The rise of machine learning for detection and classification of malware: Research developments, trends and challenges
Tóm tắt
The struggle between security analysts and malware developers is a never-ending battle with the complexity of malware changing as quickly as innovation grows. Current state-of-the-art research focus on the development and application of machine learning techniques for malware detection due to its ability to keep pace with malware evolution. This survey aims at providing a systematic and detailed overview of machine learning techniques for malware detection and in particular, deep learning techniques. The main contributions of the paper are: (1) it provides a complete description of the methods and features in a traditional machine learning workflow for malware detection and classification, (2) it explores the challenges and limitations of traditional machine learning and (3) it analyzes recent trends and developments in the field with special emphasis on deep learning approaches. Furthermore, (4) it presents the research issues and unsolved challenges of the state-of-the-art techniques and (5) it discusses the new directions of research. The survey helps researchers to have an understanding of the malware detection field and of the new developments and directions of research explored by the scientific community to tackle the problem.
Từ khóa
#Malware detection #Feature engineering #Machine learning #Deep learning #Multimodal learningTài liệu tham khảo
Ahmadi etal., 2016 M. Ahmadi D. Ulyanov S. Semenov M. Trofimov G. Giacinto Novel feature extraction, selection and fusion for effective malware family classification CODASPY 16 Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy 2016 ACM New York, NY, USA 183 194 10.1145/2857705.2857713 Ahmadi, M., Ulyanov, D., Semenov, S., Trofimov, M., Giacinto, G., 2016. Novel feature extraction, selection and fusion for effective malware family classification. In: Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy. CODASPY 16. ACM, New York, NY, USA, pp. 183-194. URL http://doi.acm.org/10.1145/2857705.2857713
AL-Hawawreh etal., 2018 M. AL-Hawawreh N. Moustafa E. Sitnikova Identification of malicious activities in industrial internet of things based on deep learning models Journal of Information Security and Applications 41 2018 1 11 http://www.sciencedirect.com/science/article/pii/S2214212617306002 AL-Hawawreh, M., Moustafa, N., Sitnikova, E., 2018. Identification of malicious activities in industrial internet of things based on deep learning models. Journal of Information Security and Applications 41, 1 - 11. URL http://www.sciencedirect.com/science/article/pii/S2214212617306002
Anderson etal., 2011 B. Anderson D. Quist J. Neil C. Storlie T. Lane Graph-based malware detection using dynamic analysis J. Comput. Virol. 7 4 Nov 2011 247 258 10.1007/s11416-_011-_0152-_x Anderson, B., Quist, D., Neil, J., Storlie, C., Lane, T., Nov 2011. Graph-based malware detection using dynamic analysis. Journal in Computer Virology 7 (4), 247-258. URL https://doi.org/10.1007/s11416-_011-_0152-_x
Athiwaratkun etal., 2017 B. Athiwaratkun J.W. Stokes Malware classification with lstm and gru language models and a character-level cnn 2017 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP) March 2017 2482 2486 Athiwaratkun, B., Stokes, J. W., March 2017. Malware classification with lstm and gru language models and a character-level cnn. In: 2017 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP). pp. 2482-2486.
Bayer etal., 2009 U. Bayer P.M. Comparetti C. Hlauschek C. Krgel E. Kirda Scalable, behavior-based malware clustering NDSS 2009 The Internet Society p. Section4 http://dblp.uni-_trier.de/db/conf/ndss/ndss2009.html#BayerCHKK09 Bayer, U., Comparetti, P. M., Hlauschek, C., Krugel, C., Kirda, E., 2009. Scalable, behavior-based malware clustering. In: NDSS. The Internet Society, p. Section4. URL http://dblp.uni-_trier.de/db/conf/ndss/ndss2009.html#BayerCHKK09
Baysa etal., 2013 D. Baysa R.M. Low M. Stamp Structural entropy and metamorphic malware Journal of Computer Virology and Hacking Techniques 9 4 Nov 2013 179 192 10.1007/s11416-_013-_0185-_4 Baysa, D., Low, R. M., Stamp, M., Nov 2013. Structural entropy and metamorphic malware. Journal of Computer Virology and Hacking Techniques 9 (4), 179-192. URL https://doi.org/10.1007/s11416-_013-_0185-_4
Bazrafshan etal., 2013 Z. Bazrafshan H. Hashemi S.M.H. Fard A. Hamzeh A survey on heuristic malware detection techniques The 5th Conference on Information and Knowledge Technology May 2013 113 120 Bazrafshan, Z., Hashemi, H., Fard, S. M. H., Hamzeh, A., May 2013. A survey on heuristic malware detection techniques. In: The 5th Conference on Information and Knowledge Technology. pp. 113-120.
Bekerman etal., 2015 D. Bekerman B. Shapira L. Rokach A. Bar Unknown malware detection using network traffic classification 09 2015 IEEE Conference on Communications and Network Security (CNS) 2015 134 142 Bekerman, D., Shapira, B., Rokach, L., Bar, A., 09 2015. Unknown malware detection using network traffic classification. In: 2015 IEEE Conference on Communications and Network Security (CNS). pp. 134-142.
Biggio and Roli, 2018 B. Biggio F. Roli Wild patterns: ten years after the rise of adversarial machine learning Pattern Recognit. 84 2018 317 331 http://www.sciencedirect.com/science/article/pii/S0031320318302565 Biggio, B., Roli, F., 2018. Wild patterns: Ten years after the rise of adversarial machine learning. Pattern Recognition 84, 317 - 331. URL http://www.sciencedirect.com/science/article/pii/S0031320318302565
Boukhtouta etal., 2016 A. Boukhtouta S.A. Mokhov N.-E. Lakhdari M. Debbabi J. Paquet Network malware classification comparison using dpi and flow packet headers Journal of Computer Virology and Hacking Techniques 12 2 May 2016 69 100 10.1007/s11416-_015-_0247-_x Boukhtouta, A., Mokhov, S. A., Lakhdari, N.-E., Debbabi, M., Paquet, J., May 2016. Network malware classification comparison using dpi and flow packet headers. Journal of Computer Virology and Hacking Techniques 12 (2), 69-100. URL https://doi.org/10.1007/s11416-_015-_0247-_x
Carlin etal., 2017a D. Carlin A. Cowan P. O'Kane S. Sezer The effects of traditional anti-virus labels on malware detection using dynamic runtime opcodes IEEE Access 5 2017 17742 17752 Carlin, D., Cowan, A., OKane, P., Sezer, S., 2017. The effects of traditional anti-virus labels on malware detection using dynamic runtime opcodes. IEEE Access 5, 17742-17752.
