Development of a machine learning based fileless malware filter system for cyber-security

Authors

  • Umaru C. Obini Department of Computer Science, Ebonyi State University, P.M.B. 053, Abakaliki, Nigeria
  • Chukwu Jeremiah Department of Computer Science, Ebonyi State University, P.M.B. 053, Abakaliki, Nigeria
  • Sylvester A. Igwe Department of Computer Science, Ebonyi State University, P.M.B. 053, Abakaliki, Nigeria

Keywords:

Perturbated, Malware, Cyber-attack, Filter

Abstract

Over the years, the increased rate of perturbated malware based cyber-attack has presented many challenges and triggered the need for immediate solution all over the world. This was addressed in this paper development of a machine learning based fileless malware filter system for cyber security. Fileless malware which can come inform of Memory Resident Fileless malware or Windows Registry fileless malware are known to have no executable files, resides in the system memory or the windows registry. It doesn’t write any files to disk making it very challenging to detect us[1]ing traditional signature-based methods. It often leverage legitimate tools such as Windows Management Instrumentation and PowerShell to carry out its malicious activities. The methods used were data collection, data extraction, Deep Neural Network (DNN), activation function, training algorithm and classification. The methods were designed using structural and mathematical approaches which employed architectural diagrams, flow charts and self-defining equations to develop the new system. The training of the DNN was done using Gradient Descent Algorithms (GDA) to generate the malware filter algorithm. The filters were implemented with Simulink, tested and validated. The results were also evaluated using Regression (R) and Mean Square Error (MSE analyzer) and it showed R values of 0.9931 and MSE performance also recorded 0.002088Mu. This implied that the filter developed was able to detect and remove malware on the network.

 

Dimensions

F. O. Catak, J. Ahmed, K. Sahinbas & Z. H. Khand, “Data augmenta tion based malware detection using convolutional neural networks”, Peerj computer science 7 (2021) e346. https://acikerisim.medipol.edu.tr/xmlui/handle/20.500.12511/6585.

I. Chibueze, A. I. Ifeanyi & A. O. Chukwuemeka, “Threats and secu rity measures on wireless local area networks”, Advances in Applied Science Research, 5 (2014) 4. https://www.primescholars.com/abstract/threats-and-security-measures-on-wireless-local-area-networks-89258.html.

F. U. Onu, S. E. Eneji & G. Anigbogu, “The effect of object oriented programming on the implementation of biometric security system for electronic banking transactions”, International Journal of Science and Research, 5 (2016). https://www.ijsr.net/getabstract.php?paperid=3071601.

O. C. Agwu, A model of hybrid agent software system for combating indigeneous spam on GSM platform, Ph.D. dissertation, Computer Science, Ebonyi State University, Abakiliki, Ebonyi State (2016).

B. Heenaa & M. Mehtre, “Advances in Malware Detection-An Overview”, Computer Science Cryptography and Security, Cornell University. https://arxiv.org/abs/2104.01835.

M. Graeber, “Abusing windows management instrumentation (wmi) to build a persistent, asyncronous, and fileless backdoor”, Black Hat. Las Vegas, NV, USA, 2015. https://www.securitynewspaper.com/2015/10/10/abusing-windows-management-instrumentation-wmi-to-build-a-persistent-asynchronous-and-fileless-backdoor/.

T. R. Reshmi, “Information security breaches due to ransomware attacks a systematic literature review”. International Journal of Information Management Data Insights 1 (2021) 2. https://www.sciencedirect.com/science/article/pii/S2667096821000069.

G. Lee, S. Shim, B. Cho, T. Kim & K. Kim, “Fileless cyberattacks: Analysis and classification”, ETRI Journal 43 (2021) 2. https://onlinelibrary.wiley.com/doi/full/10.4218/etrij.2020-0086.

X. Liu, J. Zhang, Y. Lin & H. Li, ATMPA: attacking machine learning based malware visualization detection methods via adversarial examples, 2019 IEEE/ACM 27th International Symposium on Quality of Service (IWQoS), Phoenix, AZ, USA, June 24–25, 2019, pp. 1–10. https://doi.org/10.1145/3326285.3329073.

C. Ituma & T. C. Asogwa, “The Application Of Machine Learning for Digital Recognition of Identical Twins to Support Global Crime Investigation” International Journal of Computer Science and Engineering (IJCSE) 4 (2018) 12. https://www.ijltemas.in/DigitalLibrary/Vol.7Issue12/18-25.pdf.

S. Kumar, U. Dohare, K. Kumar, D. P. Dora, K. N. Qureshi & R. Kharel, “Cybersecurity measures for geocasting in vehicular cyber physical system environments”, IEEE Internet of Things Journal, 6 (2018) 4.

https://ieeexplore.ieee.org/abstract/document/8474336/.

