José Javier de Vicente Mohino¹, Javier Bermejo Higuera¹, Juan Ramón Bermejo Higuera¹, Juan Antonio Sicilia Montalvo^1,*, Manuel Sánchez Rubio¹, José Javier Martínez Herraiz²

CMC-Computers, Materials & Continua, Vol.67, No.2, pp. 1447-1469, 2021, DOI:10.32604/cmc.2021.014596

Abstract In a computer environment, an operating system is prone to malware, and even the Linux operating system is not an exception. In recent years, malware has evolved, and attackers have become more qualified compared to a few years ago. Furthermore, Linux-based systems have become more attractive to cybercriminals because of the increasing use of the Linux operating system in web servers and Internet of Things (IoT) devices. Windows is the most employed OS, so most of the research efforts have been focused on its malware protection rather than on other operating systems. As a result, hundreds of research articles, documents,… More >

Rami Sihwail^*, Khairuddin Omar, Khairul Akram Zainol Ariffin

CMC-Computers, Materials & Continua, Vol.67, No.2, pp. 2301-2320, 2021, DOI:10.32604/cmc.2021.014510

Abstract The study of malware behaviors, over the last years, has received tremendous attention from researchers for the purpose of reducing malware risks. Most of the investigating experiments are performed using either static analysis or behavior analysis. However, recent studies have shown that both analyses are vulnerable to modern malware files that use several techniques to avoid analysis and detection. Therefore, extracted features could be meaningless and a distraction for malware analysts. However, the volatile memory can expose useful information about malware behaviors and characteristics. In addition, memory analysis is capable of detecting unconventional malware, such as in-memory and fileless malware.… More >

Jaiteg Singh¹, Tanya Gera¹, Farman Ali², Deepak Thakur¹, Karamjeet Singh³, Kyung-sup Kwak^4,*

CMC-Computers, Materials & Continua, Vol.66, No.3, pp. 2655-2670, 2021, DOI:10.32604/cmc.2021.014504

Abstract Android has been dominating the smartphone market for more than a decade and has managed to capture 87.8% of the market share. Such popularity of Android has drawn the attention of cybercriminals and malware developers. The malicious applications can steal sensitive information like contacts, read personal messages, record calls, send messages to premium-rate numbers, cause financial loss, gain access to the gallery and can access the user’s geographic location. Numerous surveys on Android security have primarily focused on types of malware attack, their propagation, and techniques to mitigate them. To the best of our knowledge, Android malware literature has never… More >

M. A. Rahim Khan^*, Manoj Kumar Jain

Intelligent Automation & Soft Computing, Vol.26, No.6, pp. 1359-1373, 2020, DOI:10.32604/iasc.2020.013849

Abstract Repacked mobile applications and obfuscation attacks constitute a significant threat to the Android technological ecosystem. A novel method using the Constant Key Point Selection and Limited Binary Pattern Feature (CKPS: LBP) extraction-based Hashing has been proposed to identify repacked Android applications in previous works. Although the approach was efficient in detecting the repacked Android apps, it was not suitable for detecting obfuscation attacks. Additionally, the time complexity needed improvement. This paper presents an optimization technique using Scalable Bivariant Feature Transformation extract optimum feature-points extraction, and the Harris method applied for optimized image hashing. The experiments produced better results than the… More >

Dong-Wook Kim¹, Gun-Yoon Shin¹, Myung-Mook Han^{2, *}

CMC-Computers, Materials & Continua, Vol.65, No.3, pp. 1891-1904, 2020, DOI:10.32604/cmc.2020.010933

Abstract This study was conducted to enable prompt classification of malware, which was becoming increasingly sophisticated. To do this, we analyzed the important features of malware and the relative importance of selected features according to a learning model to assess how those important features were identified. Initially, the analysis features were extracted using Cuckoo Sandbox, an open-source malware analysis tool, then the features were divided into five categories using the extracted information. The 804 extracted features were reduced by 70% after selecting only the most suitable ones for malware classification using a learning model-based feature selection method called the recursive feature… More >