Carlin etal., 2017b D. Carlin P. O'Kane S. Sezer Dynamic Analysis of Malware Using Run-Time Opcodes 2017 Springer International Publishing Cham 10.1007/978-_3-_319-_59439-_2\_4 Carlin, D., OKane, P., Sezer, S., 2017. Dynamic Analysis of Malware Using Run-Time Opcodes. Springer International Publishing, Cham. URL https://doi.org/10.1007/978-_3-_319-_59439-_2\_4
Chen etal., 2017 L. Chen Y. Ye Bo T. ai Adversarial machine learning in malware detection: arms race between evasion attack and defense 2017 European Intelligence and Security Informatics Conference (EISIC) Sep. 2017 99 106 Chen, L., Ye, Y., Bourlai, T., Sep. 2017. Adversarial machine learning in malware detection: Arms race between evasion attack and defense. In: 2017 European Intelligence and Security Informatics Conference (EISIC). pp. 99-106.
Corporation, 2018 S. Corporation Symantec 2018 Internet Security Threat Report Tech. rep. 2018 Symantec Corporation https://www.symantec.com/content/dam/symantec/docs/reports/istr-_23-_executive-_summary-_en.pdf Corporation, S., 2018. Symantec 2018 internet security threat report. Tech. rep., Symantec Corporation. URL https://www.symantec.com/content/dam/symantec/docs/reports/istr-_23-_executive-_summary-_en.pdf
Dahl etal., 2013 G.E. Dahl J.W. Stokes L. Deng D. Yu Large-scale malware classification using random projections and neural networks 2013 IEEE International Conference on Acoustics, Speech and Signal Processing May 2013 3422 3426 Dahl, G. E., Stokes, J. W., Deng, L., Yu, D., May 2013. Large-scale malware classification using random projections and neural networks. In: 2013 IEEE International Conference on Acoustics, Speech and Signal Processing. pp. 3422-3426.
Davis etal., 2017 A. Davis M. Wolff M. Wojnowicz D.A. Soeder X. Zhao Neural Attention Mechanisms for Malware Analysis 07 2017 https://patentimages.storage.googleapis.com/4f/e5/74/b62fd3b08788bd/US9705904.pdf Davis, A., Wolff, M., Wojnowicz, M., Soeder, D. A., Zhao, X., 07 2017. Neural attention mechanisms for malware analysis. URL https://patentimages.storage.googleapis.com/4f/e5/74/b62fd3b08788bd/US9705904.pdf
Demetrio etal., 2019 L. Demetrio B. Biggio G. Lagorio F. Roli A. Armando Explaining Vulnerabilities of Deep Learning to Adversarial Malware Binaries CoRR abs/1901.03583 2019 http://arxiv.org/abs/1901.03583 Demetrio, L., Biggio, B., Lagorio, G., Roli, F., Armando, A., 2019. Explaining vulnerabilities of deep learning to adversarial malware binaries. CoRR abs/1901.03583. URL http://arxiv.org/abs/1901.03583
Dhammi and Singh, 2015 A. Dhammi M. Singh Behavior analysis of malware using machine learning 2015 Eighth International Conference on Contemporary Computing (IC3) Aug 2015 481 486 Dhammi, A., Singh, M., Aug 2015. Behavior analysis of malware using machine learning. In: 2015 Eighth International Conference on Contemporary Computing (IC3). pp. 481-486.
Dinaburg etal., 2008 A. Dinaburg P. Royal M. Sharif W. Lee Ether: malware analysis via hardware virtualization extensions CCS 08 Proceedings of the 15th ACM Conference on Computer and Communications Security 2008 ACM New York, NY, USA 51 62 10.1145/1455770.1455779 Dinaburg, A., Royal, P., Sharif, M., Lee, W., 2008. Ether: Malware analysis via hardware virtualization extensions. In: Proceedings of the 15th ACM Conference on Computer and Communications Security. CCS 08. ACM, New York, NY, USA, pp. 51-62. URL http://doi.acm.org/10.1145/1455770.1455779
Ding etal., 2013 Y. Ding X. Yuan K. Tang X. Xiao Y. Zhang A fast malware detection algorithm based on objective-oriented association mining Comput. Secur. 39 2013 315 324 http://www.sciencedirect.com/science/article/pii/S0167404813001259 Ding, Y., Yuan, X., Tang, K., Xiao, X., Zhang, Y., 2013. A fast malware detection algorithm based on objective-oriented association mining. Computers & Security 39, 315 - 324. URL http://www.sciencedirect.com/science/article/pii/S0167404813001259
Eskandari and Hashemi, 2011 M. Eskandari S. Hashemi Metamorphic malware detection using control flow graph mining 06 International Journal of Computer Science and Network Security 11 12 2011 Eskandari, M., Hashemi, S., 06 2011. Metamorphic malware detection using control flow graph mining. International Journal of Computer Science and Network Security 11 (12).
Faruki etal., 2012 P. Faruki V. Laxmi M.S. Gaur P. Vinod Mining control flow graph as api call-grams to detect portable executable malware SIN 12 Proceedings of the Fifth International Conference on Security of Information and Networks 2012 ACM New York, NY, USA 130 137 10.1145/2388576.2388594 Faruki, P., Laxmi, V., Gaur, M. S., Vinod, P., 2012. Mining control flow graph as api call-grams to detect portable executable malware. In: Proceedings of the Fifth International Conference on Security of Information and Networks. SIN 12. ACM, New York, NY, USA, pp. 130-137. URL http://doi.acm.org/10.1145/2388576.2388594
Fraley etal., 2017 J.B. Fraley J. Cannady The promise of machine learning in cybersecurity SoutheastCon 2017 March 2017 1 6 Fraley, J. B., Cannady, J., March 2017. The promise of machine learning in cybersecurity. In: SoutheastCon 2017. pp. 1-6.
Fuyong etal., 2017 Z. Fuyong Z. Tiezhu Malware detection and classification based on n-grams attribute similarity 2017 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC) vol. 1 July 2017 793 796 Fuyong, Z., Tiezhu, Z., July 2017. Malware detection and classification based on n-grams attribute similarity. In: 2017 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC). Vol. 1. pp. 793-796.
Galal etal., 2016 H.S. Galal Y.B. Mahdy M.A. Atiea Behavior-based features model for malware detection Journal of Computer Virology and Hacking Techniques 12 2 May 2016 59 67 10.1007/s11416-_015-_0244-_0 Galal, H. S., Mahdy, Y. B., Atiea, M. A., May 2016. Behavior-based features model for malware detection. Journal of Computer Virology and Hacking Techniques 12 (2), 59-67. URL https://doi.org/10.1007/s11416-_015-_0244-_0
Gama etal., 2014 J.a. Gama I. liobait A. Bifet M. Pechenizkiy A. Bouchachia A survey on concept drift adaptation ACM Comput. Surv. 46 4 Mar. 2014 10.1145/2523813 44:144:37 Gama, J. a., Zliobaite, I., Bifet, A., Pechenizkiy, M., Bouchachia, A., Mar. 2014. A survey on concept drift adaptation. ACM Comput. Surv. 46 (4), 44:1-44:37. URL http://doi.acm.org/10.1145/2523813
Ghiasi etal., 2012 M. Ghiasi A. Sami Z. Salehi Dynamic malware detection using registers values set analysis 2012 9th International ISC Conference on Information Security and Cryptology Sep. 2012 54 59 Ghiasi, M., Sami, A., Salehi, Z., Sep. 2012. Dynamic malware detection using registers values set analysis. In: 2012 9th International ISC Conference on Information Security and Cryptology. pp. 54-59.