S. M. Pontiroli & F. R. Martinez, The tao of. net and powershell malware analysis, Virus bulletin conference, 2015, pp. 184–196. https://www.virusbulletin.com/conference/vb2015/abstracts/tao-net-and-powershell-malware-analysis.

The new breed of fileless malware and how it can be stopped with behavioural analytics and machine learning by P. Borkar. [Online]. Visited February, 02, 2020. https://www.exabeam.com/blog/ueba/the-new-breed-of-fileless-malware-and-how-it-can-be-stopped-with-behavioral-analytics-and-machine-learning/.

A. Bahramali, M. Nasr, A. Houmansadr, D. Goeckel, & D. Towsley, Ro bust adversarial attacks against DNN-based wireless communication systems, ACM SIGSAC Conference on Computer and Communications Security, Republic of Korea, 2021, pp. 126–140. https://dl.acm.org/doi/abs/10.1145/3460120.3484777.

J. C. Kimmell, M. Abdelsalam & M. Gupta, Analyzing machine learning approaches for online malware detection in cloud, 2021 IEEE International Conference on Smart Computing (SMARTCOMP), Irvine, California, USA, 2021, pp. 189–196. https://ieeexplore.ieee.org/abstract/document/9556309/.

T. Ronghua, An integrated malware detection and classification system, PhD. dissertation, Deakin University, Australia, 2011. https://dro.deakin.edu.au/articles/thesis/An_integrated_malware_detection_and_classification_system/21101719/1/files/37442527.pdf.

D. Xue, J. Li, T. Lv,W. Wu & J. Wang, “Malware classification using probability scoring and machine learning”, IEEE Access 7 (2019) 91641. https://ieeexplore.ieee.org/abstract/document/8758215.

Y. Shi, Y. E. Sagduyu, T. Erpek, K. Davaslioglu, Z. Lu & J. H. Li, Adversarial deep learning for cognitive radio security: Jamming attack and defense strategies, IEEE international conference on communications

workshops (ICC Workshops), Kansas City, MO, USA, 2018, pp. 1–6. https://ieeexplore.ieee.org/abstract/document/8403655.

B. Kim, Y. E. Sagduyu, T. Erpek, K., Davaslioglu & S. Ulukus, Adver sarial attacks with multiple antennas against deep learning-based modulation classifiers, IEEE Globecom Workshops (GC Wkshps), Taipei, Taiwan, 2020, pp. 1-6. https://ieeexplore.ieee.org/abstract/document/9367473/.

D. Birkic, A. Primuzak, & P. Silvija, “Integral quality management in a Continental tourism destination: shown on the example of Pozega Slavonia County the City of Pozega”, In 8. medjunarodni znanstveni simpozij: Gospodarstvo istocne Hrvatske–vizija i razvoj, 8th International Scientific Symposium: Economy of Eastern Croatia–Vision and Growth, Croatia, 2019, pp. 663–680. https://www.croris.hr/crosbi/publikacija/prilog-skup/687659.

V. Nair & G. E. Hinton, Rectified linear units improve restricted Boltzmann machines, 27th International Conference on Machine Learning (ICML10), Haifa, Israel, 2010, pp. 807–814. https://dl.acm.org/doi/abs/10.5555/3104322.3104425.

J. Saxe & K. Berlin, Deep neural network based malware detection using two dimensional binary program features, 10th international conference on malicious and unwanted software (MALWARE), ajardo, PR, USA, 2015, pp. 11–20. https://ieeexplore.ieee.org/document/7413680/.

J. Feng & S. Lu, “Performance analysis of various activation functions in artificial neural networks”, Journal of physics: conference series 1237 (2019) 2. https://iopscience.iop.org/article/10.1088/1742-6596/1237/2/022030/meta.

V. Nair & G. E. Hinton, Rectified linear units improve restricted boltzmann machines, Proceedings of the 27th international conference on machine learning (ICML-10), Haifa, Israel, 2010, pp. 807–814. https://dl.acm.org/doi/abs/10.5555/3104322.3104425.

5 Algorithms to Train Neural Network by Q. Alberto. (2018). Neural Designer; Data Science and Machine learning Blog; ARTELNICS. https://www.neuraldesigner.com/learning/.

FFNN architectural model.

Published

2024-09-29

How to Cite

Development of a machine learning based fileless malware filter system for cyber-security. (2024). Journal of the Nigerian Society of Physical Sciences, 6(4), 2192. https://doi.org/10.46481/jnsps.2024.2192

How to Cite

Development of a machine learning based fileless malware filter system for cyber-security. (2024). Journal of the Nigerian Society of Physical Sciences, 6(4), 2192. https://doi.org/10.46481/jnsps.2024.2192