Computer technology shows swift progress that has infiltrated people’s lives with the candidness and pliability of computers to work ease shows security breaches. Thus, malware detection methods perform modifications in running the malware based on behavioral and content factors. The factors are taken into consideration compromises of convergence rate and speed. This research paper proposed a method called fisher exact Boschloo and polynomial vector learning (FEB-PVL) to perform both content and behavioral-based malware detection with early convergence to speed up the process. First, the input dataset is provided as input then fisher exact Boschloo’s test Bernoulli feature extraction model is applied to obtain independent observations of two binary variables. Next, the extracted network features form input to polynomial regression support vector learning to different malware classes from benign classes. The proposed method validates the results with respect to the malware and the benign files. The present research aimed to develop the behaviors to detect the accuracy process of the features that have minimum time speeds the overall performances. The proposed FEB-PVL increases the true positive rate and reduces the false positive rate and hence increasing the precision rate using FEB-PVL by 7% compared to existing approaches.
WEB ATTACK PREDICTION USING STEPWISE CONDITIONAL PARAMETER TUNING IN MACHINE ...IJCNCJournal
There is a rapid growth in internet and website usage. A wide variety of devices are used to access
websites, such as mobile phones, tablets, laptops, and personal computers. Attackers are finding more and
more vulnerabilities on websites that they can exploit for malicious purposes. A web application attack
occurs when cyber criminals gain access to unauthorized areas. Typically, attackers look for
vulnerabilities in web applications at the application layer. SQL injection attacks and Cross Site script
attacks is used to access web applications to obtain sensitive data. A key objective of this work is to
develop new features and investigate how automatic tuning of machine learning techniques can improve
the performance of Web Attack detections that use HTTP CSIC datasets to block and detect attacks. The
Stepwise Conditional parameter tuning in machine learning algorithms is a proposed model. This model is
a dynamic and automated parameter choosing and tuning based on the better outcome. This work also
compares two datasets for performance of the proposed model.
Web Attack Prediction using Stepwise Conditional Parameter Tuning in Machine ...IJCNCJournal
There is a rapid growth in internet and website usage. A wide variety of devices are used to access websites, such as mobile phones, tablets, laptops, and personal computers. Attackers are finding more and more vulnerabilities on websites that they can exploit for malicious purposes. A web application attack occurs when cyber criminals gain access to unauthorized areas. Typically, attackers look for vulnerabilities in web applications at the application layer. SQL injection attacks and Cross Site script attacks is used to access web applications to obtain sensitive data. A key objective of this work is to develop new features and investigate how automatic tuning of machine learning techniques can improve the performance of Web Attack detections that use HTTP CSIC datasets to block and detect attacks. The Stepwise Conditional parameter tuning in machine learning algorithms is a proposed model. This model is a dynamic and automated parameter choosing and tuning based on the better outcome. This work also compares two datasets for performance of the proposed model.
DEF: Deep Ensemble Neural Network Classifier for Android Malware DetectionIJCNCJournal
Malware is one of the threats to security of computer networks and information systems. Since malware instances are available sufficiently, there is increased interest among researchers on usage of Artificial Intelligence (AI). Of late AI-enabled methods such as machine learning (ML) and deep learning paved way for solving many real-world problems. As it is a learning-based approach, accumulated training samples help in improving thequality of training and thus leveraging malware detection accuracy. Existing deep learning methods are focusing on learning-based malware detection systems. However, there is need for improving the state of the art through ensemble approach. Towards this end, in this paper we proposed a framework known as Deep Ensemble Framework (DEF) for automatic malware detection. The framework obtains features from training samples. From given malware instance a grayscale image is generated. There is another process to extract the opcode sequences. Convolutional Neural Network (CNN) and Long Short Term Memory (LSTM) techniques are used to obtain grayscale image and opcode sequence respectively. Afterwards, a stacking ensemble is employed in order to achieve efficient malware detection and classification. Malware samples collected fromthe Internet sources and Microsoft are used for theempirical study. An algorithm known as Ensemble Learning for Automatic Malware Detection (EL-AML) is proposed to realize our framework. Another algorithm named Pre-Process is proposed to assist the EL-AML algorithm for obtaining intermediate features required by CNN and LSTM.Empirical study reveals that our framework outperforms many existing methods in terms of speed-up and accuracy.
DEF: Deep Ensemble Neural Network Classifier for Android Malware DetectionIJCNCJournal
Malware is one of the threats to security of computer networks and information systems. Since malware instances are available sufficiently, there is increased interest among researchers on usage of Artificial Intelligence (AI). Of late AI-enabled methods such as machine learning (ML) and deep learning paved way for solving many real-world problems. As it is a learning-based approach, accumulated training samples help in improving thequality of training and thus leveraging malware detection accuracy. Existing deep learning methods are focusing on learning-based malware detection systems. However, there is need for improving the state of the art through ensemble approach. Towards this end, in this paper we proposed a framework known as Deep Ensemble Framework (DEF) for automatic malware detection. The framework obtains features from training samples. From given malware instance a grayscale image is generated. There is another process to extract the opcode sequences. Convolutional Neural Network (CNN) and Long Short Term Memory (LSTM) techniques are used to obtain grayscale image and opcode sequence respectively. Afterwards, a stacking ensemble is employed in order to achieve efficient malware detection and classification. Malware samples collected fromthe Internet sources and Microsoft are used for theempirical study. An algorithm known as Ensemble Learning for Automatic Malware Detection (EL-AML) is proposed to realize our framework. Another algorithm named Pre-Process is proposed to assist the EL-AML algorithm for obtaining intermediate features required by CNN and LSTM.Empirical study reveals that our framework outperforms many existing methods in terms of speed-up and accuracy.