Ghiasi etal., 2015 M. Ghiasi A. Sami Z. Salehi Dynamic vsa: a framework for malware detection based on register contents Eng. Appl. Artif. Intell. 44 2015 111 122 http://www.sciencedirect.com/science/article/pii/S0952197615001190 Ghiasi, M., Sami, A., Salehi, Z., 2015. Dynamic vsa: a framework for malware detection based on register contents. Engineering Applications of Artificial Intelligence 44, 111 - 122. URL http://www.sciencedirect.com/science/article/pii/S0952197615001190
Gibert etal., 2017 D. Gibert J. Bjar C. Mateu J. Planes D. Solis R. Vicens Convolutional neural networks for classification of malware assembly code Recent Advances in Artificial Intelligence Research and Development - Proceedings of the 20th International Conference of the Catalan Association for Artificial Intelligence, Deltebre, Terres de l'Ebre, Spain, October 25-27, 2017 2017 221 226 10.3233/978-_1-_61499-_806-_8-_221 Gibert, D., Bejar, J., Mateu, C., Planes, J., Solis, D., Vicens, R., 2017. Convolutional neural networks for classification of malware assembly code. In: Recent Advances in Artificial Intelligence Research and Development - Proceedings of the 20th International Conference of the Catalan Association for Artificial Intelligence, Deltebre, Terres de lEbre, Spain, October 25-27, 2017. pp. 221-226. URL https://doi.org/10.3233/978-_1-_61499-_806-_8-_221
Gibert etal., 2018a D. Gibert C. Mateu J. Planes An end-to-end deep learning architecture for classification of malware's binary content Krkov V. Manolopoulos Y. Hammer B. Iliadis L. Maglogiannis I. Artificial Neural Networks and Machine Learning ICANN 2018 2018 Springer International Publishing Cham 383 391 Gibert, D., Mateu, C., Planes, J., 2018a. An end-to-end deep learning architecture for classification of malwares binary content. In: Kurkova, V., Manolopoulos, Y., Hammer, B., Iliadis, L., Maglogiannis, I. (Eds.), Artificial Neural Networks and Machine Learning - ICANN 2018. Springer International Publishing, Cham, pp. 383-391.
Gibert etal., 2018b D. Gibert C. Mateu J. Planes R. Vicens Classification of malware by using structural entropy on convolutional neural networks IAAI Conference on Artificial Intelligence 2018 7759 7764 https://www.aaai.org/ocs/index.php/AAAI/AAAI18/paper/view/16133 Gibert, D., Mateu, C., Planes, J., Vicens, R., 2018b. Classification of malware by using structural entropy on convolutional neural networks. In: IAAI Conference on Artificial Intelligence. pp. 7759-7764. URL https://www.aaai.org/ocs/index.php/AAAI/AAAI18/paper/view/16133
Gibert etal., 2018c D. Gibert C. Mateu J. Planes R. Vicens Using convolutional neural networks for classification of malware represented as images Journal of Computer Virology and Hacking Techniques Aug 2018 10.1007/s11416-_018-_0323-_0 Gibert, D., Mateu, C., Planes, J., Vicens, R., Aug 2018c. Using convolutional neural networks for classification of malware represented as images. Journal of Computer Virology and Hacking Techniques. URL https://doi.org/10.1007/s11416-_018-_0323-_0
Gibert etal., 2019 D. Gibert C. Mateu J. Planes A hierarchical convolutional neural network for malware classification The International Joint Conference on Neural Networks 2019 2019 IEEE 1 8 Gibert, D., Mateu, C., Planes, J., 2019. A hierarchical convolutional neural network for malware classification. In: The International Joint Conference on Neural Networks 2019. IEEE, pp. 1-8.
Gilpin etal., 2018 L.H. Gilpin D. Bau B.Z. Yuan A. Bajwa M. Specter L. Kagal Explaining Explanations: an Approach to Evaluating Interpretability of Machine Learning 2018 CoRR abs/1806.00069 http://arxiv.org/abs/1806.00069 Gilpin, L. H., Bau, D., Yuan, B. Z., Bajwa, A., Specter, M., Kagal, L., 2018. Explaining explanations: An approach to evaluating interpretability of machine learning. CoRR abs/1806.00069. URL http://arxiv.org/abs/1806.00069
Guo etal., 2008 X. Guo Y. Yin C. Dong G. Yang G. Zhou On the class imbalance problem 2008 Fourth International Conference on Natural Computation vol. 4 Oct 2008 192 201 Guo, X., Yin, Y., Dong, C., Yang, G., Zhou, G., Oct 2008. On the class imbalance problem. In: 2008 Fourth International Conference on Natural Computation. Vol. 4. pp. 192-201.
Hall, 1999 M.A. Hall Correlation-based Feature Selection for Machine Learning Ph.D. thesis 1999 The University of Waikato Hall, M. A., 1999. Correlation-based feature selection for machine learning. Ph.D. thesis, The University of Waikato.
Hall etal., 2009 M. Hall E. Frank G. Holmes B. Pfahringer P. Reutemann I.H. Witten The weka data mining software: an update SIGKDD Explor. Newsl. 11 1 Nov. 2009 10 18 10.1145/1656274.1656278 Hall, M., Frank, E., Holmes, G., Pfahringer, B., Reutemann, P., Witten, I. H., Nov. 2009. The weka data mining software: An update. SIGKDD Explor. Newsl. 11 (1), 10-18. URL http://doi.acm.org/10.1145/1656274.1656278
Han etal., 2019a W. Han J. Xue Y. Wang L. Huang Z. Kong L. Mao Maldae: detecting and explaining malware based on correlation and fusion of static and dynamic characteristics Comput. Secur. 83 2019 208 233 http://www.sciencedirect.com/science/article/pii/S016740481831246X Han, W., Xue, J., Wang, Y., Huang, L., Kong, Z., Mao, L., 2019a. Maldae: Detecting and explaining malware based on correlation and fusion of static and dynamic characteristics. Computers & Security 83, 208 - 233. URL http://www.sciencedirect.com/science/article/pii/S016740481831246X
Han etal., 2019b W. Han J. Xue Y. Wang Z. Liu Z. Kong Malinsight: a systematic profiling based malware detection framework J. Netw. Comput. Appl. 125 2019 236 250 http://www.sciencedirect.com/science/article/pii/S1084804518303503 Han, W., Xue, J., Wang, Y., Liu, Z., Kong, Z., 2019b. Malinsight: A systematic profiling based malware detection framework. Journal of Network and Computer Applications 125, 236 - 250. URL http://www.sciencedirect.com/science/article/pii/S1084804518303503
Hassen and Chan, 2017 M. Hassen P.K. Chan Scalable function call graph-based malware classification CODASPY 17 Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy 2017 ACM New York, NY, USA 239 248 10.1145/3029806.3029824 Hassen, M., Chan, P. K., 2017. Scalable function call graph-based malware classification. In: Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy. CODASPY 17. ACM, New York, NY, USA, pp. 239-248. URL http://doi.acm.org/10.1145/3029806.3029824
Hu etal., 2013 X. Hu K.G. Shin S. Bhatkar K. Griffin Mutantx-s: scalable malware clustering based on static features Presented as Part of the 2013 USENIX Annual Technical Conference (USENIX ATC 13) 2013 USENIX San Jose, CA 187 198 https://www.usenix.org/conference/atc13/technical-_sessions/presentation/hu Hu, X., Shin, K. G., Bhatkar, S., Griffin, K., 2013. Mutantx-s: Scalable malware clustering based on static features. In: Presented as part of the 2013 USENIX Annual Technical Conference (USENIX ATC 13). USENIX, San Jose, CA, pp. 187-198. URL https://www.usenix.org/conference/atc13/technical-_sessions/presentation/hu
Huang and Stokes, 2016 W. Huang J.W. Stokes Mtnet: a multi-task neural network for dynamic malware classification Caballero J. Zurutuza U. Rodrguez R.J. Detection of Intrusions and Malware, and Vulnerability Assessment 2016 Springer International Publishing Cham 399 418 Huang, W., Stokes, J. W., 2016. Mtnet: A multi-task neural network for dynamic malware classification. In: Caballero, J., Zurutuza, U., Rodriguez, R. J. (Eds.), Detection of Intrusions and Malware, and Vulnerability Assessment. Springer International Publishing, Cham, pp. 399-418.
