AU2021107489A4 - An Real Time Automated Multi-level Malware Classification and Detection Module in Networks - Google Patents
An Real Time Automated Multi-level Malware Classification and Detection Module in Networks Download PDFInfo
- Publication number
- AU2021107489A4 AU2021107489A4 AU2021107489A AU2021107489A AU2021107489A4 AU 2021107489 A4 AU2021107489 A4 AU 2021107489A4 AU 2021107489 A AU2021107489 A AU 2021107489A AU 2021107489 A AU2021107489 A AU 2021107489A AU 2021107489 A4 AU2021107489 A4 AU 2021107489A4
- Authority
- AU
- Australia
- Prior art keywords
- malware
- sha
- model
- hash values
- vmms
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
- 238000001514 detection method Methods 0.000 title 1
- 238000010801 machine learning Methods 0.000 claims abstract description 6
- 238000010586 diagram Methods 0.000 claims abstract description 3
- 238000012545 processing Methods 0.000 claims abstract description 3
- 208000024891 symptom Diseases 0.000 claims abstract description 3
- 238000007637 random forest analysis Methods 0.000 claims abstract 4
- 230000004931 aggregating effect Effects 0.000 claims abstract 2
- 238000007477 logistic regression Methods 0.000 claims abstract 2
- 238000012706 support-vector machine Methods 0.000 claims abstract 2
- 238000000034 method Methods 0.000 description 3
- 238000013459 approach Methods 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 230000002708 enhancing effect Effects 0.000 description 1
- 238000002474 experimental method Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N20/00—Machine learning
- G06N20/20—Ensemble learning
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2218/00—Aspects of pattern recognition specially adapted for signal processing
- G06F2218/12—Classification; Matching
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Data Mining & Analysis (AREA)
- Medical Informatics (AREA)
- Mathematical Physics (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Health & Medical Sciences (AREA)
- Evolutionary Computation (AREA)
- Artificial Intelligence (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Storage Device Security (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
In this proposed research work, a Security framework is designed to provide secured processing of Big Data
in a Hybrid Cloud Computing environment. In each of the data nodes, a VMMC is preinstalled without the
user's consent using data nodes for storage. The primaryjob of VMMC is to extract the raw memory dumps
of the monitored virtual machines and send them to a centralised VMMS on time. The VMMS reconstructs
the memory dumps and computes the three distinct hash values MD-5,SHA-256, and SHA-1. In the first
stage, hash values were compared against the Local Malware Signature Database to match known malware.
If there is no match, then hash values are compared against the publicly available malware signatures using
web tools in the second stage. Since these two levels limit themselves with limited malware signatures, the
third level machine learning model is designed to detect and classify the malware symptoms. The Logistic
regression achieved the optimum accuracy of up to 92.4 % compared to Naive Bayes and Support Vector
Machine. But it's very imperative that many true negatives (TN) of the model can compromise the model to
a greater extent. In order to address the issues of the base model, the Ensemble machine learning models
are used, which harness the power of subset training and then aggregating in prediction with voting. In the
analysis, Random forest, Bagging, and Gradient Boosting ensemble models are used. The random forest
achieved a better and acceptable accuracy of up to 98 % by lowering the true negative values and
minimising the network's risk.
Diagrams:
MonitaredVirtual Machine MemoryDump
Executable Extracted
ExtractedProcesses
Computer MOS, SH-2S6and SHA-1 hash
Locu I Mi WaraSignturt Data bas:MDS, SHA,
PresentMiwr
On I inme MewretSca nr
No Yes
Present ~ -M~~r
LocaIM ach ine Lea rn i ngMewave
detector
Description
Diagrams:
MonitaredVirtual Machine MemoryDump
Executable Extracted
ExtractedProcesses
Computer MOS, SH-2S6and SHA-1 hash
LocuI Mi WaraSignturt Data bas:MDS,SHA,
PresentMiwr
On I inme MewretSca nr
No Yes
Present ~ -M~~r
LocaIM ach ine Lea rn i ngMewave detector
EDITORIAL NOTE 2021107489
There is 1 page of description only.
Description:
The proposed architecture is for enhancing security at the processing level of the operating System. The pre-configured and pre-installed VMMC, configured Virtual machine monitoring server (VMMS) leveraged as data nodes from a pool of virtual machines. The primary task of VMCC is to real-time updating to the Virtual machine monitoring server (VMMS), the status of the data node by extracting the state of information of kernel modules such as process state information, system calls, and various process invoking the system calls. Each VMM Client is responsible for updating the VMM Server in a fixed interval of time. VMM Server is responsible for scanning the received data on time to identify malware, predicting malware symptoms and threats ofits kind from a multiple live monitored guest operating system.
The proposed approach is designed to work at three levels. The first level operations are restricted to the local network. All the known patterns of malware signatures are collected to serve as the local malware signature repository. The local malware signature repository is updated as and when new malware signatures are identified. In the first level, the extracted PE hash value is matched against this local repository.
If no match is found in this local repository, it proceeds to the second level, where it tries to compare with the Online Malware Signatures. In order to do this, publicly available malware classification tools areused.
The first and second levels limit themselves with identifying known malware signatures either locally or publicly available. The proposed approach extends to the third level by adopting Machine Learning Techniques to detect new types of attacks that are not identified in Level 1 and Level 2.
