* update 2024-11-26 06:20:17

arXiv_db/Malware/2024.md

@@ -3598,3 +3598,39 @@
 
 </details>
 
+<details>
+
+<summary>2024-11-21 13:15:26 - Detecting Distributed Denial of Service Attacks Using Logistic Regression and SVM Methods</summary>
+
+- *Mohammad Arafat Ullah, Arthy Anjum, Rashedul Amin Tuhin, Shamim Akhter*
+
+- `2411.14512v1` - [abs](http://arxiv.org/abs/2411.14512v1) - [pdf](http://arxiv.org/pdf/2411.14512v1)
+
+> A distributed denial-of-service (DDoS) attack is an attempt to produce humongous traffic within a network by overwhelming a targeted server or its neighboring infrastructure with a flood of service requests ceaselessly coming from multiple remotely controlled malware-infected computers or network-connected devices. Thus, exploring DDoS attacks by recognizing their functionalities and differentiating them from normal traffic services are the primary concerns of network security issues particularly for online businesses. In modern networks, most DDoS attacks occur in the network and application layer including HTTP flood, UDP flood, SIDDOS, SMURF, SNMP flood, IP NULL, etc. The goal of this paper is to detect DDoS attacks from all service requests and classify them according to DDoS classes. In this regard, a standard dataset is collected from the internet which contains several network-related attributes and their corresponding DDoS attack class name. Two(2) different machine learning approaches, SVM and Logistic Regression, are implemented in the dataset for detecting and classifying DDoS attacks, and a comparative study is accomplished among them in terms of accuracy, precision, and recall rates. Logistic Regression and SVM both achieve 98.65% classification accuracy which is the highest achieved accuracy among other previous experiments with the same dataset.
+
+</details>
+
+<details>
+
+<summary>2024-11-22 05:04:08 - Feature graph construction with static features for malware detection</summary>
+
+- *Binghui Zou, Chunjie Cao, Longjuan Wang, Yinan Cheng, Chenxi Dang, Ying Liu, Jingzhang Sun*
+
+- `2404.16362v2` - [abs](http://arxiv.org/abs/2404.16362v2) - [pdf](http://arxiv.org/pdf/2404.16362v2)
+
+> Malware can greatly compromise the integrity and trustworthiness of information and is in a constant state of evolution. Existing feature fusion-based detection methods generally overlook the correlation between features. And mere concatenation of features will reduce the model's characterization ability, lead to low detection accuracy. Moreover, these methods are susceptible to concept drift and significant degradation of the model. To address those challenges, we introduce a feature graph-based malware detection method, MFGraph, to characterize applications by learning feature-to-feature relationships to achieve improved detection accuracy while mitigating the impact of concept drift. In MFGraph, we construct a feature graph using static features extracted from binary PE files, then apply a deep graph convolutional network to learn the representation of the feature graph. Finally, we employ the representation vectors obtained from the output of a three-layer perceptron to differentiate between benign and malicious software. We evaluated our method on the EMBER dataset, and the experimental results demonstrate that it achieves an AUC score of 0.98756 on the malware detection task, outperforming other baseline models. Furthermore, the AUC score of MFGraph decreases by only 5.884% in one year, indicating that it is the least affected by concept drift.
+
+</details>
+
+<details>
+
+<summary>2024-11-22 13:03:07 - Feasibility Study for Supporting Static Malware Analysis Using LLM</summary>
+
+- *Shota Fujii, Rei Yamagishi*
+
+- `2411.14905v1` - [abs](http://arxiv.org/abs/2411.14905v1) - [pdf](http://arxiv.org/pdf/2411.14905v1)
+
+> Large language models (LLMs) are becoming more advanced and widespread and have shown their applicability to various domains, including cybersecurity. Static malware analysis is one of the most important tasks in cybersecurity; however, it is time-consuming and requires a high level of expertise. Therefore, we conducted a demonstration experiment focusing on whether an LLM can be used to support static analysis. First, we evaluated the ability of the LLM to explain malware functionality. The results showed that the LLM can generate descriptions that cover functions with an accuracy of up to 90.9\%. In addition, we asked six static analysts to perform a pseudo static analysis task using LLM explanations to verify that the LLM can be used in practice. Through subsequent questionnaires and interviews with the participants, we also demonstrated the practical applicability of LLMs. Lastly, we summarized the problems and required functions when using an LLM as static analysis support, as well as recommendations for future research opportunities.
+
+</details>
+