Huang etal., 2011 L. Huang A.D. Joseph B. Nelson B.I. Rubinstein J.D. Tygar Adversarial machine learning AISec 11 Proceedings of the 4th ACM Workshop on Security and Artificial Intelligence 2011 ACM New York, NY, USA 43 58 10.1145/2046684.2046692 Huang, L., Joseph, A. D., Nelson, B., Rubinstein, B. I., Tygar, J. D., 2011. Adversarial machine learning. In: Proceedings of the 4th ACM Workshop on Security and Artificial Intelligence. AISec 11. ACM, New York, NY, USA, pp. 43-58. URL http://doi.acm.org/10.1145/2046684.2046692
Huang etal., 2018 A. Huang A. Al-Dujaili E. Hemberg U. O'Reilly Adversarial Deep Learning for Robust Detection of Binary Encoded Malware CoRR abs/1801.02950 2018 http://arxiv.org/abs/1801.02950 Huang, A., Al-Dujaili, A., Hemberg, E., OReilly, U., 2018. Adversarial deep learning for robust detection of binary encoded malware. CoRR abs/1801.02950. URL http://arxiv.org/abs/1801.02950
Indyk and Motwani, 1998 P. Indyk R. Motwani Approximate nearest neighbors: towards removing the curse of dimensionality STOC 98 Proceedings of the Thirtieth Annual ACM Symposium on Theory of Computing 1998 ACM New York, NY, USA 604 613 10.1145/276698.276876 Indyk, P., Motwani, R., 1998. Approximate nearest neighbors: Towards removing the curse of dimensionality. In: Proceedings of the Thirtieth Annual ACM Symposium on Theory of Computing. STOC 98. ACM, New York, NY, USA, pp. 604-613. URL http://doi.acm.org/10.1145/276698.276876
Islam etal., 2013 R. Islam R. Tian L.M. Batten S. Versteeg Classification of malware based on integrated static and dynamic features J. Netw. Comput. Appl. 36 2 2013 646 656 http://www.sciencedirect.com/science/article/pii/S1084804512002214 Islam, R., Tian, R., Batten, L. M., Versteeg, S., 2013. Classification of malware based on integrated static and dynamic features. Journal of Network and Computer Applications 36 (2), 646 - 656. URL http://www.sciencedirect.com/science/article/pii/S1084804512002214
Jain and Meena, 2011 S. Jain Y.K. Meena Byte level ngram analysis for malware detection Venugopal K.R. Patnaik L.M. Computer Networks and Intelligent Computing 2011 Springer Berlin Heidelberg Berlin, Heidelberg 51 59 Jain, S., Meena, Y. K., 2011. Byte level n-gram analysis for malware detection. In: Venugopal, K. R., Patnaik, L. M. (Eds.), Computer Networks and Intelligent Computing. Springer Berlin Heidelberg, Berlin, Heidelberg, pp. 51-59.
Japkowicz and Stephen, 2002 N. Japkowicz S. Stephen The class imbalance problem: a systematic study Intell. Data Anal. 2002 429 449 Japkowicz, N., Stephen, S., 2002. The class imbalance problem: A systematic study. Intelligent Data Analysis, 429-449.
Jordaney etal., 2017 R. Jordaney K. Sharad S.K. Dash Z. Wang D. Papini I. Nouretdinov L. Cavallaro Transcend: detecting concept drift in malware classification models 26th USENIX Security Symposium (USENIX Security 17) Aug. 2017 USENIX Association Vancouver, BC 625 642 https://www.usenix.org/conference/usenixsecurity17/technical-_sessions/presentation/jordaney Jordaney, R., Sharad, K., Dash, S. K., Wang, Z., Papini, D., Nouretdinov, I., Cavallaro, L., Aug. 2017. Transcend: Detecting concept drift in malware classification models. In: 26th USENIX Security Symposium (USENIX Security 17). USENIX Association, Vancouver, BC, pp. 625-642. URL https://www.usenix.org/conference/usenixsecurity17/technical-_sessions/presentation/jordaney
Kancherla etal., 2013 K. Kancherla S. Mukkamala Image visualization based malware detection 2013 IEEE Symposium on Computational Intelligence in Cyber Security (CICS) April 2013 40 44 Kancherla, K., Mukkamala, S., April 2013. Image visualization based malware detection. In: 2013 IEEE Symposium on Computational Intelligence in Cyber Security (CICS). pp. 40-44.