IRJET- Android Malware Detection using Machine LearningIRJET Journal
This document discusses using machine learning algorithms to detect Android malware. It aims to extract features from Android applications (APKs) and train machine learning models to classify APKs as malware or benign. The proposed approach extracts features from an APK's manifest file and decompiled code to identify permissions, URLs, API calls, and other indicators. Random forest classifiers are trained on a dataset of benign and malicious APKs to detect known malware families. The models can classify new APKs as either malware or benign, and if malware, identify the specific malware family. The approach aims to detect malware with high accuracy while reducing analysis time by processing multiple APKs in parallel.
Verification of the protection services in antivirus systems by using nusmv m...ijfcstjournal
In this paper, a model of protection services in the antivirus system is proposed. The antivirus system
behavior separate in to preventive and control behaviors. We extract the properties which are expected
from the model of antivirus system approach from control behavior in the form of CTL and LTL temporal
logic formulas. To implement the behavior models of antivirus system approach, the ArgoUML tool and the
NuSMV model checker are employed. The results show that the antivirus system approach can detects
fairness, reachability, deadlock free and verify some properties of the proposed model verified by using
NuSMV model checker.
Formal method techniques provides a suitable platform for the software development in software systems.
Formal methods and formal verification is necessary to prove the correctness and improve performance of
software systems in various levels of design and implementation, too. Security Discussion is an important
issue in computer systems. Since the antivirus applications have very important role in computer systems
security, verifying these applications is very essential and necessary. In this paper, we present four new
approaches for antivirus system behavior and a behavioral model of protection services in the antivirus
system is proposed. We divided the behavioral model in to preventive behavior and control behavior and
then we formal these behaviors. Finally by using some definitions we explain the way these behaviors are
mapped on each other by using our new approaches.
IRJET - Survey on Malware Detection using Deep Learning MethodsIRJET Journal
This document discusses various machine learning methods for malware detection, including support vector machines (SVM), random forests, and decision trees. It provides an overview of each method and related works that have applied these techniques. Specifically, it examines analyses that used linear SVM, random forests on Android apps, and an improved decision tree algorithm to classify malware families. The document concludes that machine learning methods have become important for malware detection as signatures alone cannot keep up with new malware variants.
WEB ATTACK PREDICTION USING STEPWISE CONDITIONAL PARAMETER TUNING IN MACHINE ...IJCNCJournal
There is a rapid growth in internet and website usage. A wide variety of devices are used to access
websites, such as mobile phones, tablets, laptops, and personal computers. Attackers are finding more and
more vulnerabilities on websites that they can exploit for malicious purposes. A web application attack
occurs when cyber criminals gain access to unauthorized areas. Typically, attackers look for
vulnerabilities in web applications at the application layer. SQL injection attacks and Cross Site script
attacks is used to access web applications to obtain sensitive data. A key objective of this work is to
develop new features and investigate how automatic tuning of machine learning techniques can improve
the performance of Web Attack detections that use HTTP CSIC datasets to block and detect attacks. The
Stepwise Conditional parameter tuning in machine learning algorithms is a proposed model. This model is
a dynamic and automated parameter choosing and tuning based on the better outcome. This work also
compares two datasets for performance of the proposed model.
Web Attack Prediction using Stepwise Conditional Parameter Tuning in Machine ...IJCNCJournal
There is a rapid growth in internet and website usage. A wide variety of devices are used to access websites, such as mobile phones, tablets, laptops, and personal computers. Attackers are finding more and more vulnerabilities on websites that they can exploit for malicious purposes. A web application attack occurs when cyber criminals gain access to unauthorized areas. Typically, attackers look for vulnerabilities in web applications at the application layer. SQL injection attacks and Cross Site script attacks is used to access web applications to obtain sensitive data. A key objective of this work is to develop new features and investigate how automatic tuning of machine learning techniques can improve the performance of Web Attack detections that use HTTP CSIC datasets to block and detect attacks. The Stepwise Conditional parameter tuning in machine learning algorithms is a proposed model. This model is a dynamic and automated parameter choosing and tuning based on the better outcome. This work also compares two datasets for performance of the proposed model.
