entropy-logo

Journal Browser

Journal Browser

Statistical Methods in Malware Mitigation

A special issue of Entropy (ISSN 1099-4300). This special issue belongs to the section "Signal and Data Analysis".

Deadline for manuscript submissions: closed (15 May 2021) | Viewed by 6360

Special Issue Editors


E-Mail Website
Guest Editor
Department of Computer Science, Middlesex University London, London NW4 4BG, UK
Interests: machine learning; malware analysis; software testing; social network analysis; graph-based clustering

E-Mail Website
Guest Editor
1. IMDEA Networks, Madrid, Spain
2. King’s College London, London WC2B 4BG, UK
Interests: android malware detection; cryptomining; machine learning; systems security; malware analysis

Special Issue Information

Dear Colleagues,

“Antivirus is dead”, as Brian Dye (senior vice president of Symantec) said in 2014. Malware grows exponentially, and the current detection techniques can hardly be scaled up to match the requirements they are supposed to meet. The introduction of machine learning and other statistical methods during the last decade has been a particularly disruptive step in fighting this arms race, but adversarial machine learning has proved that we are still far away from making a significant contribution to mitigating malware for good. Nevertheless, strengthening statistical models and making them robust can be the piece of the puzzle that we have been missing to detect the so-called “invariant” that will lead us to distinguish between malicious and legitimate software.

This Special Issue focuses on a compendium of modern statistical techniques that aim to find the next disruptive step in the malware detection and classification arms race. We aim to understand the perspective of both the attacker and the defender. Our different techniques include machine learning, bio-inspired algorithms, Markov and Monte Carlo methods, information theory-based approaches, and also adversarial techniques to either evade detecting or measuring the robustness of malware detection and classification techniques. We also cover different application scenarios apart from desktop malware, such as the Internet of Things and network security.

Dr. Héctor D. Menéndez
Prof. Dr. Guillermo Suárez-Tangil
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Entropy is an international peer-reviewed open access monthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2600 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • Machine learning for malware mitigation
  • Markov and Monte Carlo methods for Malware mitigation
  • Bio-inspired methods for malware mitigation
  • Information theory-based methods for malware mitigation
  • Adversarial techniques and malware mitigation
  • Malware mitigation and android
  • Malware mitigation methods in IoT environments
  • Malware mitigation methods in network security
  • Adversarial techniques in different security contexts
  • The security of machine learning

Benefits of Publishing in a Special Issue

  • Ease of navigation: Grouping papers by topic helps scholars navigate broad scope journals more efficiently.
  • Greater discoverability: Special Issues support the reach and impact of scientific research. Articles in Special Issues are more discoverable and cited more frequently.
  • Expansion of research network: Special Issues facilitate connections among authors, fostering scientific collaborations.
  • External promotion: Articles in Special Issues are often promoted through the journal's social media, increasing their visibility.
  • e-Book format: Special Issues with more than 10 articles can be published as dedicated e-books, ensuring wide and rapid dissemination.

Further information on MDPI's Special Issue polices can be found here.

Published Papers (2 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Research

16 pages, 512 KiB  
Article
Multivariable Heuristic Approach to Intrusion Detection in Network Environments
by Marcin Niemiec, Rafał Kościej and Bartłomiej Gdowski
Entropy 2021, 23(6), 776; https://doi.org/10.3390/e23060776 - 19 Jun 2021
Cited by 6 | Viewed by 2773
Abstract
The Internet is an inseparable part of our contemporary lives. This means that protection against threats and attacks is crucial for major companies and for individual users. There is a demand for the ongoing development of methods for ensuring security in cyberspace. A [...] Read more.
The Internet is an inseparable part of our contemporary lives. This means that protection against threats and attacks is crucial for major companies and for individual users. There is a demand for the ongoing development of methods for ensuring security in cyberspace. A crucial cybersecurity solution is intrusion detection systems, which detect attacks in network environments and responds appropriately. This article presents a new multivariable heuristic intrusion detection algorithm based on different types of flags and values of entropy. The data is shared by organisations to help increase the effectiveness of intrusion detection. The authors also propose default values for parameters of a heuristic algorithm and values regarding detection thresholds. This solution has been implemented in a well-known, open-source system and verified with a series of tests. Additionally, the authors investigated how updating the variables affects the intrusion detection process. The results confirmed the effectiveness of the proposed approach and heuristic algorithm. Full article
(This article belongs to the Special Issue Statistical Methods in Malware Mitigation)
Show Figures

Figure 1

19 pages, 426 KiB  
Article
Getting Ahead of the Arms Race: Hothousing the Coevolution of VirusTotal with a Packer
by Héctor D. Menéndez, David Clark and Earl T. Barr
Entropy 2021, 23(4), 395; https://doi.org/10.3390/e23040395 - 26 Mar 2021
Cited by 10 | Viewed by 2919
Abstract
Malware detection is in a coevolutionary arms race where the attackers and defenders are constantly seeking advantage. This arms race is asymmetric: detection is harder and more expensive than evasion. White hats must be conservative to avoid false positives when searching for malicious [...] Read more.
Malware detection is in a coevolutionary arms race where the attackers and defenders are constantly seeking advantage. This arms race is asymmetric: detection is harder and more expensive than evasion. White hats must be conservative to avoid false positives when searching for malicious behaviour. We seek to redress this imbalance. Most of the time, black hats need only make incremental changes to evade them. On occasion, white hats make a disruptive move and find a new technique that forces black hats to work harder. Examples include system calls, signatures and machine learning. We present a method, called Hothouse, that combines simulation and search to accelerate the white hat’s ability to counter the black hat’s incremental moves, thereby forcing black hats to perform disruptive moves more often. To realise Hothouse, we evolve EEE, an entropy-based polymorphic packer for Windows executables. Playing the role of a black hat, EEE uses evolutionary computation to disrupt the creation of malware signatures. We enter EEE into the detection arms race with VirusTotal, the most prominent cloud service for running anti-virus tools on software. During our 6 month study, we continually improved EEE in response to VirusTotal, eventually learning a packer that produces packed malware whose evasiveness goes from an initial 51.8% median to 19.6%. We report both how well VirusTotal learns to detect EEE-packed binaries and how well VirusTotal forgets in order to reduce false positives. VirusTotal’s tools learn and forget fast, actually in about 3 days. We also show where VirusTotal focuses its detection efforts, by analysing EEE’s variants. Full article
(This article belongs to the Special Issue Statistical Methods in Malware Mitigation)
Show Figures

Figure 1

Back to TopTop