Kantchelian etal., 2013 A. Kantchelian S. Afroz L. Huang A.C. Islam B. Miller M.C. Tschantz R. Greenstadt A.D. Joseph J.D. Tygar Approaches to adversarial drift AISec 13 Proceedings of the 2013 ACM Workshop on Artificial Intelligence and Security 2013 ACM New York, NY, USA 99 110 10.1145/2517312.2517320 Kantchelian, A., Afroz, S., Huang, L., Islam, A. C., Miller, B., Tschantz, M. C., Greenstadt, R., Joseph, A. D., Tygar, J. D., 2013. Approaches to adversarial drift. In: Proceedings of the 2013 ACM Workshop on Artificial Intelligence and Security. AISec 13. ACM, New York, NY, USA, pp. 99-110. URL http://doi.acm.org/10.1145/2517312.2517320
Kheir, 2013 N. Kheir Behavioral classification and detection of malware through http user agent anomalies Journal of Information Security and Applications 18 1 2013 2 13 sETOP2012 and FPS2012 Special Issue http://www.sciencedirect.com/science/article/pii/S2214212613000331 Kheir, N., 2013. Behavioral classification and detection of malware through http user agent anomalies. Journal of Information Security and Applications 18 (1), 2 - 13, sETOP2012 and FPS2012 Special Issue. URL http://www.sciencedirect.com/science/article/pii/S2214212613000331
Kinable etal., 2011 J. Kinable O. Kostakis Malware classification based on call graph clustering J. Comput. Virol. 7 4 Nov 2011 233 245 10.1007/s11416-_011-_0151-_y Kinable, J., Kostakis, O., Nov 2011. Malware classification based on call graph clustering. Journal in Computer Virology 7 (4), 233-245. URL https://doi.org/10.1007/s11416-_011-_0151-_y
Kolias etal., 2017 C. Kolias G. Kambourakis A. Stavrou J. Voas Ddos in the iot: Mirai and other botnets Computer 50 7 2017 80 84 Kolias, C., Kambourakis, G., Stavrou, A., Voas, J., 2017. Ddos in the iot: Mirai and other botnets. Computer 50 (7), 80-84.
Kolosnjaji etal., 2016 B. Kolosnjaji A. Zarras G. Webster C. Eckert Deep learning for classification of malware system call sequences Kang B.H. Bai Q. AI 2016: Advances in Artificial Intelligence 2016 Springer International Publishing Cham 137 149 Kolosnjaji, B., Zarras, A., Webster, G., Eckert, C., 2016. Deep learning for classification of malware system call sequences. In: Kang, B. H., Bai, Q. (Eds.), AI 2016: Advances in Artificial Intelligence. Springer International Publishing, Cham, pp. 137-149.
Kolosnjaji etal., 2017 B. Kolosnjaji G. Eraisha G. Webster A. Zarras C. Eckert Empowering convolutional networks for malware classification and analysis 2017 International Joint Conference on Neural Networks (IJCNN) May 2017 3838 3845 Kolosnjaji, B., Eraisha, G., Webster, G., Zarras, A., Eckert, C., May 2017. Empowering convolutional networks for malware classification and analysis. In: 2017 International Joint Conference on Neural Networks (IJCNN). pp. 3838-3845.
Konopisky, 2018 D. Konopisky Malware Detection in Application Based on Presence of Computer Generated Strings 10 2018 https://patentscope.wipo.int/search/en/detail.jsf?docIdWO2018177602&tabPCTBIBLIO&queryString&recNum29&maxRec71152078 Konopisky, D., 10 2018. Malware detection in application based on presence of computer generated strings. URL https://patentscope.wipo.int/search/en/detail.jsf?docIdWO2018177602\&tabPCTBIBLIO\&queryString\&recNum29\&maxRec71152078
Krl etal., 2018 M. Krl O. vec M. Blek O. Jaek Deep Convolutional Malware Classifiers Can Learn from Raw Executables and Labels Only 2018 https://openreview.net/forum?idHkHrmM1PM Krcal, M., Svec, O., Balek, M., Jasek, O., 2018. Deep convolutional malware classifiers can learn from raw executables and labels only. URL https://openreview.net/forum?idHkHrmM1PM
Kumar etal., 2019 N. Kumar S. Mukhopadhyay M. Gupta A. Handa K.S Shukla Malware classification using early stage behavioral analysis 2019 14th Asia Joint Conference on Information Security (AsiaJCIS) Aug 2019 16 23 Kumar, N., Mukhopadhyay, S., Gupta, M., Handa, A., K. Shukla, S., Aug 2019. Malware classification using early stage behavioral analysis. In: 2019 14th Asia Joint Conference on Information Security (AsiaJCIS). pp. 16-23.
Lee etal., 2011 J. Lee C. Im H. Jeong A study of malware detection and classification by comparing extracted strings ICUIMC 11 Proceedings of the 5th International Conference on Ubiquitous Information Management and Communication 2011 ACM New York, NY, USA 75 10.1145/1968613.1968704 175:4 Lee, J., Im, C., Jeong, H., 2011. A study of malware detection and classification by comparing extracted strings. In: Proceedings of the 5th International Conference on Ubiquitous Information Management and Communication. ICUIMC 11. ACM, New York, NY, USA, pp. 75:1-75:4. URL http://doi.acm.org/10.1145/1968613.1968704
Lehman, 1996 M.M. Lehman Laws of software evolution revisited Montangero C. Software Process Technology 1996 Springer Berlin Heidelberg Berlin, Heidelberg 108 124 Lehman, M. M., 1996. Laws of software evolution revisited. In: Montangero, C. (Ed.), Software Process Technology. Springer Berlin Heidelberg, Berlin, Heidelberg, pp. 108-124.
Ligh etal., 2010 M. Ligh S. Adair B. Hartstein M. Richard Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code 2010 Wiley Publishing Ligh, M., Adair, S., Hartstein, B., Richard, M., 2010. Malware Analysts Cookbook and DVD: Tools and Techniques for Fighting Malicious Code. Wiley Publishing.
Lyda etal., 2007 R. Lyda J. Hamrock Using entropy analysis to find encrypted and packed malware IEEE Security Privacy 5 2 March 2007 40 45 Lyda, R., Hamrock, J., March 2007. Using entropy analysis to find encrypted and packed malware. IEEE Security Privacy 5 (2), 40-45.
Maiorca etal., 2019 D. Maiorca B. Biggio G. Giacinto Towards adversarial malware detection: lessons learned from pdf-based attacks ACM Comput. Surv. 52 4 Aug. 2019 10.1145/3332184 78:178:36 Maiorca, D., Biggio, B., Giacinto, G., Aug. 2019. Towards adversarial malware detection: Lessons learned from pdf-based attacks. ACM Comput. Surv. 52 (4), 78:1-78:36. URL http://doi.acm.org/10.1145/3332184
Mohaisen and Alrawi, 2013 A. Mohaisen O. Alrawi Unveiling zeus: automated classification of malware samples Proceedings of the 22Nd International Conference on World Wide Web. WWW 13 Companion 2013 ACM New York, NY, USA 829 832 10.1145/2487788.2488056 Mohaisen, A., Alrawi, O., 2013. Unveiling zeus: Automated classification of malware samples. In: Proceedings of the 22Nd International Conference on World Wide Web. WWW 13 Companion. ACM, New York, NY, USA, pp. 829-832. URL http://doi.acm.org/10.1145/2487788.2488056
Mohaisen etal., 2015 A. Mohaisen O. Alrawi M. Mohaisen Amal: high-fidelity, behavior-based automated malware analysis and classification Comput. Secur. 52 2015 251 266 http://www.sciencedirect.com/science/article/pii/S0167404815000425 Mohaisen, A., Alrawi, O., Mohaisen, M., 2015. Amal: High-fidelity, behavior-based automated malware analysis and classification. Computers & Security 52, 251 - 266. URL http://www.sciencedirect.com/science/article/pii/S0167404815000425
Monnappa, 2018 Monnappa Learning Malware Analysis: Explore the Concepts, Tools, and Techniques to Analyze and Investigate Windows Malware 2018 Packt Publishing Monnappa, 2018. Learning Malware Analysis: Explore the concepts, tools, and techniques to analyze and investigate Windows malware. Packt Publishing.
