Skip to main navigation menu Skip to main content Skip to site footer
Logo

Articles

Vol. 1 No. 2 (2021): Cybersecurity and Network Defense Research (CNDR)

AI-Enhanced Malware Analysis: Breaking Down Advanced Cyber Threats with Precision

Published
09-12-2021

Abstract

The rise in global cyber-attacks highlights the need for more sophisticated malware analysis tools and methodologies. As attackers use more advanced techniques, static signatures and heuristic rules are not adequate to detect attacks. The rise of artificial intelligence (AI), including machine learning (ML), deep learning (DL), and anomaly detection, has radically changed the way malware is detected, allowing it to have more adaptive and powerful protection. The paper provides an overview of AI-powered malware analysis — from evolving threats, through basic static and dynamic analysis, to anomaly detection for real-time threat monitoring. As a comparative analysis of AI’s effectiveness at detecting polymorphic, metamorphic and zero-day attacks shows, AI technologies are more effective than traditional signature-based approaches. In addition, issues of adversarial machine learning, model interpretability, and data-based retraining pipelines are discussed, mirroring current debates in industry and academia. It ends by identifying the importance of proactive AI systems in contemporary cybersecurity, and suggests research avenues such as federated learning, explainable AI, and aligning regulatory expectations with cutting-edge security.

