Omer Aslan

Bio: Omer Aslan is an academic researcher from Siirt University. The author has contributed to research in topics: Malware & Ransomware. The author has an hindex of 4, co-authored 8 publications receiving 91 citations. Previous affiliations of Omer Aslan include Ankara University.

A Comprehensive Review on Malware Detection Approaches

Abstract: According to the recent studies, malicious software (malware) is increasing at an alarming rate, and some malware can hide in the system by using different obfuscation techniques. In order to protect computer systems and the Internet from the malware, the malware needs to be detected before it affects a large number of systems. Recently, there have been made several studies on malware detection approaches. However, the detection of malware still remains problematic. Signature-based and heuristic-based detection approaches are fast and efficient to detect known malware, but especially signature-based detection approach has failed to detect unknown malware. On the other hand, behavior-based, model checking-based, and cloud-based approaches perform well for unknown and complicated malware; and deep learning-based, mobile devices-based, and IoT-based approaches also emerge to detect some portion of known and unknown malware. However, no approach can detect all malware in the wild. This shows that to build an effective method to detect malware is a very challenging task, and there is a huge gap for new studies and methods. This paper presents a detailed review on malware detection approaches and recent detection methods which use these approaches. Paper goal is to help researchers to have a general idea of the malware detection approaches, pros and cons of each detection approach, and methods that are used in these approaches.

A New Malware Classification Framework Based on Deep Learning Algorithms

Abstract: Recent technological developments in computer systems transfer human life from real to virtual environments. Covid-19 disease has accelerated this process. Cyber criminals’ interest has shifted in a real to virtual life as well. This is because it is easier to commit a crime in cyberspace rather than regular life. Malicious software (malware) is unwanted software which is frequently used by cyber criminals to launch cyber-attacks. Malware variants are continuing to evolve by using advanced obfuscation and packing techniques. These concealing techniques make malware detection and classification significantly challenging. Novel methods which are quite different from traditional methods must be used to effectively combat with new malware variants. Traditional artificial intelligence (AI) specifically machine learning (ML) algorithms are no longer effective in detecting all new and complex malware variants. Deep learning (DL) approach which is quite different from traditional ML algorithms can be a promising solution to the problem of detecting all variants of malware. In this study, a novel deep-learning-based architecture is proposed which can classify malware variants based on a hybrid model. The main contribution of the study is to propose a new hybrid architecture which integrates two wide-ranging pre-trained network models in an optimized manner. This architecture consists of four main stages, namely: data acquisition, the design of deep neural network architecture, training of the proposed deep neural network architecture, and evaluation of the trained deep neural network. The proposed method tested on Malimg, Microsoft BIG 2015, and Malevis datasets. The experimental results show that the suggested method can effectively classify malware with high accuracy which outperforms the state of the art methods in the literature. When proposed method tested on Malimg dataset, 97.78% accuracy is obtained which is outperformed most of the ML-based malware detection method.

Intelligent Behavior-Based Malware Detection System on Cloud Computing Environment

Abstract: These days, cloud computing is one of the most promising technologies to store information and provide services online efficiently. Using this rapidly developing technology to protect computer-based systems from cyber-related attacks can bring many advantages over traditional protection schemes. The protected assets can be any computer-based systems such as cyber-physical systems (CPS), critical systems, desktop and laptop computers, mobile devices, and Internet of Things (IoT). Malicious software (malware) is any software which targets the computer-based system to launch cyber-attacks to threaten the integrity, confidentiality and availability of the data. To detect the massively growing malware attacks surface, we propose an intelligent behavior-based detection system in the cloud environment. The proposed system first creates a malware dataset on different virtual machines which identify distinctive features efficiently. Then, selected features are given to the learning-based and rule-based detection agents to separate malware from benign samples. Totally, 10,000 program samples have been analyzed to evaluate the performance of the proposed system. The proposed system can detect both known and unknown malware efficiently with high detection and accuracy rate. Besides, the proposed method results have outperformed the leading methods’ results in the literature. Our evaluation results show that the proposed algorithms along with machine learning (ML) classifiers achieve 99.8% detection rate, 0.4% false positive rate, and 99.7% accuracy. Our proposed system and algorithms may assist those who would like to develop a novel malware detection system in the cloud environment.