DEF: Deep Ensemble Neural Network Classifier for Android Malware DetectionIJCNCJournal
Malware is one of the threats to security of computer networks and information systems. Since malware instances are available sufficiently, there is increased interest among researchers on usage of Artificial Intelligence (AI). Of late AI-enabled methods such as machine learning (ML) and deep learning paved way for solving many real-world problems. As it is a learning-based approach, accumulated training samples help in improving thequality of training and thus leveraging malware detection accuracy. Existing deep learning methods are focusing on learning-based malware detection systems. However, there is need for improving the state of the art through ensemble approach. Towards this end, in this paper we proposed a framework known as Deep Ensemble Framework (DEF) for automatic malware detection. The framework obtains features from training samples. From given malware instance a grayscale image is generated. There is another process to extract the opcode sequences. Convolutional Neural Network (CNN) and Long Short Term Memory (LSTM) techniques are used to obtain grayscale image and opcode sequence respectively. Afterwards, a stacking ensemble is employed in order to achieve efficient malware detection and classification. Malware samples collected fromthe Internet sources and Microsoft are used for theempirical study. An algorithm known as Ensemble Learning for Automatic Malware Detection (EL-AML) is proposed to realize our framework. Another algorithm named Pre-Process is proposed to assist the EL-AML algorithm for obtaining intermediate features required by CNN and LSTM.Empirical study reveals that our framework outperforms many existing methods in terms of speed-up and accuracy.
DEF: Deep Ensemble Neural Network Classifier for Android Malware DetectionIJCNCJournal
Malware is one of the threats to security of computer networks and information systems. Since malware instances are available sufficiently, there is increased interest among researchers on usage of Artificial Intelligence (AI). Of late AI-enabled methods such as machine learning (ML) and deep learning paved way for solving many real-world problems. As it is a learning-based approach, accumulated training samples help in improving thequality of training and thus leveraging malware detection accuracy. Existing deep learning methods are focusing on learning-based malware detection systems. However, there is need for improving the state of the art through ensemble approach. Towards this end, in this paper we proposed a framework known as Deep Ensemble Framework (DEF) for automatic malware detection. The framework obtains features from training samples. From given malware instance a grayscale image is generated. There is another process to extract the opcode sequences. Convolutional Neural Network (CNN) and Long Short Term Memory (LSTM) techniques are used to obtain grayscale image and opcode sequence respectively. Afterwards, a stacking ensemble is employed in order to achieve efficient malware detection and classification. Malware samples collected fromthe Internet sources and Microsoft are used for theempirical study. An algorithm known as Ensemble Learning for Automatic Malware Detection (EL-AML) is proposed to realize our framework. Another algorithm named Pre-Process is proposed to assist the EL-AML algorithm for obtaining intermediate features required by CNN and LSTM.Empirical study reveals that our framework outperforms many existing methods in terms of speed-up and accuracy.
IRJET- Android Malware Detection using Machine LearningIRJET Journal
This document discusses using machine learning algorithms to detect Android malware. It aims to extract features from Android applications (APKs) and train machine learning models to classify APKs as malware or benign. The proposed approach extracts features from an APK's manifest file and decompiled code to identify permissions, URLs, API calls, and other indicators. Random forest classifiers are trained on a dataset of benign and malicious APKs to detect known malware families. The models can classify new APKs as either malware or benign, and if malware, identify the specific malware family. The approach aims to detect malware with high accuracy while reducing analysis time by processing multiple APKs in parallel.
Verification of the protection services in antivirus systems by using nusmv m...ijfcstjournal
In this paper, a model of protection services in the antivirus system is proposed. The antivirus system
behavior separate in to preventive and control behaviors. We extract the properties which are expected
from the model of antivirus system approach from control behavior in the form of CTL and LTL temporal
logic formulas. To implement the behavior models of antivirus system approach, the ArgoUML tool and the
NuSMV model checker are employed. The results show that the antivirus system approach can detects
fairness, reachability, deadlock free and verify some properties of the proposed model verified by using
NuSMV model checker.
Formal method techniques provides a suitable platform for the software development in software systems.
Formal methods and formal verification is necessary to prove the correctness and improve performance of
software systems in various levels of design and implementation, too. Security Discussion is an important
issue in computer systems. Since the antivirus applications have very important role in computer systems
security, verifying these applications is very essential and necessary. In this paper, we present four new
approaches for antivirus system behavior and a behavioral model of protection services in the antivirus
system is proposed. We divided the behavioral model in to preventive behavior and control behavior and
then we formal these behaviors. Finally by using some definitions we explain the way these behaviors are
mapped on each other by using our new approaches.
IRJET - Survey on Malware Detection using Deep Learning MethodsIRJET Journal
This document discusses various machine learning methods for malware detection, including support vector machines (SVM), random forests, and decision trees. It provides an overview of each method and related works that have applied these techniques. Specifically, it examines analyses that used linear SVM, random forests on Android apps, and an improved decision tree algorithm to classify malware families. The document concludes that machine learning methods have become important for malware detection as signatures alone cannot keep up with new malware variants.