Yue Li¹, Guangquan Xu^2,3, Hequn Xian^1,*, Longlong Rao³, Jiangang Shi^4,*

Intelligent Automation & Soft Computing, Vol.25, No.3, pp. 637-647, 2019, DOI:10.31209/2019.100000118

Abstract In order to prevent the spread of Android malware and protect privacy information from being compromised, this study proposes a novel multidimensional hybrid features extraction and analysis method for Android malware detection. This method is based primarily on a multidimensional hybrid features vector by extracting the information of permission requests, API calls, and runtime behaviors. The innovation of this study is to extract greater amounts of static and dynamic features information and combine them, that renders the features vector for training completer and more comprehensive. In addition, the feature selection algorithm is used to further optimize the extracted information to… More >

Chunlai Du¹, Shenghui Liu¹, Lei Si², Yanhui Guo^{2, *}, Tong Jin¹

CMC-Computers, Materials & Continua, Vol.64, No.3, pp. 1785-1796, 2020, DOI:10.32604/cmc.2020.010091

Abstract In recent years, the number of exposed vulnerabilities has grown rapidly and more and more attacks occurred to intrude on the target computers using these vulnerabilities such as different malware. Malware detection has attracted more attention and still faces severe challenges. As malware detection based traditional machine learning relies on exports’ experience to design efficient features to distinguish different malware, it causes bottleneck on feature engineer and is also time-consuming to find efficient features. Due to its promising ability in automatically proposing and selecting significant features, deep learning has gradually become a research hotspot. In this paper, aiming to detect… More >

Jingping Song¹, Qingyu Meng¹, Chenke Luo², Nitin Naik³, Jian Xu^{1, *}

CMC-Computers, Materials & Continua, Vol.64, No.2, pp. 1051-1061, 2020, DOI:10.32604/cmc.2020.010592

Abstract In recent years, as the popularity of anonymous currencies such as Bitcoin has made the tracking of ransomware attackers more difficult, the amount of ransomware attacks against personal computers and enterprise production servers is increasing rapidly. The ransomware has a wide range of influence and spreads all over the world. It is affecting many industries including internet, education, medical care, traditional industry, etc. This paper uses the idea of virus immunity to design an immunization solution for ransomware viruses to solve the problems of traditional ransomware defense methods (such as anti-virus software, firewalls, etc.), which cannot meet the requirements of… More >

J. Vijila^{1, *}, A. Albert Raj²

CMC-Computers, Materials & Continua, Vol.62, No.3, pp. 1077-1096, 2020, DOI:10.32604/cmc.2020.08534

Abstract Software Defined Network (SDN) deals with huge data processing units which possess network management. However, due to centralization behavior ensuring security in SDN is the major concern. In this work to ensure security, a security server has been at its aid to check the vulnerability of the networks and to keep an eye on the packet according to the screening policies. A Secure Shell Connection (SSH) is established by the security server which does a frequent inspection of the network’s logs. Malware detection and the Intrusion Detection System policies are also incorporated in the server for the effective scanning of… More >

Jiyuan Liu¹, Yingzhi Zeng², Jiangyong Shi², Yuexiang Yang^2,∗, Rui Wang³, Liangzhong He⁴

CMC-Computers, Materials & Continua, Vol.60, No.2, pp. 721-739, 2019, DOI:10.32604/cmc.2019.05610

Abstract Recently, TLS protocol has been widely used to secure the application data carried in network traffic. It becomes more difficult for attackers to decipher messages through capturing the traffic generated from communications of hosts. On the other hand, malwares adopt TLS protocol when accessing to internet, which makes most malware traffic detection methods, such as DPI (Deep Packet Inspection), ineffective. Some literatures use statistical method with extracting the observable data fields exposed in TLS connections to train machine learning classifiers so as to infer whether a traffic flow is malware or not. However, most of them adopt the features based… More >