Immune-Based System to Enhance Malware Detection | IEEE Conference Publication | IEEE Xplore

Immune-Based System to Enhance Malware Detection


Abstract:

Malicious apps use various methods to spread viruses, take control of computers and/or IoT devices, and steal sensitive data such as credit card numbers or other personal...Show More

Abstract:

Malicious apps use various methods to spread viruses, take control of computers and/or IoT devices, and steal sensitive data such as credit card numbers or other personal information. Despite the numerous existing means of intrusion detection, malware code is not easily detectable. The primary issue with current malware detection approaches is their inability to identify novel attacks and obfuscated malware, as they rely on static bases of malware examples, making them susceptible to new unseen malware behaviors. To address this, we propose a new method for malware recognition, which consists of two processes: the first process creates new instances of malware using a memetic algorithm, and the second process detects these new instances of attacks through solid detectors produced by an artificial immune system-based algorithm. Our new malware recognition method has proven its merits through thorough experiments on widely used datasets and evaluation metrics, and has been compared to prominent state-of-the-art methods.
Date of Conference: 01-05 July 2023
Date Added to IEEE Xplore: 25 September 2023
ISBN Information:
Conference Location: Chicago, IL, USA

I. Introduction

Malware is malicious software created to access a computer or any other device and cause damages to it. Malicious programs try to find their way to the targeted systems, which are usually connected to Internet most of the time, either for work or for personal use, with the widespread of IoT technology. We can easily notice that IoT technology is vulnerable to malware attacks especially due to the fact that IoT devices lack robust security measures [1]. In this concern, different methods were proposed which try to detect malware programs relying on specific features within the apps. Those features can be classified with regards to their type either as static or dynamic, which depends on the nature of the used detection method [2] (i.e., signature-based, behavioral-based or heuristic-based method). Various methods and techniques were proposed in literature to enhance the array of computer security means where the use of (deep) neural networks [3] and evolutionary algorithms (EAs) [4], [5], was particularly present in recent works. Those methods showed interesting results in detecting malware when assessed using static stored malicious samples which is no longer the case when tested against new unknown variants of malware. This can be explained by the lack of diversity of the malware samples. In another perspective, many works relied on machine learning classifiers [6] to set new detection rules but those rules led to high percentages of false positives. In this paper, we propose a two-step detection approach, named IMMU-Det, which is distinguished by the combination of a Memetic Algorithm (MA) and an Artificial Immune system (AIS) based algorithm relying on a clonal selection process to generate a diverse population of immune cells (detectors in our case). The first step is the one that will generate a new set of “memes”, those are the malicious variants (vectors of Application Programming Interface (API) calls) that will serve, in the following step, as input (antigens) to the AIS based algorithm which, in turn, will produce detectors. Those detectors will help reveal the true nature of unknown applications.

References

References is not available for this document.