Carlos Henrique Macedo dos Santos , Sidney Marlon Lopes de Lima
{"title":"XAI 驱动的反病毒软件在碉堡恶意软件模式识别中的应用","authors":"Carlos Henrique Macedo dos Santos , Sidney Marlon Lopes de Lima","doi":"10.1016/j.jocs.2024.102389","DOIUrl":null,"url":null,"abstract":"<div><h3>Background and Objective:</h3><p>The constant growth of invasions and information theft by using infected software has always been a problem. According to McAfee labs in 2020, on average, 480 new viruses are created each hour. The means of identifying such threats, categorizing and creating vaccines may not be that fast. Thanks to the increasing processing power and the popularity of artificial intelligence, it is now possible to integrate intelligence on an antivirus engine to enhance its protecting capabilities. And doing so with good algorithms and parameterization can be a key asset in securing one’s environment. In this work we analyze the overall performance of our antivirus and compare it with other state-of-art antiviruses.</p></div><div><h3>Methods:</h3><p>In this work, we create an extreme neural network which can perform quick training time and have satisfactory accuracy when classifying unknown files that may or may not be infected with Citadel. Our virus database is built with many examples of well-known infected files, and our results are compared with other intelligent antiviruses created by other companies and/or researchers.</p><p>The proposed technique stands out as a beneficial practice in terms of efficiency and interpretability; it achieves a very reduced number of neurons through its thorough pruning process. This reduction of dimensionality shrinks the input layer by 98%, enhancing not only data interpretation but also reducing the time required for training.</p></div><div><h3>Results:</h3><p>Our antivirus achieves an overall performance of 98.50% when distinguishing harmless and malicious portable executable (PE) programs. To enhance accuracy, we conducted tests under various initial conditions, learning functions, and architectures. Our successful results consumes only 0.19 s of training when using the complete training database and the response time is so immediate that the computer rounds it to 0.00 s.</p></div><div><h3>Conclusions:</h3><p>In this work, we conclude that mELM implementations are viable, and their performance can match state-of-the-art ones. It’s training and classification times are among the fastest of the algorithms tested, and the accuracy in detecting Citadel-infected PEs is acceptable.</p></div>","PeriodicalId":48907,"journal":{"name":"Journal of Computational Science","volume":"82 ","pages":"Article 102389"},"PeriodicalIF":3.1000,"publicationDate":"2024-07-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"XAI-driven antivirus in pattern identification of citadel malware\",\"authors\":\"Carlos Henrique Macedo dos Santos , Sidney Marlon Lopes de Lima\",\"doi\":\"10.1016/j.jocs.2024.102389\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><h3>Background and Objective:</h3><p>The constant growth of invasions and information theft by using infected software has always been a problem. According to McAfee labs in 2020, on average, 480 new viruses are created each hour. The means of identifying such threats, categorizing and creating vaccines may not be that fast. Thanks to the increasing processing power and the popularity of artificial intelligence, it is now possible to integrate intelligence on an antivirus engine to enhance its protecting capabilities. And doing so with good algorithms and parameterization can be a key asset in securing one’s environment. In this work we analyze the overall performance of our antivirus and compare it with other state-of-art antiviruses.</p></div><div><h3>Methods:</h3><p>In this work, we create an extreme neural network which can perform quick training time and have satisfactory accuracy when classifying unknown files that may or may not be infected with Citadel. Our virus database is built with many examples of well-known infected files, and our results are compared with other intelligent antiviruses created by other companies and/or researchers.</p><p>The proposed technique stands out as a beneficial practice in terms of efficiency and interpretability; it achieves a very reduced number of neurons through its thorough pruning process. This reduction of dimensionality shrinks the input layer by 98%, enhancing not only data interpretation but also reducing the time required for training.</p></div><div><h3>Results:</h3><p>Our antivirus achieves an overall performance of 98.50% when distinguishing harmless and malicious portable executable (PE) programs. To enhance accuracy, we conducted tests under various initial conditions, learning functions, and architectures. Our successful results consumes only 0.19 s of training when using the complete training database and the response time is so immediate that the computer rounds it to 0.00 s.</p></div><div><h3>Conclusions:</h3><p>In this work, we conclude that mELM implementations are viable, and their performance can match state-of-the-art ones. It’s training and classification times are among the fastest of the algorithms tested, and the accuracy in detecting Citadel-infected PEs is acceptable.</p></div>\",\"PeriodicalId\":48907,\"journal\":{\"name\":\"Journal of Computational Science\",\"volume\":\"82 \",\"pages\":\"Article 102389\"},\"PeriodicalIF\":3.1000,\"publicationDate\":\"2024-07-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Computational Science\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S1877750324001820\",\"RegionNum\":3,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Computational Science","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1877750324001820","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS","Score":null,"Total":0}
XAI-driven antivirus in pattern identification of citadel malware
Background and Objective:
The constant growth of invasions and information theft by using infected software has always been a problem. According to McAfee labs in 2020, on average, 480 new viruses are created each hour. The means of identifying such threats, categorizing and creating vaccines may not be that fast. Thanks to the increasing processing power and the popularity of artificial intelligence, it is now possible to integrate intelligence on an antivirus engine to enhance its protecting capabilities. And doing so with good algorithms and parameterization can be a key asset in securing one’s environment. In this work we analyze the overall performance of our antivirus and compare it with other state-of-art antiviruses.
Methods:
In this work, we create an extreme neural network which can perform quick training time and have satisfactory accuracy when classifying unknown files that may or may not be infected with Citadel. Our virus database is built with many examples of well-known infected files, and our results are compared with other intelligent antiviruses created by other companies and/or researchers.
The proposed technique stands out as a beneficial practice in terms of efficiency and interpretability; it achieves a very reduced number of neurons through its thorough pruning process. This reduction of dimensionality shrinks the input layer by 98%, enhancing not only data interpretation but also reducing the time required for training.
Results:
Our antivirus achieves an overall performance of 98.50% when distinguishing harmless and malicious portable executable (PE) programs. To enhance accuracy, we conducted tests under various initial conditions, learning functions, and architectures. Our successful results consumes only 0.19 s of training when using the complete training database and the response time is so immediate that the computer rounds it to 0.00 s.
Conclusions:
In this work, we conclude that mELM implementations are viable, and their performance can match state-of-the-art ones. It’s training and classification times are among the fastest of the algorithms tested, and the accuracy in detecting Citadel-infected PEs is acceptable.
期刊介绍:
Computational Science is a rapidly growing multi- and interdisciplinary field that uses advanced computing and data analysis to understand and solve complex problems. It has reached a level of predictive capability that now firmly complements the traditional pillars of experimentation and theory.
The recent advances in experimental techniques such as detectors, on-line sensor networks and high-resolution imaging techniques, have opened up new windows into physical and biological processes at many levels of detail. The resulting data explosion allows for detailed data driven modeling and simulation.
This new discipline in science combines computational thinking, modern computational methods, devices and collateral technologies to address problems far beyond the scope of traditional numerical methods.
Computational science typically unifies three distinct elements:
• Modeling, Algorithms and Simulations (e.g. numerical and non-numerical, discrete and continuous);
• Software developed to solve science (e.g., biological, physical, and social), engineering, medicine, and humanities problems;
• Computer and information science that develops and optimizes the advanced system hardware, software, networking, and data management components (e.g. problem solving environments).
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