In order to classify the malware in the third level, experiments are carried out with Supervised and Ensemble Machine Learning Models.
EDITORIAL NOTE 2021107489
There is 1 page of claims only.
Claims (3)
1.In this proposed research work, a Security frameworkisdesigned toprovidesecured processing of Big Data in a Hybrid Cloud Computing environment.
2. In each of the data nodes, a VMMC is pre-installed without the user's consent using data nodes for storage. The primary job of VMMC is to extract the raw memorydumps of themonitored virtual machines and send them to a centralized VMMS on time. The VMMS reconstructs the memory dumps and computes the three distinct hash values MD-5,SHA-256, and SHA-1. In the first stage, hash values were compared against the Local Malware Signature Database to match known malware. If there is no match, then hash values are compared against the publicly available malware signatures using web tools in the second stage. Since these twolevelslimit themselves with limited malware signatures, the third level machinelearning model is designed to detect and classify themalware symptoms.
3. The Logistic regression achieved the optimum accuracy of up to 92.4 %compared to Naive Bayes and Support Vector Machine. But it's very imperative that many true negatives (TN) of the model can compromise the model to a greaterextent. In order to address the issues of the base model, the Ensemble machine learning models are used, which harness the powerof subset training and then aggregating in prediction with voting. In the analysis, Random forest, Bagging, and Gradient Boosting ensemble models are used. The random forest achieved a betterand acceptable accuracy of up to 98 %by loweringthe true negative values and minimizingthe network's risk.
EDITORIAL NOTE Aug 2021
2021107489
There is 1 drawing only.
Diagrams:
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU2021107489A AU2021107489A4 (en) | 2021-08-25 | 2021-08-25 | An Real Time Automated Multi-level Malware Classification and Detection Module in Networks |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU2021107489A AU2021107489A4 (en) | 2021-08-25 | 2021-08-25 | An Real Time Automated Multi-level Malware Classification and Detection Module in Networks |
Publications (1)
Publication Number | Publication Date |
---|---|
AU2021107489A4 true AU2021107489A4 (en) | 2021-12-23 |
Family
ID=78958216
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
AU2021107489A Ceased AU2021107489A4 (en) | 2021-08-25 | 2021-08-25 | An Real Time Automated Multi-level Malware Classification and Detection Module in Networks |
Country Status (1)
Country | Link |
---|---|
AU (1) | AU2021107489A4 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113985294A (en) * | 2021-12-29 | 2022-01-28 | 山东大学 | Method and device for estimating remaining life of battery |
-
2021
- 2021-08-25 AU AU2021107489A patent/AU2021107489A4/en not_active Ceased
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113985294A (en) * | 2021-12-29 | 2022-01-28 | 山东大学 | Method and device for estimating remaining life of battery |
CN113985294B (en) * | 2021-12-29 | 2022-04-01 | 山东大学 | Method and device for estimating remaining life of battery |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9398034B2 (en) | Matrix factorization for automated malware detection | |
Vinayakumar et al. | Deep android malware detection and classification | |
Uwagbole et al. | Applied machine learning predictive analytics to SQL injection attack detection and prevention | |
Shirani et al. | B in a rm: Scalable and efficient detection of vulnerabilities in firmware images of intelligent electronic devices | |
Kosmidis et al. | Machine learning and images for malware detection and classification | |
CN106796639A (en) | For the data mining algorithm of credible performing environment | |
Zhao et al. | Malicious executables classification based on behavioral factor analysis | |
Patil et al. | Designing in-VM-assisted lightweight agent-based malware detection framework for securing virtual machines in cloud computing | |
Qazi et al. | Effect of feature selection, SMOTE and under sampling on class imbalance classification | |
EP4319054A3 (en) | Identifying legitimate websites to remove false positives from domain discovery analysis | |
US9218419B2 (en) | Snapshot generation for search results page preview | |
US20220222372A1 (en) | Automated data masking with false positive detection and avoidance | |
AU2021107489A4 (en) | An Real Time Automated Multi-level Malware Classification and Detection Module in Networks | |
Aljarah et al. | Towards a scalable intrusion detection system based on parallel pso clustering using mapreduce | |
MX2023003118A (en) | Systems and methods for triaging software vulnerabilities. | |
Rahul et al. | Analysis of machine learning models for malware detection | |
Xiaoqing et al. | Network intrusion detection method based on Agent and SVM | |
US20220004630A1 (en) | Systems and methods for a multi-model approach to predicting the development of cyber threats to technology products | |
Pektaş et al. | Runtime-behavior based malware classification using online machine learning | |
Lighari | Hybrid model of rule based and clustering analysis for big data security | |
Singh et al. | Intrusion detection using data mining with correlation | |
AbuAlghanam et al. | Android Malware Detection System Based on Ensemble Learning | |
Juvonen et al. | Combining conjunctive rule extraction with diffusion maps for network intrusion detection | |
CN108566306B (en) | Network security real-time anomaly detection method based on data equalization technology | |
Reis et al. | Intrusion detection systems with GPU-accelerated deep neural networks and effect of the depth |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
FGI | Letters patent sealed or granted (innovation patent) | ||
MK22 | Patent ceased section 143a(d), or expired - non payment of renewal fee or expiry |