使用对抗学习和深度学习的恶意软件分析和检测技术

IF 3.8 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications Pub Date : 2025-02-25 DOI:10.1016/j.jisa.2025.104009

Surbhi Prakash, Amar Kumar Mohapatra

{"title":"使用对抗学习和深度学习的恶意软件分析和检测技术","authors":"Surbhi Prakash, Amar Kumar Mohapatra","doi":"10.1016/j.jisa.2025.104009","DOIUrl":null,"url":null,"abstract":"<div><div>Malware attacks are frequently increasing due to the growing use of handheld gadgets, especially Android phones. Hackers try to access smartphones through a variety of techniques, including the theft of information, tracking, and deceptive advertising. There are various techniques for malware analysis and detection, but some issues, like low performance, computational complexity, overfitting, and so on, have been identified while detecting malware and training data. To address these issues, the proposed technique is designed to achieve efficient malware detection. Initially, data is collected from the Aposemat IoT-23 and Bot-IoT datasets, and the Adaptative Perturbation Pattern Method (Ap2 m) is used to generate constrained adversarial samples. Evasion attacks are used to examine regular adversarial training, while Improved Random Forest (IRF) is used for modeling and fine-tuning. The deep Residual Convolutional Neural Network (deep RCNet) is utilized to extract the features. Finally, the Multi-head Attention-based Bidirectional Residual Autoencoder (MA_BiRAE) model is used for malware detection. The performance of the proposed technique is compared to various existing models to determine its superiority. The proposed technique is evaluated using two datasets: the Aposemat IoT-23 dataset and the Bot-IoT dataset. The proposed technique achieves an accuracy of 99.63% for the Aposemat IoT-23 dataset and 99.11% for the Bot-IoT dataset.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"90 ","pages":"Article 104009"},"PeriodicalIF":3.8000,"publicationDate":"2025-02-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"MA_BiRAE - Malware analysis and detection technique using adversarial learning and deep learning\",\"authors\":\"Surbhi Prakash, Amar Kumar Mohapatra\",\"doi\":\"10.1016/j.jisa.2025.104009\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Malware attacks are frequently increasing due to the growing use of handheld gadgets, especially Android phones. Hackers try to access smartphones through a variety of techniques, including the theft of information, tracking, and deceptive advertising. There are various techniques for malware analysis and detection, but some issues, like low performance, computational complexity, overfitting, and so on, have been identified while detecting malware and training data. To address these issues, the proposed technique is designed to achieve efficient malware detection. Initially, data is collected from the Aposemat IoT-23 and Bot-IoT datasets, and the Adaptative Perturbation Pattern Method (Ap2 m) is used to generate constrained adversarial samples. Evasion attacks are used to examine regular adversarial training, while Improved Random Forest (IRF) is used for modeling and fine-tuning. The deep Residual Convolutional Neural Network (deep RCNet) is utilized to extract the features. Finally, the Multi-head Attention-based Bidirectional Residual Autoencoder (MA_BiRAE) model is used for malware detection. The performance of the proposed technique is compared to various existing models to determine its superiority. The proposed technique is evaluated using two datasets: the Aposemat IoT-23 dataset and the Bot-IoT dataset. The proposed technique achieves an accuracy of 99.63% for the Aposemat IoT-23 dataset and 99.11% for the Bot-IoT dataset.</div></div>\",\"PeriodicalId\":48638,\"journal\":{\"name\":\"Journal of Information Security and Applications\",\"volume\":\"90 \",\"pages\":\"Article 104009\"},\"PeriodicalIF\":3.8000,\"publicationDate\":\"2025-02-25\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Information Security and Applications\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S221421262500047X\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S221421262500047X","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

由于越来越多的手持设备，尤其是Android手机的使用，恶意软件攻击频繁增加。黑客试图通过各种技术访问智能手机，包括窃取信息、跟踪和欺骗性广告。有各种各样的恶意软件分析和检测技术，但是在检测恶意软件和训练数据时，已经发现了一些问题，如低性能、计算复杂性、过拟合等。为了解决这些问题，所提出的技术旨在实现有效的恶意软件检测。首先，从Aposemat IoT-23和Bot-IoT数据集收集数据，并使用自适应摄动模式方法（Ap2 m）生成约束对抗样本。逃避攻击用于检查常规的对抗训练，而改进随机森林（IRF）用于建模和微调。利用深度残差卷积神经网络（deep RCNet）提取特征。最后，采用基于多头注意力的双向残差自编码器（MA_BiRAE）模型进行恶意软件检测。将该方法的性能与现有的各种模型进行了比较，以确定其优越性。所提出的技术使用两个数据集进行评估：Aposemat IoT-23数据集和Bot-IoT数据集。该技术在Aposemat IoT-23数据集上的准确率为99.63%，在Bot-IoT数据集上的准确率为99.11%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

MA_BiRAE - Malware analysis and detection technique using adversarial learning and deep learning

Malware attacks are frequently increasing due to the growing use of handheld gadgets, especially Android phones. Hackers try to access smartphones through a variety of techniques, including the theft of information, tracking, and deceptive advertising. There are various techniques for malware analysis and detection, but some issues, like low performance, computational complexity, overfitting, and so on, have been identified while detecting malware and training data. To address these issues, the proposed technique is designed to achieve efficient malware detection. Initially, data is collected from the Aposemat IoT-23 and Bot-IoT datasets, and the Adaptative Perturbation Pattern Method (Ap2 m) is used to generate constrained adversarial samples. Evasion attacks are used to examine regular adversarial training, while Improved Random Forest (IRF) is used for modeling and fine-tuning. The deep Residual Convolutional Neural Network (deep RCNet) is utilized to extract the features. Finally, the Multi-head Attention-based Bidirectional Residual Autoencoder (MA_BiRAE) model is used for malware detection. The performance of the proposed technique is compared to various existing models to determine its superiority. The proposed technique is evaluated using two datasets: the Aposemat IoT-23 dataset and the Bot-IoT dataset. The proposed technique achieves an accuracy of 99.63% for the Aposemat IoT-23 dataset and 99.11% for the Bot-IoT dataset.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Journal of Information Security and Applications Computer Science-Computer Networks and Communications

CiteScore

10.90

自引率

5.40%

发文量

206

审稿时长

56 days

期刊介绍： Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.