Moser etal., 2007 A. Moser C. Kruegel E. Kirda Limits of static analysis for malware detection Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007) Dec 2007 421 430 Moser, A., Kruegel, C., Kirda, E., Dec 2007. Limits of static analysis for malware detection. In: Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007). pp. 421-430.
Moskovitch etal., 2008 R. Moskovitch D. Stopel C. Feher N. Nissim Y. Elovici Unknown malcode detection via text categorization and the imbalance problem 2008 IEEE International Conference on Intelligence and Security Informatics June 2008 156 161 Moskovitch, R., Stopel, D., Feher, C., Nissim, N., Elovici, Y., June 2008. Unknown malcode detection via text categorization and the imbalance problem. In: 2008 IEEE International Conference on Intelligence and Security Informatics. pp. 156-161.
Nataraj etal., 2011 L. Nataraj S. Karthikeyan G. Jacob B.S. Manjunath Malware images: visualization and automatic classification VizSec 11 Proceedings of the 8th International Symposium on Visualization for Cyber Security 2011 ACM New York, NY, USA 10.1145/2016904.2016908 pp. 4:14:7 Nataraj, L., Karthikeyan, S., Jacob, G., Manjunath, B. S., 2011. Malware images: Visualization and automatic classification. In: Proceedings of the 8th International Symposium on Visualization for Cyber Security. VizSec 11. ACM, New York, NY, USA, pp. 4:1-4:7. URL http://doi.acm.org/10.1145/2016904.2016908
OKane etal., 2011 P. OKane S. Sezer K. McLaughlin Obfuscation: the hidden malware IEEE Security Privacy 9 5 Sept 2011 41 47 OKane, P., Sezer, S., McLaughlin, K., Sept 2011. Obfuscation: The hidden malware. IEEE Security Privacy 9 (5), 41-47.
on Cybersecurity for the 44th Presidency, 2010 on Cybersecurity for the 44th Presidency, C. C., Langevin, J., Lewis, J., for Strategic, C., International Studies (Washington, D A Human Capital Crisis in Cybersecurity: Technical Proficiency Matters a White Paper of the CSIS Commission on Cybersecurity for the 44th Presidency. Center for Strategic and International Studies 2010 https://books.google.es/books?idZa-_MnQAACAAJ on Cybersecurity for the 44th Presidency, C. C., Langevin, J., Lewis, J., for Strategic, C., International Studies (Washington, D., 2010. A Human Capital Crisis in Cybersecurity: Technical Proficiency Matters: a White Paper of the CSIS Commission on Cybersecurity for the 44th Presidency. Center for Strategic and International Studies. URL https://books.google.es/books?idZa-_MnQAACAAJ
Okane etal., 2016 P. Okane S. Sezer K. McLaughlin May Detecting obfuscated malware using reduced opcode set and optimised runtime trace Security Informatics 5 1 2016 2 10.1186/s13388-_016-_0027-_2 Okane, P., Sezer, S., McLaughlin, K., May 2016. Detecting obfuscated malware using reduced opcode set and optimised runtime trace. Security Informatics 5 (1), 2. URL https://doi.org/10.1186/s13388-_016-_0027-_2
Pekta and Acarman, 2017 A. Pekta T. Acarman Classification of malware families based on runtime behaviors Journal of Information Security and Applications 37 2017 91 100 http://www.sciencedirect.com/science/article/pii/S2214212617301643 Pektas, A., Acarman, T., 2017. Classification of malware families based on runtime behaviors. Journal of Information Security and Applications 37, 91 - 100. URL http://www.sciencedirect.com/science/article/pii/S2214212617301643
Perdisci and Wenke Lee, 2015 Roberto Perdisci G.O. Wenke Lee Method and System for Network-Based Detecting of Malware from Behavioral Clustering 01 2015 https://patentimages.storage.googleapis.com/42/60/cd/37786f1ef6be24/US20150026808A1.pdf Roberto Perdisci, Wenke Lee, G. O., 01 2015. Method and system for network-based detecting of malware from behavioral clustering. URL https://patentimages.storage.googleapis.com/42/60/cd/37786f1ef6be24/US20150026808A1.pdf
Prasse etal., 2017 P. Prasse L. Machlica T. Pevn J. Havelka T. Scheffer Malware detection by analysing encrypted network traffic with neural networks Ceci M. Hollmn J. Todorovski L. Vens C. Deroski S. Machine Learning and Knowledge Discovery in Databases 2017 Springer International Publishing Cham 73 88 Prasse, P., Machlica, L., Pevny, T., Havelka, J., Scheffer, T., 2017. Malware detection by analysing encrypted network traffic with neural networks. In: Ceci, M., Hollmen, J., Todorovski, L., Vens, C., Dzeroski, S. (Eds.), Machine Learning and Knowledge Discovery in Databases. Springer International Publishing, Cham, pp. 73-88.
Raff etal., 2018a E. Raff J. Barker J. Sylvester R. Brandon B. Catanzaro C.K. Nicholas Malware detection by eating a whole EXE The Workshops of the the Thirty-Second AAAI Conference on Artificial Intelligence, New Orleans, Louisiana, USA, February 2-7, 2018 2018 268 276 https://aaai.org/ocs/index.php/WS/AAAIW18/paper/view/16422 Raff, E., Barker, J., Sylvester, J., Brandon, R., Catanzaro, B., Nicholas, C. K., 2018a. Malware detection by eating a whole EXE. In: The Workshops of the The Thirty-Second AAAI Conference on Artificial Intelligence, New Orleans, Louisiana, USA, February 2-7, 2018. pp. 268-276. URL https://aaai.org/ocs/index.php/WS/AAAIW18/paper/view/16422
Raff etal., 2018b E. Raff R. Zak R. Cox J. Sylvester P. Yacci R. Ward A. Tracy M. McLean C. Nicholas Feb An investigation of byte n-gram features for malware classification Journal of Computer Virology and Hacking Techniques 14 1 2018 1 20 10.1007/s11416-_016-_0283-_1 Raff, E., Zak, R., Cox, R., Sylvester, J., Yacci, P., Ward, R., Tracy, A., McLean, M., Nicholas, C., Feb 2018b. An investigation of byte n-gram features for malware classification. Journal of Computer Virology and Hacking Techniques 14 (1), 1-20. URL https://doi.org/10.1007/s11416-_016-_0283-_1
Razak etal., 2016 M.F.A. Razak N.B. Anuar R. Salleh A. Firdaus The rise of malware: bibliometric analysis of malware study J. Netw. Comput. Appl. 75 2016 58 76 http://www.sciencedirect.com/science/article/pii/S1084804516301904 Razak, M. F. A., Anuar, N. B., Salleh, R., Firdaus, A., 2016. The rise of malware: Bibliometric analysis of malware study. Journal of Network and Computer Applications 75, 58 - 76. URL http://www.sciencedirect.com/science/article/pii/S1084804516301904
Rezende etal., 2017 E. Rezende G. Ruppert T. Carvalho F. Ramos P. de Geus Malicious software classification using transfer learning of resnet-50 deep neural network 2017 16th IEEE International Conference on Machine Learning and Applications (ICMLA) Dec 2017 1011 1014 Rezende, E., Ruppert, G., Carvalho, T., Ramos, F., de Geus, P., Dec 2017. Malicious software classification using transfer learning of resnet-50 deep neural network. In: 2017 16th IEEE International Conference on Machine Learning and Applications (ICMLA). pp. 1011-1014.
