• 文献检索
  • 文档翻译
  • 深度研究
  • 学术资讯
  • Suppr Zotero 插件Zotero 插件
  • 邀请有礼
  • 套餐&价格
  • 历史记录
应用&插件
Suppr Zotero 插件Zotero 插件浏览器插件Mac 客户端Windows 客户端微信小程序
定价
高级版会员购买积分包购买API积分包
服务
文献检索文档翻译深度研究API 文档MCP 服务
关于我们
关于 Suppr公司介绍联系我们用户协议隐私条款
关注我们

Suppr 超能文献

核心技术专利:CN118964589B侵权必究
粤ICP备2023148730 号-1Suppr @ 2026

文献检索

告别复杂PubMed语法,用中文像聊天一样搜索,搜遍4000万医学文献。AI智能推荐,让科研检索更轻松。

立即免费搜索

文件翻译

保留排版,准确专业,支持PDF/Word/PPT等文件格式,支持 12+语言互译。

免费翻译文档

深度研究

AI帮你快速写综述,25分钟生成高质量综述,智能提取关键信息,辅助科研写作。

立即免费体验

ZeVigilante:利用机器学习和沙盒分析技术检测零日恶意软件。

ZeVigilante: Detecting Zero-Day Malware Using Machine Learning and Sandboxing Analysis Techniques.

机构信息

Saudi Aramco Cybersecurity Chair, Dhahran, Saudi Arabia.

Department of Networks and Communications, College of Computer Science and Information Technology (CCSIT), Imam Abdulrahman Bin Faisal University, P.O. Box 1982, Dammam 31441, Saudi Arabia.

出版信息

Comput Intell Neurosci. 2022 May 9;2022:1615528. doi: 10.1155/2022/1615528. eCollection 2022.

DOI:10.1155/2022/1615528
PMID:35586085
原文链接:https://pmc.ncbi.nlm.nih.gov/articles/PMC9110140/
Abstract

For the enormous growth and the hysterical impact of undocumented malicious software, otherwise known as Zero-Day malware, specialized practices were joined to implement systems capable of detecting these kinds of software to avert possible disastrous consequences. Owing to the nature of developed Zero-Day malware, distinct evasion tactics are used to remain stealth. Hence, there is a need for advance investigations of the methods that can identify such kind of malware. Machine learning (ML) is among the promising techniques for such type of predictions, while the sandbox provides a safe environment for such experiments. After thorough literature review, carefully chosen ML techniques are proposed for the malware detection, under Cuckoo sandboxing (CS) environment. The proposed system is coined as Zero-Day Vigilante (ZeVigilante) to detect the malware considering both static and dynamic analyses. We used adequate datasets for both analyses incorporating sufficient samples in contrast to other studies. Consequently, the processed datasets are used to train and test several ML classifiers including Random Forest (RF), Neural Networks (NN), Decision Tree (DT), k-Nearest Neighbor (kNN), Naïve Bayes (NB), and Support Vector Machine (SVM). It is observed that RF achieved the best accuracy for both static and dynamic analyses, 98.21% and 98.92%, respectively.

摘要

由于未记录的恶意软件(也称为零日恶意软件)的巨大增长和歇斯底里的影响,专门的实践被加入进来,以实施能够检测这些软件的系统,以避免可能的灾难性后果。由于开发的零日恶意软件的性质,使用了不同的规避策略来保持隐蔽。因此,需要对可以识别此类恶意软件的方法进行预先调查。机器学习 (ML) 是此类预测的有前途的技术之一,而沙盒为此类实验提供了安全的环境。在彻底的文献回顾之后,在 Cuckoo 沙盒 (CS) 环境下为恶意软件检测提出了精心挑选的 ML 技术。该系统被称为零日 vigilant (ZeVigilante),用于同时考虑静态和动态分析来检测恶意软件。与其他研究相比,我们在两种分析中都使用了足够的数据集,包含了足够的样本。因此,处理后的数据集用于训练和测试几种 ML 分类器,包括随机森林 (RF)、神经网络 (NN)、决策树 (DT)、k-最近邻 (kNN)、朴素贝叶斯 (NB) 和支持向量机 (SVM)。观察到 RF 在静态和动态分析中分别实现了最佳的准确性,分别为 98.21%和 98.92%。

