107903, 2022.
F. Manavi and A. Hamzeh, “A novel approach for ransomware detection based on pe header using graph embedding,” Journal of Computer Virology and Hacking Techniques, pp. 1–12, 2022.
S. I. Imtiaz, S. ur Rehman, A. R. Javed, Z. Jalil, X. Liu, and W. S. Alnumay, “Deepamd: Detection and identification of android malware using high-efficient deep artificial neural network,” Future Generation computer systems, vol. 115, pp. 844–856, 2021.
J. Saxe and K. Berlin, “Deep neural network based malware detection using two dimensional binary program features,” in 2015 10th international conference on malicious and unwanted software (MALWARE). IEEE, 2015, pp. 11–20.
Z. Liu, R. Wang, N. Japkowicz, D. Tang, W. Zhang, and J. Zhao, “Research on unsupervised feature learning for android malware detection.
Y. Ye, L. Chen, S. Hou, W. Hardy, and X. Li, “Deepam: a heterogeneous deep learning framework for intelligent malware detection,” Knowledge and Information Systems, vol. 54, no. 2, pp. 265–285, 2018.
F. Naït-Abdesselam, A. Darwaish, and C. Titouna, “Malware forensics: Legacy solutions, recent advances, and future challenges,” in Advances in Computing, Informatics, Networking and Cybersecurity. Springer, 2022, pp. 685–710.
A. Pekta¸s and T. Acarman, “Classification of malware families based on runtime behaviors,” Journal of information security and applications, vol. 37, pp. 91–100, 2017.
D. Yuxin and Z. Siyi, “Malware detection based on deep learning algorithm,” Neural Computing and Applications, vol. 31, no. 2, pp. 461–472, 2019.
S. Garg and N. Baliyan, “M2vmapper: Malware-to-vulnerability mapping for android using text processing,” Expert Systems with Applications, vol. 191, p. 116360, 2022.
S. Hochreiter and J. Schmidhuber, “Long short-term memory,” Neural computation, vol. 9, no. 8, pp. 1735–1780, 1997.
X. Xiao, S. Zhang, F. Mercaldo, G. Hu, and A. K. Sangaiah, “Android malware detection based on system call sequences and lstm,” Multimedia Tools and Applications, vol. 78, no. 4, pp. 3979–3999, 2019.
J.-Y. Kim, S.-J. Bu, and S.-B. Cho, “Zero-day malware detection using transferred generative adversarial networks based on deep autoencoders,” Information Sciences, vol. 460, pp. 83–102, 2018.
M. Q. Li, B. C. Fung, P. Charland, and S. H. Ding, “I-mad: Interpretable malware detector using galaxy transformer,” Computers & Security, vol. 108, p. 102371, 2021.
J. A. Gómez-Hernández, L. Álvarez-González, and P. García-Teodoro, “R-locker: Thwarting ransomware action through a honeyfile-based approach,” Computers & Security, vol. 73, pp. 389–398, 2018.
H. Alshahrani, H. Mansourt, S. Thorn, A. Alshehri, A. Alzahrani, and H. Fu, “Ddefender: Android application threat detection using static and dynamic analysis,” in 2018 IEEE International Conference on Consumer Electronics (ICCE). IEEE, 2018, pp. 1–6.
T. Hamed, R. Dara, and S. C. Kremer, “Network intrusion detection system based on recursive feature addition and bigram technique,” computers & security, vol. 73, pp. 137–155, 2018.
A. Kumar, K. Kuppusamy, and G. Aghila, “A learning model to detect maliciousness of portable executable using integrated feature set,” Journal of King Saud University-Computer and Information Sciences, vol. 31, no. 2, pp. 252–265, 2019.
J. Stiborek, T. Pevny, and M. Rehák, “Multiple instance learning for ‘ malware classification,” Expert Systems with Applications, vol. 93, pp. 346–357, 2018.
C.-H. Lin, H.-K. Pao, and J.-W. Liao, “Efficient dynamic malware analysis using virtual time control mechanics,” Computers & Security, vol. 73, pp. 359–373, 2018.
S. Chen, M. Xue, L. Fan, S. Hao, L. Xu, H. Zhu, and B. Li, “Automated poisoning attacks and defenses in malware detection systems: An adversarial machine learning approach,” computers & security, vol. 73, pp. 326–344, 2018.
N. Hampton, Z. Baig, and S. Zeadally, “Ransomware behavioural analysis on windows platforms,” Journal of information security and applications, vol. 40, pp. 44–51, 2018.
J. Stiborek, T. Pevny, and M. Rehák, “Probabilistic analysis of dynamic’ malware traces,” Computers & Security, vol. 74, pp. 221–239, 2018.
S. Hou, A. Saas, L. Chen, and Y. Ye, “Deep4maldroid: A deep learning framework for android malware detection based on linux kernel system call graphs,” in 2016 IEEE/WIC/ACM International Conference on Web Intelligence Workshops (WIW). IEEE, 2016, pp. 104–111.
D. W. Fernando and N. Komninos, “Fesa: Feature selection architecture for ransomware detection under concept drift,” Computers & Security, vol. 116, p. 102659, 2022.
Published
How to Cite
Issue
Section
License
Copyright (c) 2023 Journal of Cyber Security and Mobility
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