Rhode etal., 2019 M. Rhode L. Tuson P. Burnap K. Jones Lab to soc: robust features for dynamic malware detection 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Industry Track June 2019 13 16 Rhode, M., Tuson, L., Burnap, P., Jones, K., June 2019. Lab to soc: Robust features for dynamic malware detection. In: 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Industry Track. pp. 13-16.
Rieck etal., 2011 K. Rieck P. Trinius C. Willems T. Holz Automatic analysis of malware behavior using machine learning J. Comput. Secur. 19 4 Dec. 2011 639 668 http://dl.acm.org/citation.cfm?id2011216.2011217 Rieck, K., Trinius, P., Willems, C., Holz, T., Dec. 2011. Automatic analysis of malware behavior using machine learning. J. Comput. Secur. 19 (4), 639-668. URL http://dl.acm.org/citation.cfm?id2011216.2011217
Ronen etal., 2018 R. Ronen M. Radu C. Feuerstein E. Yom-Tov M. Ahmadi Microsoft malware classification challenge ArXiv e-prints Feb. 2018 Ronen, R., Radu, M., Feuerstein, C., Yom-Tov, E., Ahmadi, M., Feb. 2018. Microsoft Malware Classification Challenge. ArXiv e-prints.
Salehi etal., 2017 Z. Salehi A. Sami M. Ghiasi Maar: robust features to detect malicious activity based on api calls, their arguments and return values Eng. Appl. Artif. Intell. 59 2017 93 102 http://www.sciencedirect.com/science/article/pii/S0952197616302512 Salehi, Z., Sami, A., Ghiasi, M., 2017. Maar: Robust features to detect malicious activity based on api calls, their arguments and return values. Engineering Applications of Artificial Intelligence 59, 93 - 102. URL http://www.sciencedirect.com/science/article/pii/S0952197616302512
Sami etal., 2010 A. Sami B. Yadegari H. Rahimi N. Peiravian S. Hashemi A. Hamze Malware detection based on mining api calls Proceedings of the 2010 ACM Symposium on Applied Computing. SAC 10 2010 ACM New York, NY, USA 1020 1025 10.1145/1774088.1774303 Sami, A., Yadegari, B., Rahimi, H., Peiravian, N., Hashemi, S., Hamze, A., 2010. Malware detection based on mining api calls. In: Proceedings of the 2010 ACM Symposium on Applied Computing. SAC 10. ACM, New York, NY, USA, pp. 1020-1025. URL http://doi.acm.org/10.1145/1774088.1774303
Santos etal., 2013 I. Santos F. Brezo X. Ugarte-Pedrero P.G. Bringas Opcode sequences as representation of executables for data-mining-based unknown malware detection Inf. Sci. 231 2013 64 82 data Mining for Information Security http://www.sciencedirect.com/science/article/pii/S0020025511004336 Santos, I., Brezo, F., Ugarte-Pedrero, X., Bringas, P. G., 2013. Opcode sequences as representation of executables for data-mining-based unknown malware detection. Information Sciences 231, 64 - 82, data Mining for Information Security. URL http://www.sciencedirect.com/science/article/pii/S0020025511004336
Saxe etal., 2015 J. Saxe K. Berlin Deep neural network based malware detection using two dimensional binary program features 2015 10th International Conference on Malicious and Unwanted Software (MALWARE) Oct 2015 11 20 Saxe, J., Berlin, K., Oct 2015. Deep neural network based malware detection using two dimensional binary program features. In: 2015 10th International Conference on Malicious and Unwanted Software (MALWARE). pp. 11-20.
Shabtai etal., 2009 A. Shabtai R. Moskovitch Y. Elovici C. Glezer Detection of Malicious Code by Applying Machine Learning Classifiers on Static Features: A State-Of-The-Art Survey. Information Security Technical Report 14 (1) 2009 16 29 malware http://www.sciencedirect.com/science/article/pii/S1363412709000041 Shabtai, A., Moskovitch, R., Elovici, Y., Glezer, C., 2009. Detection of malicious code by applying machine learning classifiers on static features: A state-of-the-art survey. Information Security Technical Report 14 (1), 16 - 29, malware. URL http://www.sciencedirect.com/science/article/pii/S1363412709000041
Shabtai etal., 2012 A. Shabtai R. Moskovitch C. Feher S. Dolev Y. Elovici Feb Detecting unknown malicious code by applying classification techniques on opcode patterns Security Informatics 1 1 2012 1 10.1186/2190-_8532-_1-_1 Shabtai, A., Moskovitch, R., Feher, C., Dolev, S., Elovici, Y., Feb 2012. Detecting unknown malicious code by applying classification techniques on opcode patterns. Security Informatics 1 (1), 1. URL https://doi.org/10.1186/2190-_8532-_1-_1
Shirataki and Yamaguchi, 2017 S. Shirataki S. Yamaguchi A study on interpretability of decision of machine learning 2017 IEEE International Conference on Big Data (Big Data) Dec 2017 4830 4831 Shirataki, S., Yamaguchi, S., Dec 2017. A study on interpretability of decision of machine learning. In: 2017 IEEE International Conference on Big Data (Big Data). pp. 4830-4831.
Sikorski and Honig, 2012 M. Sikorski A. Honig Practical Malware Analysis: the Hands-On Guide to Dissecting Malicious Software first ed. 2012 No Starch Press San Francisco, CA, USA Sikorski, M., Honig, A., 2012. Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software, 1st Edition. No Starch Press, San Francisco, CA, USA.