Feature Selection using the Concept of Peafowl Mating in IDSIJCNCJournal
Cloud computing has high applicability as an Internet based service that relies on sharing computing resources. Cloud computing provides services that are Infrastructure based, Platform based and Software based. The popularity of this technology is due to its superb performance, high level of computing ability, low cost of services, scalability, availability and flexibility. The obtainability and openness of data in cloud environment make it vulnerable to the world of cyber-attacks. To detect the attacks Intrusion Detection System is used, that can identify the attacks and ensure information security. Such a coherent and proficient Intrusion Detection System is proposed in this paper to achieve higher certainty levels regarding safety in cloud environment. In this paper, the mating behavior of peafowl is incorporated into an optimization algorithm which in turn is used as a feature selection algorithm. The algorithm is used to reduce the huge size of cloud data so that the IDS can work efficiently on the cloud to detect intrusions. The proposed model has been experimented with NSL-KDD dataset as well as Kyoto dataset and have proved to be a better as well as an efficient IDS.
Feature Selection using the Concept of Peafowl Mating in IDSIJCNCJournal
Cloud computing has high applicability as an Internet based service that relies on sharing computing resources. Cloud computing provides services that are Infrastructure based, Platform based and Software based. The popularity of this technology is due to its superb performance, high level of computing ability, low cost of services, scalability, availability and flexibility. The obtainability and openness of data in cloud environment make it vulnerable to the world of cyber-attacks. To detect the attacks Intrusion Detection System is used, that can identify the attacks and ensure information security. Such a coherent and proficient Intrusion Detection System is proposed in this paper to achieve higher certainty levels regarding safety in cloud environment. In this paper, the mating behavior of peafowl is incorporated into an optimization algorithm which in turn is used as a feature selection algorithm. The algorithm is used to reduce the huge size of cloud data so that the IDS can work efficiently on the cloud to detect intrusions. The proposed model has been experimented with NSL-KDD dataset as well as Kyoto dataset and have proved to be a better as well as an efficient IDS.
Software Defect Prediction Using Radial Basis and Probabilistic Neural NetworksEditor IJCATR
This document discusses using neural networks for software defect prediction. It examines the effectiveness of using a radial basis function neural network and a probabilistic neural network on prediction accuracy and defect prediction compared to other techniques. The key findings are that neural networks provide an acceptable level of accuracy for defect prediction but perform poorly at actual defect prediction. Probabilistic neural networks performed consistently better than other techniques across different datasets in terms of prediction accuracy and defect prediction ability. The document recommends using an ensemble of different software defect prediction models rather than relying on a single technique.
Improve malware classifiers performance using cost-sensitive learning for imb...IAESIJAI
In recent times, malware visualization has become very popular for malware classification in cybersecurity. Existing malware features can easily identify known malware that have been already detected, but they cannot identify new and infrequent malwares accurately. Moreover, deep learning algorithms show their power in term of malware classification topic. However, we found the use of imbalanced data; the Malimg database which contains 25 malware families don’t have same or near number of images per class. To address these issues, this paper proposes an effective malware classifier, based on cost-sensitive deep learning. When performing classification on imbalanced data, some classes get less accuracy than others. Cost-sensitive is meant to solve this issue, however in our case of 25 classes, classical cost-sensitive weights wasn’t effective is giving equal attention to all classes. The proposed approach improves the performance of malware classification, and we demonstrate this improvement using two Convolutional Neural Network models using functional and subclassing programming techniques, based on loss, accuracy, recall and precision.
COMPARISON OF MALWARE CLASSIFICATION METHODS USING CONVOLUTIONAL NEURAL NETWO...IJNSA Journal
Malicious software is constantly being developed and improved, so detection and classification of malwareis an ever-evolving problem. Since traditional malware detection techniques fail to detect new/unknown malware, machine learning algorithms have been used to overcome this disadvantage. We present a Convolutional Neural Network (CNN) for malware type classification based on the API (Application Program Interface) calls. This research uses a database of 7107 instances of API call streams and 8 different malware types:Adware, Backdoor, Downloader, Dropper, Spyware, Trojan, Virus,Worm. We used a 1-Dimensional CNN by mapping API calls as categorical and term frequency-inverse document frequency (TF-IDF) vectors and compared the results to other classification techniques.The proposed 1-D CNN outperformed other classification techniques with 91% overall accuracy for both categorical and TF-IDF vectors.
Resource Allocation for Antivirus Cloud AppliancesIOSR Journals
This document discusses resource allocation for antivirus cloud appliances. It proposes using a search-based optimization approach called the Automatic Cloud Antivirus Configurator (ACAC) to solve the resource allocation problem in cloud-based antivirus deployments. ACAC includes a configuration enumerator that implements a search algorithm to enumerate resource allocations. It also includes a parameter calibration process and an antivirus cost model to estimate the cost of scanning files under different resource allocations. The cost model depends on factors like total file size, code segment size, and embedded files, but no single parameter can reliably predict scanning time on its own.
