DALL·E 2023-12-01 17.40.08 - A futuristic image depicting 'AI-based Malware Detection'. The scene should portray a sophisticated cybersecurity operations center. In the center, th

AI based Malware Detection

AI based Malware Detection

Enterprises are striving to remain protected against the malware based cyber-attacks over their infrastructure, facilities, networks and systems. Static analysis is an effective approach to detect the malware i.e. malicious Portable Executable(PE). It performs the in depth analysis of PE files without executing them, which is highly effective to minimize the risk of malicious PE contaminating the system and allowing its early stage detection. Yet, the instant detection using static analysis has become very difficult due to the exponential rise in volume and variety of malware. The compelling need of early stage detection of malware based attacks significantly motivates research inclination towards automated malware detection.
The recent machine learning aided malware detection approaches using static analysis are mostly supervised. Supervised malware detection using static analysis is based on manual labelling and human feedback and therefore less effective in rapidly evolutionary and dynamic threat space. To this end, we propose a progressive deep unsupervised framework with feature attention blocks for static analysis-based malware detection (PROUD-MAL). The framework is based on cascading blocks of unsupervised clustering and feature attention based deep neural network. The deep neural network is embedded with feature attention blocks and is trained on the predicted labels. To evaluate the proposed unsupervised framework, we collected a real-time malware dataset by deploying low and high interaction honey pots on an enterprise organizational network. Moreover, endpoint security solution is also deployed over the enterprise organizational network to collect malware samples. After post processing and cleaning, the dataset is comprised of 15457 PE samples, out of which 8775 are malicious and 6681 are benign. The proposed PROUD-MAL framework achieved better quantitative performance in standard evaluation metrices on this dataset and outperformed other conventional machine learning algorithms.

The implementation and dataset is made available for public at github

Faculty

Students

  • Syed Khuram Jah Rizvi
  • Warda Aslam

Selected Publications

  • SK Rizwi, W. Aslam, M. Shahzad, S. Saleem, M.M. Fraz , “PROUD-MAL: static analysis-based progressive framework for deep unsupervised malware classification of windows portable executable”, Complex & Intelligent Systems, Vol. 21 , No. 2, Oct, 2021. IF: 4.92
  • W. Aslam, M. M. Fraz, S.K. Rizvi, S. Saleem , “Cross-validation of machine learning algorithms for malware detection using static features of Windows portable executables: A Comparative Study”, Proceedings of the 17th IEEE International Conference on Smart Communities: Improving Quality of Life Using ICT, IoT and AI (HONET), Dec, 2020, UNC Charlotte , USA.
  • S. K. J. Rizvi, M. M. Fraz. “Robust malware clustering of windows portable executables using ensemble latent representation and distribution modeling” In Concurrency and Computation: Practice and Experience 35 (8), e7621 (2023) https://doi.org/10.1002/cpe.7621
  • S. K. J. Rizvi, M. M. Fraz. “An Efficient Adversarial Defiance Towards Malware Detection System (MDS)”, In IEEE 19th International Conference on Smart Communities: Improving Quality of Life Using ICT, IoT and AI (HONET) 178-182 (2022) https://doi.org/10.1109/HONET56683.2022.10019076
  • S. K. J. Rizvi, W. Aslam, M. Shahzad, S. Saleem, M. M. Fraz. “PROUD-MAL: static analysis-based progressive framework for deep unsupervised malware classification of windows portable executable”, In Complex & Intelligent Systems, 1-13 (2022) https://doi.org/10.1007/s40747-021-00560-1
  • S. K. J. Rizvi, M. A. Azad, M. M. Fraz. “Spectrum of advancements and developments in multidisciplinary domains for generative adversarial networks (GANs)” In Archives of Computational Methods in Engineering 28 (7), 4503-4521 (2021) https://doi.org/10.1007/s11831-021-09543-4
  • W. Aslam, M. M. Fraz, S. K. Rizvi, S. Saleem. “Optimizing features for malware-benign clustering using Windows portable executables”, In International Conference on Artificial Intelligence (ICAI), 28-32 (2021) https://doi.org/10.1109/ICAI52203.2021.9445270
  • W. Aslam, M. M. Fraz, S. K. Rizvi, S. Saleem. “Cross-validation of machine learning algorithms for malware detection using static features of Windows portable executables: A Comparative Study”, In IEEE 17th International Conference on Smart Communities: Improving Quality of Life Using ICT, IoT and AI (HONET) 73-76 (2020) https://doi.org/10.1109/HONET50430.2020.9322809

Comments are closed.