Skip to main content
SpringerLink
Log in

Artificial intelligence-based antivirus in order to detect malware preventively

  • Regular Paper
  • Published:
Progress in Artificial Intelligence Aims and scope Submit manuscript

Abstract

The proposed paper investigates commercial antiviruses. About 17% of the antiviruses did not recognize the existence of the malicious samples analyzed. In order to overcome the limitations of commercial antiviruses, this project creates an antivirus able to identify the modus operandi of a malware application before it is even executed by the user. In the proposed methodology, the features extracted from the executables are the input attributes of artificial neural networks. The classification of neural networks aims to group executables of 32-bit architectures into two classes: benign and malware. In total, 6272 executables are used in order to validate the proposed methodology. The proposed antivirus achieves an average performance of 98.32% in the distinction between benign and malware executables, accompanied by an average response time of only 0.07 s. Our antivirus is statistically superior and more effective when compared to the best state-of-the-art antivirus. The limitations of commercial antiviruses can be catering for artificial intelligence techniques based on machine learning. Instead of empirical and heuristic models, the proposed work identifies, in a statistical way, behaviors previously classified as suspects in real time.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

Similar content being viewed by others

Notes

  1. Windows PE format. Available in https://docs.microsoft.com/en-us/windows/desktop/debug/pe-format. Accessed on June 2019.

  2. TheZoo: 32-bit architectures malwares executable databases. Available in: https://github.com/ytisf/theZoo. Accessed on November 2018.

  3. Sourceforge: Benign Application Repository. Available in: https://sourceforge.net/. Accessed on November 2018.

  4. Github: Benign Application Repository. Available in: https://github.com/. Accessed on November 2018.

  5. Sysinternals: Benign Application Repository. Available in: https://live.sysinternals.com/. Accessed on November 2018.

  6. PE (Portable Executable) file explorer. Available in: http://www.heaventools.com/. Accessed on February 2019.

  7. IDA: multiprocessor disassembler. Available in: https://www.hex-rays.com/products/ida/. Accessed on February 2019.

References

  1. INTEL. McAfee Labs: Threat Report. https://www.mcafee.com/us/resources/reports/rp-quarterly-threats-mar-2017.pdf. Accessed on Apr 2020

  2. CISCO 2018 Annual Cybersecurity Report. https://www.cisco.com/c/dam/m/hu_hu/campaigns/security-hub/pdf/acr-2018.pdf. Accessed on June 2020

  3. Huda, S., et al.: A defending unknown attacks on cyber-physical systems by semi-supervised approach and available unlabeled data. Inf. Sci. 379, 211–228 (2017)

    Article  Google Scholar 

  4. Fan, Y., Ye, Y., Chen, L.: Malicious sequential pattern mining for automatic malware detection. Exp. Syst. Appl. 52, 16–25 (2016)

    Article  Google Scholar 

  5. Nissim, N., Moskovith, R., Rokach, L., Elovici, Y.: Novel active learning methods for enhanced PC malware detection in windows OS. Exp. Syst. Appl. 41, 5843–5857 (2014)

    Article  Google Scholar 

  6. Ahmed, A.E.E., Maarof, M.A., Barry, B.I.A., Hamza, H.: Enhancing the detection of metamorphic malware using call graphs. Comput. Secur. 46, 62–78 (2014)

    Article  Google Scholar 

  7. Eskandari, M., Hashemi, S.: A graph mining approach for detecting unknown malwares. J. Vis. Lang. Comput. 23, 154–162 (2012)

    Article  Google Scholar 

  8. Perdisci, R., Lanzi, A., Lee, W.: Classification of packed executables for accurate computer virus detection. Pattern Recognit. Lett. 29, 1941–1946 (2008)

    Article  Google Scholar 

  9. REWEMA (Retrieval of 32-bit Windows Architecture Executables Applied to Malware Analysis). https://github.com/rewema/rewema. Accessed on Feb 2020

  10. VIRUSTOTAL. Online service in order to identify malware files by main commercial antiviruses worldwide. https://www.virustotal.com. Accessed on Feb 2020

  11. VXHEAVEN. 32-bit architectures malwares executable databases. http://vxheaven.org/. Accessed on June 2017

  12. Amor, N.B., Benferhat, S., Elouedi, Z.: Naive Bayes vs decision trees in intrusion detection systems. In: Proceedings of the 2004 ACM Symposium on Applied Computing, pp. 420–424 (2004)