With the development and rapid growth in IT infrastructure, malicious code attacks are considered as the
main threat to cybersecurity. Malicious JavaScript’s which are intentionally crafted by the attackers inside the web page
over the web as an emerging security issue affecting millions of users. In past few years, a number of studies have been
conducted based on machine learning for detection of malicious JavaScript code attacks has demonstrated a poor
detection accuracy and increased performance overheads. In this paper, an effective interceptor approach for detection of
multivariate and novel malicious JavaScript’s based on deep learning is proposed and evaluated. Hybrid feature set based
on static and dynamic analysis were used. The dataset which was used in this study consists of 32,000 benign webpages
and 12,900 malicious pages. The experimental results show that this approach was able to detect 99.01% of new malicious
code variants.
International Journal of Computer Science and Information Security,IJCSIS ISSN 1947-5500, Pittsburgh, PA, USA
Email: ijcsiseditor@gmail.com
http://sites.google.com/site/ijcsis/
https://google.academia.edu/JournalofComputerScience
https://www.linkedin.com/in/ijcsis-research-publications-8b916516/
http://www.researcherid.com/rid/E-1319-2016
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...Drjabez
This document describes a proposed approach for anomaly detection in intrusion detection systems using outlier detection. It begins with background on intrusion detection systems and issues with existing approaches. It then presents the proposed two-stage approach using outlier detection: 1) Training with large normal datasets in a distributed storage environment, and 2) Testing intrusion datasets to compute an error value compared to the trained model. If the error value exceeds a threshold, the test data is flagged as anomalous. Experimental results on network packet datasets demonstrate the approach can effectively identify anomalies.
A simplified predictive framework for cost evaluation to fault assessment usi...IJECEIAES
Software engineering is an integral part of any software development scheme which frequently encounters bugs, errors, and faults. Predictive evaluation of software fault contributes towards mitigating this challenge to a large extent; however, there is no benchmarked framework being reported in this case yet. Therefore, this paper introduces a computational framework of the cost evaluation method to facilitate a better form of predictive assessment of software faults. Based on lines of code, the proposed scheme deploys adopts a machine-learning approach to address the perform predictive analysis of faults. The proposed scheme presents an analytical framework of the correlation-based cost model integrated with multiple standards machine learning (ML) models, e.g., linear regression, support vector regression, and artificial neural networks (ANN). These learning models are executed and trained to predict software faults with higher accuracy. The study considers assessing the outcomes based on error-based performance metrics in detail to determine how well each learning model performs and how accurate it is at learning. It also looked at the factors contributing to the training loss of neural networks. The validation result demonstrates that, compared to logistic regression and support vector regression, neural network achieves a significantly lower error score for software fault prediction.
an error in that computer program. In order to improve the software quality, prediction of faulty modules is
necessary. Various Metric suites and techniques are available to predict the modules which are critical and
likely to be fault prone. Genetic Algorithm is a problem solving algorithm. It uses genetics as its model of
problem solving. It’s a search technique to find approximate solutions to optimization and search
problems.Genetic algorithm is applied for solving the problem of faulty module prediction and as well as
for finding the most important attribute for fault occurrence. In order to perform the analysis, performance
validation of the Genetic Algorithm using open source software jEdit is done. The results are measured in
terms Accuracy and Error in predicting by calculating probability of detection and probability of false
Alarms
MACHINE LEARNING APPLICATIONS IN MALWARE CLASSIFICATION: A METAANALYSIS LITER...IJCI JOURNAL
With a text mining and bibliometrics approach, this study reviews the literature on the evolution
of malware classification using machine learning. This work takes literature from 2008 to 2022
on the subject of using machine learning for malware classification to understand the impact of
this technology on malware classification. Throughout this study, we seek to answer three main
research questions: RQ1: Is the application of machine learning for malware classification
growing? RQ2: What is the most common machine-learning application for malware
classification? RQ3: What are the outcomes of the most common machine learning
applications? The analysis of 2186 articles resulting from a data collection process from peerreviewed databases shows the trajectory of the application of this technology on malware
classification as well as trends in both the machine learning and malware classification fields of
study. This study performs quantitative and qualitative analysis using statistical and N-gram
analysis techniques and a formal literature review to answer the proposed research questions.
The research reveals methods such as support vector machines and random forests to be
standard machine learning methods for malware classification in efforts to detect maliciousness
or categorize malware by family. Machine learning is a highly researched technology with
many applications, from malware classification and beyond.
A new proactive feature selection model based on the enhanced optimization a...IJECEIAES
This document presents a new proactive feature selection (PFS) model to detect distributed reflection denial of service (DRDoS) attacks using an optimized feature selection approach. The PFS model uses swarm optimization and evolutionary algorithms like particle swarm optimization, bat algorithm, and differential evolution to select optimal features. It then evaluates selected features using machine learning classifiers like k-nearest neighbors, support vector machine, and random forest. The model was tested on the CICDDoS2019 dataset and achieved a high DRDoS detection accuracy of 89.59% while reducing the number of features. Evaluation metrics like accuracy, precision, recall and F1-score were also improved compared to previous models. The PFS model provides an effective approach
Insights of effectivity analysis of learning-based approaches towards softwar...IJECEIAES
Software defect prediction is one of the essential sets of operation towards mitigating issues of risk management in software development known to contribute towards enhancing the quality of software. There is evolution of various methodologies towards resolving this issue while learning-based methodology is witnessed to be the most dominant contributor. The problem identified is that there are yet many unsolved queries associated with practical viability of such learning-based approach adoption in software quality management. Proposed approaches discussed in this paper contributes towards mitigating this challenge by introducing a simplified, compact, and crisp analysis of effectiveness associated with learning-based schemes. The paper presents its major findings of effectivity analysis of machine learning, deep learning, hybrid, and other miscellaneous approaches deployed for fault prediction followed by highlighting research trend. The major findings infer that feature selection, data imbalance, interpretability, and in adequate involvement of context are prime gaps in existing methods. The paper also contributes towards research gap as well as essential learning outcomes of present review work.
