Browsing by Subject "malware"

Now showing 1 - 2 of 2
  • Thumbnail Image
    Item
    Investigation of Malicious Portable Executable File Detection on the Network using Supervised Learning Techniques
    (IEEE, 2017-05) Vyas, Rushabh; Luo, Xiao; McFarland, Nichole; Justice, Connie; Computer Information and Graphics Technology, School of Engineering and Technology
    Malware continues to be a critical concern for everyone from home users to enterprises. Today, most devices are connected through networks to the Internet. Therefore, malicious code can easily and rapidly spread. The objective of this paper is to examine how malicious portable executable (PE) files can be detected on the network by utilizing machine learning algorithms. The efficiency and effectiveness of the network detection rely on the number of features and the learning algorithms. In this work, we examined 28 features extracted from metadata, packing, imported DLLs and functions of four different types of PE files for malware detection. The returned results showed that the proposed system can achieve 98.7% detection rates, 1.8% false positive rate, and with an average scanning speed of 0.5 seconds per file in our testing environment.
  • Thumbnail Image
    Item
    Obfuscating Function Call Topography to Test Structural Malware Detection against Evasion Attacks
    (IEEE, 2017-01) Choliy, Andrew; Li, Feng; Gao, Tianchong; Computer Information and Graphics Technology, School of Engineering and Technology
    The incredible popularity of the Android mobile operating system has resulted in a massive influx of malicious applications for the platform. This malware can come from a number of sources as Google allows the installation of Android App Packages (APKs) from third parties. Even within its own Google Play storefront, however, malicious software can be found. One type of approach to identify malware focuses on the structural properties of the function call graphs (FCGs) extracted from APKs. The aim of this research work is to test the robustness of one example method in this category, named the ACTS (App topologiCal signature through graphleT Sampling) method. By extracting graphlet statistics from a FCG, the ACTS approach is able to efficiently differentiate between benign app samples and malware with good accuracy. In this work, we obfuscate the FCG of malware in several ways, and test the ACTs method against these evasion attacks. The statistical results of running ACTS against unmodified real malware samples is compared with the results of ACTS running against obfuscated versions of those same apps.