References

  1. M. Alazab, S. Venkataraman, and P. Watters, “Towards understanding malware behaviour by the extraction of API calls,” in 2010 Second Cybercrime and Trustworthy Computing Workshop, IEEE, 2010, pp. 52–59.
  2. R. Sommer and V. Paxson, “Outside the closed world: On using machine learning for network intrusion detection,” in 2010 IEEE Symposium on Security and Privacy, 2010, pp. 305–316.
  3. A. M. Al-Barashdi, S. Bouktif, and O. Zaïane, “A systematic literature review of machine learning approaches in phishing detection,” International Journal of Electrical & Computer Engineering, vol. 10, no. 3, pp. 3360–3369, 2020.
  4. S. Hou, K. Chang, and C. Wu, “Deep neural network-based malware detection using two-dimensional gray images,” IEEE Access, vol. 8, pp. 56045–56059, 2020.
  5. F. Cohen, “Computer viruses: theory and experiments,” Computers & Security, vol. 6, no. 1, pp. 22–35, 1987.
  6. T. K. Dasaklis, F. Casino, G. Patsakis, I. Chatzigiannakis, M. Piromalis, and C. Xenakis, “Defending against advanced persistent threats in a 5G world,” Electronics, vol. 10, no. 12, p. 1492, 2021.
  7. M. Sikorski and A. Honig, Practical Malware Analysis. San Francisco, CA: No Starch Press, 2012.
  8. M. A. Ferrag, L. Maglaras, S. Moschoyiannis, and H. Janicke, “Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study,” Journal of Information Security and Applications, vol. 50, p. 102419, 2020.
  9. M. Schultz, E. Eskin, F. Zadok, and S. Stolfo, “Data mining methods for detection of new malicious executables,” in Proceedings of the 2001 IEEE Symposium on Security and Privacy, 2001, pp. 38–49.
  10. R. Vinayakumar, K. P. Soman, and P. Poornachandran, “Evaluating shallow and deep networks for malware detection,” 2018 9th International Conference on Computing, Communication and Networking Technologies (ICCCNT), IEEE, 2018, pp. 1–6.
  11. Y. LeCun, Y. Bengio, and G. Hinton, “Deep learning,” Nature, vol. 521, no. 7553, pp. 436–444, 2015.
  12. S. Kolosnjaji, A. Zarras, G. Webster, and C. Eckert, “Deep learning for classification of malware system call sequences,” in Proceedings of the Australasian Conference on Artificial Intelligence, 2016, pp. 137–149.
  13. S. Nataraj, M. Karthikeyan, G. Jacob, and B. S. Manjunath, “Malware images: visualization and automatic classification,” in Proceedings of the 8th International Symposium on Visualization for Cyber Security, 2011, pp. 1–7.
  14. G. Kim, S. Lee, and S. Kim, “A novel hybrid intrusion detection method integrating anomaly detection with misuse detection,” Expert Systems with Applications, vol. 41, no. 4, pp. 1690–1700, 2014.
  15. X. Yuan, P. He, Q. Zhu, and X. Li, “Adversarial examples: Attacks and defenses for deep learning,” IEEE Transactions on Neural Networks and Learning Systems, vol. 30, no. 9, pp. 2805–2824, 2019.
  16. N. Papernot, P. McDaniel, X. Wu, S. Jha, and A. Swami, “Distillation as a defense to adversarial perturbations against deep neural networks,” in 2016 IEEE Symposium on Security and Privacy, 2016, pp. 582–597.
  17. T. Chung, D. Choffnes, M. Sullivan, F. Li, D. Levin, B. M. Maggs, and A. Mislove, “Measuring and applying invalid SSL certificates: The silent majority,” in Proceedings of the 2016 Internet Measurement Conference, 2016, pp. 527–541.
  18. Verizon, “Verizon 2021 Data Breach Investigations Report,” Verizon Enterprise, 2021. [Online]. Available: https://www.verizon.com/business/resources/reports/dbir/
  19. Y. Vorontsov, E. M. G. Rodrigues, K. Kim, and W. Lin, “Using machine learning approaches for cloud intrusion detection,” IEEE Access, vol. 9, pp. 157698–157710, 2021.
  20. E. Stinson and J. C. Mitchell, “Characterizing bots’ remote control behavior,” in Detection of Intrusions and Malware, and Vulnerability Assessment, vol. 4579, LNCS, 2007, pp. 89–108.
  21. D. Ucci, L. Aniello, and R. Baldoni, “Survey of machine learning techniques for malware analysis,” Computers & Security, vol. 81, pp. 123–147, 2019.
  22. M. Egele, D. Kirda, C. Kruegel, and G. Vigna, “Dynamic malware analysis in the modern era—A state of the art survey,” Journal of Information Security and Applications, vol. 79, no. 3, pp. 186–210, 2012.
  23. L. Meng, T. Jiang, and R. H. Deng, “When intrusion detection meets deep learning: A review,” IEEE Access, vol. 8, pp. 106180–106202, 2020.
  24. A. Rajabzadeh, P. Franke, and M. Conti, “Binary function similarity detection in software engineering and malware analysis,” IEEE Transactions on Information Forensics and Security, vol. 16, pp. 4059–4073, 2021.
  25. F. Audi, J. E. Tapiador, and P. Peris-Lopez, “Trends and challenges in anomaly-based intrusion detection of IoT traffic: A comprehensive survey,” Sensors, vol. 20, no. 18, p. 5227, 2020.
  26. X. Xiao, Y. Zhang, J. Wu, and H. Feng, “An efficient feature selection method for malicious traffic detection in IoT networks,” Future Generation Computer Systems, vol. 114, pp. 375–388, 2021.
  27. J. Wang, Q. Chen, and Y. Yang, “Adaptive security solutions in cyber-physical systems through multi-level scanning,” Computers & Security, vol. 105, p. 102236, 2021.
  28. M. T. Ribeiro, S. Singh, and C. Guestrin, “Why should I trust you?: Explaining the predictions of any classifier,” in Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, 2016, pp. 1135–1144.
  29. C. S. Collberg and S. Kobourov, “Streaming analytics for big data cybersecurity: A survey,” ACM Computing Surveys, vol. 53, no. 5, pp. 1–40, 2021.
  30. Y. Zhao, J. Li, and F. Xu, “Edge computing and security in the era of IoT: A systematic review,” IEEE Internet of Things Journal, vol. 8, no. 13, pp. 10409–10430, 2021.
  31. K. Yang, T. Jiang, and Y. Shi, “Federated machine learning for intelligent IoT via reconfigurable intelligent surfaces,” IEEE Network, vol. 35, no. 5, pp. 16–22, 2021.
  32. A. Bhagoji, D. Cullina, and P. Mittal, “Dimensionality reduction as a defense against poisoning attacks on machine learning classifiers,” in Proceedings of the 29th USENIX Security Symposium, 2017, pp. 343–360.
  33. A. Chouldechova and A. Roth, “The frontiers of fairness in machine learning,” Communications of the ACM, vol. 63, no. 5, pp. 82–89, 2020.
  34. B. L. Mirkin, “AI in financial transactions: Fraud detection and compliance,” IBM Journal of Research and Development, vol. 65, no. 4/5, pp. 1–10, 2021.
  35. A. Kelarestaghi, K. Salah, and M. Conti, “Ransomware propagation in healthcare networks: Detection using AI-based solutions,” IEEE Network, vol. 35, no. 4, pp. 123–129, 2021.
  36. S. Marchal, J. Francois, R. State, and T. Engel, “PhishStorm: Detecting phishing with streaming analytics,” IEEE Transactions on Network and Service Management, vol. 11, no. 4, pp. 458–471, 2014.
  37. N. Falliere, L. O. Murchu, and E. Chien, “W32.Stuxnet dossier,” Symantec Security Response, vol. 5, pp. 1–69, 2011.
  38. T. T. Oh, M. A. Ngadi, I. Ahmad, J. E. Abawajy, and C. Su, “Anomaly detection and classification in modern ICS using deep belief networks,” IEEE Transactions on Industrial Informatics, vol. 17, no. 5, pp. 3432–3442, 2021.
  39. M. A. Ferrag, L. Maglaras, S. Moschoyiannis, and H. Janicke, “Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study,” Journal of Information Security and Applications, vol. 50, p. 102419, 2020.