* update 2024-04-17 06:17:56

arXiv_db/Malware/2024.md

@@ -942,3 +942,75 @@
 
 </details>
 
+<details>
+
+<summary>2024-04-12 20:18:00 - Generative AI-Based Effective Malware Detection for Embedded Computing Systems</summary>
+
+- *Sreenitha Kasarapu, Sanket Shukla, Rakibul Hassan, Avesta Sasan, Houman Homayoun, Sai Manoj Pudukotai Dinakarrao*
+
+- `2404.02344v2` - [abs](http://arxiv.org/abs/2404.02344v2) - [pdf](http://arxiv.org/pdf/2404.02344v2)
+
+> One of the pivotal security threats for the embedded computing systems is malicious software a.k.a malware. With efficiency and efficacy, Machine Learning (ML) has been widely adopted for malware detection in recent times. Despite being efficient, the existing techniques require a tremendous number of benign and malware samples for training and modeling an efficient malware detector. Furthermore, such constraints limit the detection of emerging malware samples due to the lack of sufficient malware samples required for efficient training. To address such concerns, we introduce a code-aware data generation technique that generates multiple mutated samples of the limitedly seen malware by the devices. Loss minimization ensures that the generated samples closely mimic the limitedly seen malware and mitigate the impractical samples. Such developed malware is further incorporated into the training set to formulate the model that can efficiently detect the emerging malware despite having limited exposure. The experimental results demonstrates that the proposed technique achieves an accuracy of 90% in detecting limitedly seen malware, which is approximately 3x more than the accuracy attained by state-of-the-art techniques.
+
+</details>
+
+<details>
+
+<summary>2024-04-12 20:51:25 - Enhancing IoT Malware Detection through Adaptive Model Parallelism and Resource Optimization</summary>
+
+- *Sreenitha Kasarapu, Sanket Shukla, Sai Manoj Pudukotai Dinakarrao*
+
+- `2404.08808v1` - [abs](http://arxiv.org/abs/2404.08808v1) - [pdf](http://arxiv.org/pdf/2404.08808v1)
+
+> The widespread integration of IoT devices has greatly improved connectivity and computational capabilities, facilitating seamless communication across networks. Despite their global deployment, IoT devices are frequently targeted for security breaches due to inherent vulnerabilities. Among these threats, malware poses a significant risk to IoT devices. The lack of built-in security features and limited resources present challenges for implementing effective malware detection techniques on IoT devices. Moreover, existing methods assume access to all device resources for malware detection, which is often not feasible for IoT devices deployed in critical real-world scenarios. To overcome this challenge, this study introduces a novel approach to malware detection tailored for IoT devices, leveraging resource and workload awareness inspired by model parallelism. Initially, the device assesses available resources for malware detection using a lightweight regression model. Based on resource availability, ongoing workload, and communication costs, the malware detection task is dynamically allocated either on-device or offloaded to neighboring IoT nodes with sufficient resources. To uphold data integrity and user privacy, instead of transferring the entire malware detection task, the classifier is divided and distributed across multiple nodes, then integrated at the parent node for detection. Experimental results demonstrate that this proposed technique achieves a significant speedup of 9.8 x compared to on-device inference, while maintaining a high malware detection accuracy of 96.7%.
+
+</details>
+
+<details>
+
+<summary>2024-04-12 21:28:43 - Empowering Malware Detection Efficiency within Processing-in-Memory Architecture</summary>
+
+- *Sreenitha Kasarapu, Sathwika Bavikadi, Sai Manoj Pudukotai Dinakarrao*
+
+- `2404.08818v1` - [abs](http://arxiv.org/abs/2404.08818v1) - [pdf](http://arxiv.org/pdf/2404.08818v1)
+
+> The widespread integration of embedded systems across various industries has facilitated seamless connectivity among devices and bolstered computational capabilities. Despite their extensive applications, embedded systems encounter significant security threats, with one of the most critical vulnerabilities being malicious software, commonly known as malware. In recent times, malware detection techniques leveraging Machine Learning have gained popularity. Deep Neural Networks (DNNs) and Convolutional Neural Networks (CNNs) have proven particularly efficient in image processing tasks. However, one major drawback of neural network architectures is their substantial computational resource requirements. Continuous training of malware detection models with updated malware and benign samples demands immense computational resources, presenting a challenge for real-world applications. In response to these concerns, we propose a Processing-in-Memory (PIM)-based architecture to mitigate memory access latency, thereby reducing the resources consumed during model updates. To further enhance throughput and minimize energy consumption, we incorporate precision scaling techniques tailored for CNN models. Our proposed PIM architecture exhibits a 1.09x higher throughput compared to existing Lookup Table (LUT)-based PIM architectures. Additionally, precision scaling combined with PIM enhances energy efficiency by 1.5x compared to full-precision operations, without sacrificing performance. This innovative approach offers a promising solution to the resource-intensive nature of malware detection model updates, paving the way for more efficient and sustainable cybersecurity practices.
