One of the ways to ensure security is to detect Malware in computer systems by Malware Detection methods. Since this entails a lot of financial, time and human costs, the present research intends to rely on extracting useful information from raw data without the need to perform sampling and classification based on these features, costs reduce the listed. In this regard, for each Malware sample, a set of content-based features has been calculated using advanced mechanisms. Also, powerful statistical features are considered as a complement to content-based features. Therefore, according to the research findings on the Microsoft Malware database called BIG 2015, a cost-effective and fully automated classifier has been presented. In the proposed method using XGB algorithm and Random Forest, the accuracy of the classifier is 99.81 and the predictor error is set to 0.00470. The findings of this study show that the achievement of this research is to determine the superiority of operator replication features, segment ID replication, images extracted from Malware over other features. As a result, by using this research in IDS, IPS and native antivirus systems, it is possible to increase the accuracy of Malware Detection and also reduce Malware Detection errors and computer crimes.

There is a rapid increase in number and variety of Malware. In particular, hundreds of thousands of new Malware are observed on a daily basis. This amplifies the need for automatic analysis and Detection of Malware. Recently, techniques based on system call dependency graphs have emerged due to their promising Detection rate and ease of implementation. In this paper, a new approach is proposed for Malware Detection. The approach is based on analysis of system call dependency graphs. Dependency frequencies are considered as feature vectors to represent Malware and benign behavior. Given a train set of system call dependency graphs from various benign and Malware families, machine learning algorithms are used to construct classification models. We try algorithms such as support vector machines, random forests and gradient boosted decision trees and train various classification models. The evaluation results demonstrate that most of these models, in comparison with other related work, have a high degree of Detection rate and low false positive rate.

In this paper, a novel method based on the graph is proposed to classify the sequence of variable length as feature extraction. The proposed method overcomes the problems of the traditional graph with variable length of data, without fixing length of sequences, by determining the most frequent instructions and insertion the rest of instructions on the set of “ other” , save speed and memory. According to features and the similarities of them, a score is given to each sample and that is used for classification. To improve the results, the method is not used alone, but in the two approaches, this method is combined with other existing Technique to get better results. In the first approach, which can be considered as a feature extraction, extracted features from scoring techniques (Hidden Markov Model, simple substitution distance and similarity graph) on op-code sequences, hexadecimal sequences and system calls are combined at classifier input. The second approach consists of two steps, in the first step; the scores which obtained from each of the scoring Technique are given to the three support vector machine. The outcomes are combined according to the weight of each Technique and the final decision is taken based on the majority vote. Among the components of the support vector machine, when given a higher weight in the similarity graph method (the proposed method), the result is better, Because the similarity graph method is more accurate than the other two methods. Then, in the second section, considering the strengths and benefits of each classifier, classifier outputs are combined and the majority voting is used. Three methods have been tested for group combinations, including Ensemble Averaging, Bagging, and Boosting. Ensemble Averaging consisting of the combination of four classifiers of random forests, a support vector machine (as obtained in the previous section), K nearest neighbors and naive Bayes, and the final decision is taken based on the majority vote; therefore, it is used as the proposed method. The proposed approach could detect metamorphic Malware from Vxheaven set and also determines categories of Malware with accuracy of 97%, while the SSD and HMM methods under the same conditions could detect Malware with an accuracy of 84% and 80% respectively.

Android-based mobile devices are widely used due to their ease of use among users. Individuals perform various tasks on their mobile phones, such as banking activities, social networking, and diverse business systems, thereby exposing considerable personal information to risks due to the vulnerabilities of the Android operating system. The rapid development of Android Malware has rendered many traditional Malware Detection methods less accurate over time. Research indicates that machine learning is an effective approach for detecting Malware. The rapid evolution of Malware contributes to the degradation of accuracy in trained models over time. Moreover, the collection of Malware-related data from Android devices jeopardizes users' privacy. To address these issue, this paper employs federated and incremental learning. Recently, federated learning has been introduced for training machine learning models on decentralized devices with the aim of preserving privacy. This study utilizes a Multi-Layer Perceptron (MLP) within the framework of federated learning. Stacking, a type of ensemble learning, is employed for incremental learning. The CICMalDroid 2020 dataset is utilized in this research, using static data to develop the final model. The outcome of this study is a model with an accuracy of 96.49%, demonstrating significant improvement in computational time complexity along with maintaining the quality of learning and model accuracy compared to existing methods.