  13. Huang, G.B., Zhou, H., Ding, X.E., Zhang, R.: Extreme learning machine for regression and multiclass classification. IEEE Trans. Syst. Man Cybern. 42(2), 513–519 (2012)

    Article  Google Scholar 

  14. Lima, S.M.L.: Limitation of COTS antiviruses: issues, controversies, and problems of COTS antiviruses. In: Cruz-Cunha, M.M., Mateus-Coelho, N.R. (eds.) Handbook of Research on Cyber Crime and Information Privacy, vol. 1, 1st edn. IGI Global, Hershey (2020)

    Google Scholar 

  15. Mohammed, M., Khan, M., Bashier, E.: Machine Learning: Algorithms and Applications. CRC Press, Boca Raton (2016)

    Book  Google Scholar 

  16. Hecht-Nielsen, R.: Kolmogorov’s mapping neural network existence theorem. In: IEEE First Annual International Conference on Neural Networks, vol. 3, pp. 11–13 (1987)

  17. Hagan, M.T., Demuth, H.B., Beale, M.H.: Neural Network Design. Martin Hagan, Oklahoma State University, Stillwater (2014)

    Google Scholar 

  18. Aminifard, Z., Babaie-Kafaki, S.: A restart scheme for the Dai–Liao conjugate gradient method by ignoring a direction of maximum magnification by the search direction matrix. RAIRO Oper. Res. 54, 981–991 (2020)

    Article  MathSciNet  Google Scholar 

  19. Notay, Y.: Flexible conjugate gradients. SIAM J. Sci. Comput. 22(4), 1444 (2000). https://doi.org/10.1137/S1064827599362314

    Article  MathSciNet  MATH  Google Scholar 

  20. Al-Bayati, A., Saleh, I.A., Abbo, K.K.: Conjugate gradient back-propagation with modified Polack–Rebier updates for training feed forward neural network. Iraqi J. Stat. Sci. 11(20), 164–173 (2011)

    Google Scholar 

  21. Yue, X., Guo, Y., Wang, J., Mao, X., Lei, X.: Water pollution forecasting model of the back-propagation neural network based on one step secant algorithm. In: International Conference on Information Computing and Applications, vol. 105. Springer, Berlin (2010)

  22. Hermanto, R.P., Suharjito, D., Nugroho, A.: Waiting-time estimation in bank customer queues using RPROP neural networks. Procedia Comput. Sci. 135, 35–42 (2018)

    Article  Google Scholar 

  23. Nagamalai, D., Renault, E., Dhanuskodi, M.: Trends in Computer Science, Engineering and Information Technology. Communications in Computer and Information Science, vol. 204. Springer, Berlin (2011)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Electronics and Systems Department, Federal University of Pernambuco, Arquitetura Avenue No Number, Block A, 4th Andar, Cidade Universitária, Recife, Brazil

    Sidney M. L. de Lima

  2. Tempest Security Intelligence, Alfândega Street n.35, Bairro Do Recife, Recife, Brazil

    Heverton K. de L. Silva & João H. da S. Luz

  3. São Miguel Faculty, Conde da Boa Vista Avenue n. 1410, Boa Vista, Recife, Brazil

    Hercília J. do N. Lima, Samuel L. de P. Silva, Anna B. A. de Andrade & Alisson M. da Silva

Authors
  1. Sidney M. L. de Lima
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Heverton K. de L. Silva
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. João H. da S. Luz
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Hercília J. do N. Lima
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Samuel L. de P. Silva
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Anna B. A. de Andrade
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Alisson M. da Silva
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sidney M. L. de Lima.

Ethics declarations

Conflict of interest

The authors declare that they have no conflict of interest.

Human and animal rights participants

The authors declare that no human participants were involved in this research.

Informed consent

This research did not include healthcare intervention of human participants.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

de Lima, S.M.L., Silva, H.K.d.L., Luz, J.H.d.S. et al. Artificial intelligence-based antivirus in order to detect malware preventively. Prog Artif Intell 10, 1–22 (2021). https://doi.org/10.1007/s13748-020-00220-4

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13748-020-00220-4

Keywords

Search

Navigation