+
+</details>
+
+<details>
+
+<summary>2024-04-12 21:41:08 - Adversarial Patterns: Building Robust Android Malware Classifiers</summary>
+
+- *Dipkamal Bhusal, Nidhi Rastogi*
+
+- `2203.02121v2` - [abs](http://arxiv.org/abs/2203.02121v2) - [pdf](http://arxiv.org/pdf/2203.02121v2)
+
+> Machine learning models are increasingly being adopted across various fields, such as medicine, business, autonomous vehicles, and cybersecurity, to analyze vast amounts of data, detect patterns, and make predictions or recommendations. In the field of cybersecurity, these models have made significant improvements in malware detection. However, despite their ability to understand complex patterns from unstructured data, these models are susceptible to adversarial attacks that perform slight modifications in malware samples, leading to misclassification from malignant to benign. Numerous defense approaches have been proposed to either detect such adversarial attacks or improve model robustness. These approaches have resulted in a multitude of attack and defense techniques and the emergence of a field known as `adversarial machine learning.' In this survey paper, we provide a comprehensive review of adversarial machine learning in the context of Android malware classifiers. Android is the most widely used operating system globally and is an easy target for malicious agents. The paper first presents an extensive background on Android malware classifiers, followed by an examination of the latest advancements in adversarial attacks and defenses. Finally, the paper provides guidelines for designing robust malware classifiers and outlines research directions for the future.
+
+</details>
+
+<details>
+
+<summary>2024-04-14 20:28:07 - Counteracting Concept Drift by Learning with Future Malware Predictions</summary>
+
+- *Branislav Bosansky, Lada Hospodkova, Michal Najman, Maria Rigaki, Elnaz Babayeva, Viliam Lisy*
+
+- `2404.09352v1` - [abs](http://arxiv.org/abs/2404.09352v1) - [pdf](http://arxiv.org/pdf/2404.09352v1)
+
+> The accuracy of deployed malware-detection classifiers degrades over time due to changes in data distributions and increasing discrepancies between training and testing data. This phenomenon is known as the concept drift. While the concept drift can be caused by various reasons in general, new malicious files are created by malware authors with a clear intention of avoiding detection. The existence of the intention opens a possibility for predicting such future samples. Including predicted samples in training data should consequently increase the accuracy of the classifiers on new testing data.   We compare two methods for predicting future samples: (1) adversarial training and (2) generative adversarial networks (GANs). The first method explicitly seeks for adversarial examples against the classifier that are then used as a part of training data. Similarly, GANs also generate synthetic training data. We use GANs to learn changes in data distributions within different time periods of training data and then apply these changes to generate samples that could be in testing data. We compare these prediction methods on two different datasets: (1) Ember public dataset and (2) the internal dataset of files incoming to Avast. We show that while adversarial training yields more robust classifiers, this method is not a good predictor of future malware in general. This is in contrast with previously reported positive results in different domains (including natural language processing and spam detection). On the other hand, we show that GANs can be successfully used as predictors of future malware. We specifically examine malware families that exhibit significant changes in their data distributions over time and the experimental results confirm that GAN-based predictions can significantly improve the accuracy of the classifier on new, previously unseen data.
+
+</details>
+
+<details>
+
+<summary>2024-04-15 12:51:51 - Layered Uploading for Quantum Convolutional Neural Networks</summary>
+
+- *Grégoire Barrué, Tony Quertier*
+
+- `2404.09750v1` - [abs](http://arxiv.org/abs/2404.09750v1) - [pdf](http://arxiv.org/pdf/2404.09750v1)
+
+> Continuing our analysis of quantum machine learning applied to our use-case of malware detection, we investigate the potential of quantum convolutional neural networks. More precisely, we propose a new architecture where data is uploaded all along the quantum circuit. This allows us to use more features from the data, hence giving to the algorithm more information, without having to increase the number of qubits that we use for the quantum circuit. This approach is motivated by the fact that we do not always have great amounts of data, and that quantum computers are currently restricted in their number of logical qubits.
+
+</details>
+