Snort, 2015 Snort Snort Network Intrusion Detection System Tech. rep., Snort. 2015 https://www.snort.org/ Snort, 2015. Snort network intrusion detection system. Tech. rep., Snort. URL https://www.snort.org/
Sorokin and Jun, 2011 I. Sorokin Comparing files using structural entropy J. Comput. Virol. 7 4 Jun 2011 259 10.1007/s11416-_011-_0153-_9 Sorokin, I., Jun 2011. Comparing files using structural entropy. Journal in Computer Virology 7 (4), 259. URL https://doi.org/10.1007/s11416-_011-_0153-_9
Souri etal., 2018 A. Souri R. Hosseini A state-of-the-art survey of malware detection approaches using data mining techniques Human-centric Computing and Information Sciences 8 1 Jan 2018 3 10.1186/s13673-_018-_0125-_x Souri, A., Hosseini, R., Jan 2018. A state-of-the-art survey of malware detection approaches using data mining techniques. Human-centric Computing and Information Sciences 8 (1), 3. URL https://doi.org/10.1186/s13673-_018-_0125-_x
Storlie etal., 2014 C. Storlie B. Anderson S. Wiel D. Quist C. Hash N. Brown Stochastic identification of malware with dynamic traces Ann. Appl. Stat. 8 1 2014 1 18 Storlie, C., Anderson, B., Wiel, S., Quist, D., Hash, C., Brown, N., 2014. Stochastic identification of malware with dynamic traces. Annals of Applied Statistics 8 (1), 1-18.
Suciu etal., 2018 O. Suciu S.E. Coull J. Johns Exploring Adversarial Examples in Malware Detection CoRR abs/1810.08280 2018 http://arxiv.org/abs/1810.08280 Suciu, O., Coull, S. E., Johns, J., 2018. Exploring adversarial examples in malware detection. CoRR abs/1810.08280. URL http://arxiv.org/abs/1810.08280
Ucci etal., 2019 D. Ucci L. Aniello R. Baldoni Survey of machine learning techniques for malware analysis Comput. Secur. 81 2019 123 147 http://www.sciencedirect.com/science/article/pii/S0167404818303808 Ucci, D., Aniello, L., Baldoni, R., 2019. Survey of machine learning techniques for malware analysis. Computers & Security 81, 123 - 147. URL http://www.sciencedirect.com/science/article/pii/S0167404818303808
Uppal etal., 2014 D. Uppal R. Sinha V. Mehra V. Jain Malware detection and classification based on extraction of api sequences 2014 International Conference on Advances in Computing, Communications and Informatics (ICACCI) Sep. 2014 2337 2342 Uppal, D., Sinha, R., Mehra, V., Jain, V., Sep. 2014. Malware detection and classification based on extraction of api sequences. In: 2014 International Conference on Advances in Computing, Communications and Informatics (ICACCI). pp. 2337-2342.
VirusShare, 2011 VirusShare Vxshare 2011 https://virusshare.com/ VirusShare, 2011. Vxshare. URL https://virusshare.com/
Wojnowicz etal., 2016 M. Wojnowicz G. Chisholm M. Wolff X. Zhao Wavelet decomposition of software entropy reveals symptoms of malicious code Journal of Innovation in Digital Ecosystems 3 2 2016 130 140 http://www.sciencedirect.com/science/article/pii/S2352664516300220 Wojnowicz, M., Chisholm, G., Wolff, M., Zhao, X., 2016. Wavelet decomposition of software entropy reveals symptoms of malicious code. Journal of Innovation in Digital Ecosystems 3 (2), 130 - 140. URL http://www.sciencedirect.com/science/article/pii/S2352664516300220
Yan etal., 2003 X. Yan J. Han R. Afshar Clospan: mining closed sequential patterns in large datasets Proceedings of the 2003 SIAM International Conference on Data Mining 2003 166 177 Yan, X., Han, J., Afshar, R., 2003. Clospan: Mining closed sequential patterns in large datasets. In: Proceedings of the 2003 SIAM International Conference on Data Mining. pp. 166-177.
Ye etal., 2008b Y. Ye D. Wang T. Li D. Ye Q. Jiang An intelligent pe-malware detection system based on association mining J. Comput. Virol. 4 4 Nov 2008 323 334 10.1007/s11416-_008-_0082-_4 Ye, Y., Wang, D., Li, T., Ye, D., Jiang, Q., Nov 2008b. An intelligent pe-malware detection system based on association mining. Journal in Computer Virology 4 (4), 323-334. URL https://doi.org/10.1007/s11416-_008-_0082-_4
Ye etal., 2017 Y. Ye T. Li D. Adjeroh S.S. Iyengar A survey on malware detection using data mining techniques ACM Comput. Surv. 50 3 Jun 2017 10.1145/3073559 41:141:40 Ye, Y., Li, T., Adjeroh, D., Iyengar, S. S., Jun. 2017. A survey on malware detection using data mining techniques. ACM Comput. Surv. 50 (3), 41:1-41:40. URL http://doi.acm.org/10.1145/3073559
Ye etal., 2008a Y. Ye L. Chen D. Wang T. Li Q. Jiang M. Zhao Sbmds: an interpretable string based malware detection system using svm ensemble with bagging J. Comput. Virol. 5 4 Nov 2008 283 10.1007/s11416-_008-_0108-_y Ye, Y., Chen, L., Wang, D., Li, T., Jiang, Q., Zhao, M., Nov 2008a. Sbmds: an interpretable string based malware detection system using svm ensemble with bagging. Journal in Computer Virology 5 (4), 283. URL https://doi.org/10.1007/s11416-_008-_0108-_y
You etal., 2010 I. You K. Yim Malware obfuscation techniques: a brief survey 2010 International Conference on Broadband, Wireless Computing, Communication and Applications Nov 2010 297 300 You, I., Yim, K., Nov 2010. Malware obfuscation techniques: A brief survey. In: 2010 International Conference on Broadband, Wireless Computing, Communication and Applications. pp. 297-300.
Yuval Nativ, 2015 L.L. Yuval Nativ 5fingers The zoo https://github.com/ytisf/theZoo 2015 Yuval Nativ, L. L., 5fingers, 2015. The zoo. URL https://github.com/ytisf/theZoo
Yuxin etal., 2019 D. Yuxin Z. Siyi Malware detection based on deep learning algorithm Neural Comput. Appl. 31 2 Feb 2019 461 472 10.1007/s00521-_017-_3077-_6 Yuxin, D., Siyi, Z., Feb 2019. Malware detection based on deep learning algorithm. Neural Computing and Applications 31 (2), 461-472. URL https://doi.org/10.1007/s00521-_017-_3077-_6
Zhang etal., 2015 X. Zhang J. Zhao Y. LeCun Character-level convolutional networks for text classification Proceedings of the 28th International Conference on Neural Information Processing Systems ume 1 2015 MIT Press Cambridge, MA, USA 649 657 NIPS15 http://dl.acm.org/citation.cfm?id2969239.2969312 Zhang, X., Zhao, J., LeCun, Y., 2015. Character-level convolutional networks for text classification. In: Proceedings of the 28th International Conference on Neural Information Processing Systems - Volume 1. NIPS15. MIT Press, Cambridge, MA, USA, pp. 649-657. URL http://dl.acm.org/citation.cfm?id2969239.2969312
Zhao etal., 2015 G. Zhao K. Xu L. Xu B. Wu Detecting apt malware infections based on malicious dns and traffic analysis IEEE Access 3 2015 1132 1142 Zhao, G., Xu, K., Xu, L., Wu, B., 2015. Detecting apt malware infections based on malicious dns and traffic analysis. IEEE Access 3, 1132-1142.