https://cdn.ncbi.nlm.nih.gov/pmc/blobs/6f9e/9110140/099ace997f1e/CIN2022-1615528.005.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/6f9e/9110140/b5a91a91f6f9/CIN2022-1615528.001.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/6f9e/9110140/1359bd115d8a/CIN2022-1615528.002.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/6f9e/9110140/2681324a56dc/CIN2022-1615528.003.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/6f9e/9110140/6615786dbc62/CIN2022-1615528.004.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/6f9e/9110140/099ace997f1e/CIN2022-1615528.005.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/6f9e/9110140/b5a91a91f6f9/CIN2022-1615528.001.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/6f9e/9110140/1359bd115d8a/CIN2022-1615528.002.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/6f9e/9110140/2681324a56dc/CIN2022-1615528.003.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/6f9e/9110140/6615786dbc62/CIN2022-1615528.004.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/6f9e/9110140/099ace997f1e/CIN2022-1615528.005.jpg

相似文献

1
ZeVigilante: Detecting Zero-Day Malware Using Machine Learning and Sandboxing Analysis Techniques.ZeVigilante:利用机器学习和沙盒分析技术检测零日恶意软件。
Comput Intell Neurosci. 2022 May 9;2022:1615528. doi: 10.1155/2022/1615528. eCollection 2022.
2
Evaluation of Machine Learning Algorithms for Malware Detection.机器学习算法在恶意软件检测中的评估。
Sensors (Basel). 2023 Jan 13;23(2):946. doi: 10.3390/s23020946.
3
Artificial Intelligence Algorithms for Malware Detection in Android-Operated Mobile Devices.人工智能算法在安卓操作系统移动设备中的恶意软件检测。
Sensors (Basel). 2022 Mar 15;22(6):2268. doi: 10.3390/s22062268.
4
An Insight into the Machine-Learning-Based Fileless Malware Detection.基于机器学习的无文件恶意软件检测的深入分析。
Sensors (Basel). 2023 Jan 5;23(2):612. doi: 10.3390/s23020612.
5
Detection of Android Malware in the Internet of Things through the K-Nearest Neighbor Algorithm.通过K近邻算法检测物联网中的安卓恶意软件。
Sensors (Basel). 2023 Aug 18;23(16):7256. doi: 10.3390/s23167256.
6
Windows malware detection based on static analysis with multiple features.基于多特征静态分析的Windows恶意软件检测
PeerJ Comput Sci. 2023 Apr 21;9:e1319. doi: 10.7717/peerj-cs.1319. eCollection 2023.
7
Enhancing the security of patients' portals and websites by detecting malicious web crawlers using machine learning techniques.利用机器学习技术检测恶意网络爬虫,增强患者门户和网站的安全性。
Int J Med Inform. 2019 Dec;132:103976. doi: 10.1016/j.ijmedinf.2019.103976. Epub 2019 Sep 25.
8
Zero-Day Malware Detection and Effective Malware Analysis Using Shapley Ensemble Boosting and Bagging Approach.零日恶意软件检测与 Shapley 集成提升和装袋方法在恶意软件分析中的有效应用。
Sensors (Basel). 2022 Apr 6;22(7):2798. doi: 10.3390/s22072798.
9
A static analysis approach for Android permission-based malware detection systems.基于静态分析的 Android 权限型恶意软件检测系统。
PLoS One. 2021 Sep 30;16(9):e0257968. doi: 10.1371/journal.pone.0257968. eCollection 2021.
10
A Study on ML-Based Software Defect Detection for Security Traceability in Smart Healthcare Applications.基于机器学习的软件缺陷检测在智能医疗保健应用中的安全性可追踪性研究。
Sensors (Basel). 2023 Mar 26;23(7):3470. doi: 10.3390/s23073470.

引用本文的文献

1
Windows malware detection based on static analysis with multiple features.基于多特征静态分析的Windows恶意软件检测
PeerJ Comput Sci. 2023 Apr 21;9:e1319. doi: 10.7717/peerj-cs.1319. eCollection 2023.