With the widespread use of Android smartphones, the Android platform has become an attractive target for cybersecurity attackers and Malware authors. Meanwhile, the growing emergence of zero-day Malware has long been a major concern for cybersecurity researchers. This is because Malware that has not been seen before often exhibits new or unknown behaviors, and there is no documented defense against it. In recent years, deep learning has become the dominant machine learning technique for Malware Detection and could achieve outstanding achievements. Currently, most deep Malware Detection techniques are supervised in nature and require training on large datasets of benign and malicious samples. However, supervised techniques usually do not perform well against zero-day Malware. Semi-supervised and unsupervised deep Malware Detection techniques have more potential to detect previously unseen Malware. In this paper, we present MalGAE, a novel end-to-end deep Malware Detection technique that leverages one-class graph neural networks to detect Android Malware in a semi-supervised manner. MalGAE represents each Android application with an attributed function call graph (AFCG) to benefit the ability of graphs to model complex relationships between data. It builds a deep one-class classifier by training a stacked graph autoencoder with graph convolutional layers on benign AFCGs. Experimental results show that MalGAE can achieve good Detection performance in terms of different evaluation measures.

Android has been targeted by Malware developers since it has emerged as widest used operating system for smartphones and mobile devices. Android security mainly relies on user decisions regarding to installing applications (apps) by approving their requested permissions. Therefore, a systematic user assistance mechanism for making appropriate decisions can significantly improve the security of Android based devices by preventing malicious apps installation. However, the criticality of permissions and the security risk values of apps are not well determined for users in order to make correct decisions. In this study, a new metric is introduced for effective risk computation of untrusted apps based on their required permissions. The metric leverages both frequency of permission usage in Malwares and rarity of them in normal apps. Based on the proposed metric, an algorithm is developed and implemented for identifying critical permissions and effective risk computation. The proposed solution can be directly used by the mobile owners to make better decisions or by Android markets to filter out suspicious apps for further examination. Empirical evaluations on real malicious and normal app samples show that the proposed metric has high Malware Detection rate and is superior to recently proposed risk score measurements. Moreover, it has good performance on unseen apps in term of security risk computation.

Through the use of Malware, particularly JavaScript, cybercriminals have turned online applications into one of their main targets for impersonation. Detection of such dangerous code in real-time, therefore, becomes crucial in order to prevent any harmful action. By categorizing the salient characteristics of the malicious code, this study suggests an effective technique for identifying malicious Java scripts that were previously unknown, employing an interceptor on the client side. By employing the wrapper approach for dimensionality reduction, a feature subset was generated. In this paper, we propose an approach for handling the Malware Detection task in imbalanced data situations. Our approach utilizes two main imbalanced solutions namely, Synthetic Minority Over Sampling Technique (SMOTE) and Tomek Links with the object of augmenting the data and then applying a Deep Neural Network (DNN) for classifying the scripts. The conducted experiments demonstrate the efficient performance of our approach and it achieves an accuracy of 94. 00%.

Today, virtual machines play an important role in efficient and effective management of resources. Virtualization is the concept of creating multiple virtual machine guests on a single hardware that allows the system to provide optimal use of resources. Common behavior of Malwares in a virtual machines is wide. Sometimes these Malwares change the system objects in the first step, and next, influence the host operating system of the virtual machine at the time of completion of the work, and maybe in a final step they do some malicious task. In this paper we provide a secure method for identification, classification and elimination of Malwares in a virtual machine. The proposed method which is called, SSM, will firstly attempt to identify high-risk behaviors using behavioral profiles and evaluating changes. The proposed method is then extracted from pre-treatment to categorize malicious groups. Experimental results show that the sample rate of false negatives has sharply declined. The proposed mechanism is based on the actual samples virtualization Xen, with the Linux implementation. Through detailed analysis, and comparison SSM with current commercial anti-Malware, SSM has a good performance in the Detection and removal of Malware, as well as reducing the rate of false- negative samples were found in a virtual machine.