Ransomware Attack Detection based on Pertinent System Calls Using Machine Lea...IJCNCJournal
In the last few years, the evolution of information technology has resulted in the development of several interesting and sensitive fields such as the dark Web and cyber-criminality, especially using ransomware attacks. This paper aims to bring out only critical features and make their observation, or not, in software behaviour sufficient to decide whether it is ransomware or not. Therefore, we propose a new solution for ransomware detection based on machine learning algorithms and system calls. First, we introduce our produced dataset of collected system calls of both ransomware and Benignware. Then, we push preprocessing steps deeply to reduce efficiently data dimensionality. After that, we introduce a new technique to select pertinent features. Next, we bring out the critical system calls, their importance and their contribution to the distinction between dataset elements. Finally, we present our model that achieves an overall accuracy of 99.81% after K-Fold cross-validation.
Ransomware Attack Detection Based on Pertinent System Calls Using Machine Lea...IJCNCJournal
In the last few years, the evolution of information technology has resulted in thedevelopmentof several interesting and sensitive fields such as the dark Web and cyber-criminality, especially using ransomware attacks. This paper aims to bring out only critical features and make their observation, or not, in software behaviour sufficient to decide whether it is ransomware or not. Therefore, we propose a new solution for ransomware detection based on machine learning algorithms and system calls. First, we introduce our produced dataset of collected system calls of both ransomware and Benignware. Then, we push pre-processing steps deeply to reduce efficiently data dimensionality. After that, we introduce a new technique to select pertinent features. Next, we bring out the critical system calls, their importance and their contribution to the distinction between dataset elements. Finally, we present our model that achieves an overall accuracy of 99.81% after K-Fold cross-validation.
ANALYTIC HIERARCHY PROCESS-BASED FUZZY MEASUREMENT TO QUANTIFY VULNERABILITIE...IJCNCJournal
Much research has been conducted to detect vulnerabilities of Web Applications; however, these never
proposed a methodology to measure the vulnerabilities either qualitatively or quantitatively. In this paper,
a methodology is proposed to investigate the quantification of vulnerabilities in Web Applications. We
applied the Goal Question Metrics (GQM) methodology to determine all possible security factors and subfactors of Web Applications in the Department of Transportation (DOT) as our proof of concept. Then we
introduced a Multi-layered Fuzzy Logic (MFL) approach based on the security sub-factors’ prioritization
in the Analytic Hierarchy Process (AHP). Using AHP, we weighted each security sub-factor before the
quantification process in the Fuzzy Logic to handle imprecise crisp number calculation.
Analytic Hierarchy Process-based Fuzzy Measurement to Quantify Vulnerabilitie...IJCNCJournal
Much research has been conducted to detect vulnerabilities of Web Applications; however, these never proposed a methodology to measure the vulnerabilities either qualitatively or quantitatively. In this paper, a methodology is proposed to investigate the quantification of vulnerabilities in Web Applications. We applied the Goal Question Metrics (GQM) methodology to determine all possible security factors and subfactors of Web Applications in the Department of Transportation (DOT) as our proof of concept. Then we introduced a Multi-layered Fuzzy Logic (MFL) approach based on the security sub-factors’ prioritization in the Analytic Hierarchy Process (AHP). Using AHP, we weighted each security sub-factor before the quantification process in the Fuzzy Logic to handle imprecise crisp number calculation.
Analytic Hierarchy Process-based Fuzzy Measurement to Quantify Vulnerabilitie...IJCNCJournal
Much research has been conducted to detect vulnerabilities of Web Applications; however, these never proposed a methodology to measure the vulnerabilities either qualitatively or quantitatively. In this paper, a methodology is proposed to investigate the quantification of vulnerabilities in Web Applications. We applied the Goal Question Metrics (GQM) methodology to determine all possible security factors and subfactors of Web Applications in the Department of Transportation (DOT) as our proof of concept. Then we introduced a Multi-layered Fuzzy Logic (MFL) approach based on the security sub-factors’ prioritization in the Analytic Hierarchy Process (AHP). Using AHP, we weighted each security sub-factor before the quantification process in the Fuzzy Logic to handle imprecise crisp number calculation.