Investigation of Possibilities to Detect Malware Using Existing Tools

Abstract: Malware stands for malicious software, which is installed on a computer system without the knowledge of the system owner. It performs malicious actions such as stealing confidential information and allowing remote code execution, and it can cause denial of service. Recently, malware creators started to publish new malware, which can bypass anti-malware software, intrusion detection systems (IDS) and sandbox execution. Due to this evasion, the protection of computer networks and computerized systems against these programs has become one of the biggest challenges in the information security realm. This paper proposes a methodology to learn the well-known malware analysis and detection tools, to implement these tools on well-known malware and benign programs and to compare the obtained results. Further, this research will suggest to users how to analyze and detect existing and unknown malware. In a test case, 100 malware and 100 benign program samples were collected from different sources and analyzed under different versions of Windows machines. The test results indicated that it is almost impossible to detect malware by only using one tool. Using static and dynamic analysis tools together increased accuracy and the detection rate. The test results also showed that dynamic malware analysis tools outperformed static analysis tools.

A Comprehensive Systematic Literature Review on Intrusion Detection Systems

Abstract: Effectively detecting intrusions in the computer networks still remains problematic. This is because cyber attackers are changing packet contents to disguise the intrusion detection system (IDS) recently. Besides, everyday a lot of new devices are added to the computer networks. These new devices are also raising security issues in the computer networks. To effectively manage the computer network flows and provide the security in advance; the components of the IDSs, the approaches and technologies that are used, the nature of the attacks, and the tools that are used needs to be examined deeply. This paper discusses intrusion detection technologies, methodologies, and approaches and also investigates new attack types, protection mechanisms, and recent scientific studies that have been made in this area. In addition, available datasets, well-known IDS tools, and advantages and disadvantages of particular IDSs are explained deeply. We believe that this scientific review study presents a road map for researchers and industry employees who focus on IDSs.

A Comprehensive Review on Malware Detection Approaches

Abstract: According to the recent studies, malicious software (malware) is increasing at an alarming rate, and some malware can hide in the system by using different obfuscation techniques. In order to protect computer systems and the Internet from the malware, the malware needs to be detected before it affects a large number of systems. Recently, there have been made several studies on malware detection approaches. However, the detection of malware still remains problematic. Signature-based and heuristic-based detection approaches are fast and efficient to detect known malware, but especially signature-based detection approach has failed to detect unknown malware. On the other hand, behavior-based, model checking-based, and cloud-based approaches perform well for unknown and complicated malware; and deep learning-based, mobile devices-based, and IoT-based approaches also emerge to detect some portion of known and unknown malware. However, no approach can detect all malware in the wild. This shows that to build an effective method to detect malware is a very challenging task, and there is a huge gap for new studies and methods. This paper presents a detailed review on malware detection approaches and recent detection methods which use these approaches. Paper goal is to help researchers to have a general idea of the malware detection approaches, pros and cons of each detection approach, and methods that are used in these approaches.

Hybrid Malware Classification Method Using Segmentation-Based Fractal Texture Analysis and Deep Convolution Neural Network Features

Abstract: As the number of internet users increases so does the number of malicious attacks using malware. The detection of malicious code is becoming critical, and the existing approaches need to be improved. Here, we propose a feature fusion method to combine the features extracted from pre-trained AlexNet and Inception-v3 deep neural networks with features attained using segmentation-based fractal texture analysis (SFTA) of images representing the malware code. In this work, we use distinctive pre-trained models (AlexNet and Inception-V3) for feature extraction. The purpose of deep convolutional neural network (CNN) feature extraction from two models is to improve the malware classifier accuracy, because both models have characteristics and qualities to extract different features. This technique produces a fusion of features to build a multimodal representation of malicious code that can be used to classify the grayscale images, separating the malware into 25 malware classes. The features that are extracted from malware images are then classified using different variants of support vector machine (SVM), k-nearest neighbor (KNN), decision tree (DT), and other classifiers. To improve the classification results, we also adopted data augmentation based on affine image transforms. The presented method is evaluated on a Malimg malware image dataset, achieving an accuracy of 99.3%, which makes it the best among the competing approaches.

Tight Arms Race: Overview of Current Malware Threats and Trends in Their Detection

Abstract: Cyber attacks are currently blooming, as the attackers reap significant profits from them and face a limited risk when compared to committing the “classical” crimes. One of the major components that leads to the successful compromising of the targeted system is malicious software. It allows using the victim’s machine for various nefarious purposes, e.g., making it a part of the botnet, mining cryptocurrencies, or holding hostage the data stored there. At present, the complexity, proliferation, and variety of malware pose a real challenge for the existing countermeasures and require their constant improvements. That is why, in this paper we first perform a detailed meta-review of the existing surveys related to malware and its detection techniques, showing an arms race between these two sides of a barricade. On this basis, we review the evolution of modern threats in the communication networks, with a particular focus on the techniques employing information hiding. Next, we present the bird’s eye view portraying the main development trends in detection methods with a special emphasis on the machine learning techniques. The survey is concluded with the description of potential future research directions in the field of malware detection.