ANALYTIC HIERARCHY PROCESS-BASED FUZZY MEASUREMENT TO QUANTIFY VULNERABILITIE...IJCNCJournal
Much research has been conducted to detect vulnerabilities of Web Applications; however, these never proposed a methodology to measure the vulnerabilities either qualitatively or quantitatively. In this paper, a methodology is proposed to investigate the quantification of vulnerabilities in Web Applications. We applied the Goal Question Metrics (GQM) methodology to determine all possible security factors and subfactors of Web Applications in the Department of Transportation (DOT) as our proof of concept. Then we
introduced a Multi-layered Fuzzy Logic (MFL) approach based on the security sub-factors’ prioritization in the Analytic Hierarchy Process (AHP). Using AHP, we weighted each security sub-factor before the quantification process in the Fuzzy Logic to handle imprecise crisp number calculation.
TOWARDS PREDICTING SOFTWARE DEFECTS WITH CLUSTERING TECHNIQUESijaia
The purpose of software defect prediction is to improve the quality of a software project by building a
predictive model to decide whether a software module is or is not fault prone. In recent years, much
research in using machine learning techniques in this topic has been performed. Our aim was to evaluate
the performance of clustering techniques with feature selection schemes to address the problem of software
defect prediction problem. We analysed the National Aeronautics and Space Administration (NASA)
dataset benchmarks using three clustering algorithms: (1) Farthest First, (2) X-Means, and (3) selforganizing map (SOM). In order to evaluate different feature selection algorithms, this article presents a
comparative analysis involving software defects prediction based on Bat, Cuckoo, Grey Wolf Optimizer
(GWO), and particle swarm optimizer (PSO). The results obtained with the proposed clustering models
enabled us to build an efficient predictive model with a satisfactory detection rate and acceptable number
of features.
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...IJECEIAES
Medical image analysis has witnessed significant advancements with deep learning techniques. In the domain of brain tumor segmentation, the ability to
precisely delineate tumor boundaries from magnetic resonance imaging (MRI)
scans holds profound implications for diagnosis. This study presents an ensemble convolutional neural network (CNN) with transfer learning, integrating
the state-of-the-art Deeplabv3+ architecture with the ResNet18 backbone. The
model is rigorously trained and evaluated, exhibiting remarkable performance
metrics, including an impressive global accuracy of 99.286%, a high-class accuracy of 82.191%, a mean intersection over union (IoU) of 79.900%, a weighted
IoU of 98.620%, and a Boundary F1 (BF) score of 83.303%. Notably, a detailed comparative analysis with existing methods showcases the superiority of
our proposed model. These findings underscore the model’s competence in precise brain tumor localization, underscoring its potential to revolutionize medical
image analysis and enhance healthcare outcomes. This research paves the way
for future exploration and optimization of advanced CNN models in medical
imaging, emphasizing addressing false positives and resource efficiency.
Embedded machine learning-based road conditions and driving behavior monitoringIJECEIAES
Car accident rates have increased in recent years, resulting in losses in human lives, properties, and other financial costs. An embedded machine learning-based system is developed to address this critical issue. The system can monitor road conditions, detect driving patterns, and identify aggressive driving behaviors. The system is based on neural networks trained on a comprehensive dataset of driving events, driving styles, and road conditions. The system effectively detects potential risks and helps mitigate the frequency and impact of accidents. The primary goal is to ensure the safety of drivers and vehicles. Collecting data involved gathering information on three key road events: normal street and normal drive, speed bumps, circular yellow speed bumps, and three aggressive driving actions: sudden start, sudden stop, and sudden entry. The gathered data is processed and analyzed using a machine learning system designed for limited power and memory devices. The developed system resulted in 91.9% accuracy, 93.6% precision, and 92% recall. The achieved inference time on an Arduino Nano 33 BLE Sense with a 32-bit CPU running at 64 MHz is 34 ms and requires 2.6 kB peak RAM and 139.9 kB program flash memory, making it suitable for resource-constrained embedded systems.
More Related Content
Similar to Fisher exact Boschloo and polynomial vector learning for malware detection
Feature Selection using the Concept of Peafowl Mating in IDSIJCNCJournal
Cloud computing has high applicability as an Internet based service that relies on sharing computing resources. Cloud computing provides services that are Infrastructure based, Platform based and Software based. The popularity of this technology is due to its superb performance, high level of computing ability, low cost of services, scalability, availability and flexibility. The obtainability and openness of data in cloud environment make it vulnerable to the world of cyber-attacks. To detect the attacks Intrusion Detection System is used, that can identify the attacks and ensure information security. Such a coherent and proficient Intrusion Detection System is proposed in this paper to achieve higher certainty levels regarding safety in cloud environment. In this paper, the mating behavior of peafowl is incorporated into an optimization algorithm which in turn is used as a feature selection algorithm. The algorithm is used to reduce the huge size of cloud data so that the IDS can work efficiently on the cloud to detect intrusions. The proposed model has been experimented with NSL-KDD dataset as well as Kyoto dataset and have proved to be a better as well as an efficient IDS.
Feature Selection using the Concept of Peafowl Mating in IDSIJCNCJournal
Cloud computing has high applicability as an Internet based service that relies on sharing computing resources. Cloud computing provides services that are Infrastructure based, Platform based and Software based. The popularity of this technology is due to its superb performance, high level of computing ability, low cost of services, scalability, availability and flexibility. The obtainability and openness of data in cloud environment make it vulnerable to the world of cyber-attacks. To detect the attacks Intrusion Detection System is used, that can identify the attacks and ensure information security. Such a coherent and proficient Intrusion Detection System is proposed in this paper to achieve higher certainty levels regarding safety in cloud environment. In this paper, the mating behavior of peafowl is incorporated into an optimization algorithm which in turn is used as a feature selection algorithm. The algorithm is used to reduce the huge size of cloud data so that the IDS can work efficiently on the cloud to detect intrusions. The proposed model has been experimented with NSL-KDD dataset as well as Kyoto dataset and have proved to be a better as well as an efficient IDS.
Software Defect Prediction Using Radial Basis and Probabilistic Neural NetworksEditor IJCATR
This document discusses using neural networks for software defect prediction. It examines the effectiveness of using a radial basis function neural network and a probabilistic neural network on prediction accuracy and defect prediction compared to other techniques. The key findings are that neural networks provide an acceptable level of accuracy for defect prediction but perform poorly at actual defect prediction. Probabilistic neural networks performed consistently better than other techniques across different datasets in terms of prediction accuracy and defect prediction ability. The document recommends using an ensemble of different software defect prediction models rather than relying on a single technique.
Improve malware classifiers performance using cost-sensitive learning for imb...IAESIJAI
In recent times, malware visualization has become very popular for malware classification in cybersecurity. Existing malware features can easily identify known malware that have been already detected, but they cannot identify new and infrequent malwares accurately. Moreover, deep learning algorithms show their power in term of malware classification topic. However, we found the use of imbalanced data; the Malimg database which contains 25 malware families don’t have same or near number of images per class. To address these issues, this paper proposes an effective malware classifier, based on cost-sensitive deep learning. When performing classification on imbalanced data, some classes get less accuracy than others. Cost-sensitive is meant to solve this issue, however in our case of 25 classes, classical cost-sensitive weights wasn’t effective is giving equal attention to all classes. The proposed approach improves the performance of malware classification, and we demonstrate this improvement using two Convolutional Neural Network models using functional and subclassing programming techniques, based on loss, accuracy, recall and precision.
COMPARISON OF MALWARE CLASSIFICATION METHODS USING CONVOLUTIONAL NEURAL NETWO...IJNSA Journal
Malicious software is constantly being developed and improved, so detection and classification of malwareis an ever-evolving problem. Since traditional malware detection techniques fail to detect new/unknown malware, machine learning algorithms have been used to overcome this disadvantage. We present a Convolutional Neural Network (CNN) for malware type classification based on the API (Application Program Interface) calls. This research uses a database of 7107 instances of API call streams and 8 different malware types:Adware, Backdoor, Downloader, Dropper, Spyware, Trojan, Virus,Worm. We used a 1-Dimensional CNN by mapping API calls as categorical and term frequency-inverse document frequency (TF-IDF) vectors and compared the results to other classification techniques.The proposed 1-D CNN outperformed other classification techniques with 91% overall accuracy for both categorical and TF-IDF vectors.
Resource Allocation for Antivirus Cloud AppliancesIOSR Journals
This document discusses resource allocation for antivirus cloud appliances. It proposes using a search-based optimization approach called the Automatic Cloud Antivirus Configurator (ACAC) to solve the resource allocation problem in cloud-based antivirus deployments. ACAC includes a configuration enumerator that implements a search algorithm to enumerate resource allocations. It also includes a parameter calibration process and an antivirus cost model to estimate the cost of scanning files under different resource allocations. The cost model depends on factors like total file size, code segment size, and embedded files, but no single parameter can reliably predict scanning time on its own.
With the development and rapid growth in IT infrastructure, malicious code attacks are considered as the
main threat to cybersecurity. Malicious JavaScript’s which are intentionally crafted by the attackers inside the web page
over the web as an emerging security issue affecting millions of users. In past few years, a number of studies have been
conducted based on machine learning for detection of malicious JavaScript code attacks has demonstrated a poor
detection accuracy and increased performance overheads. In this paper, an effective interceptor approach for detection of
multivariate and novel malicious JavaScript’s based on deep learning is proposed and evaluated. Hybrid feature set based
on static and dynamic analysis were used. The dataset which was used in this study consists of 32,000 benign webpages
and 12,900 malicious pages. The experimental results show that this approach was able to detect 99.01% of new malicious
code variants.
International Journal of Computer Science and Information Security,IJCSIS ISSN 1947-5500, Pittsburgh, PA, USA
Email: ijcsiseditor@gmail.com
http://sites.google.com/site/ijcsis/
https://google.academia.edu/JournalofComputerScience
https://www.linkedin.com/in/ijcsis-research-publications-8b916516/
http://www.researcherid.com/rid/E-1319-2016
Intrusion Detection System (IDS): Anomaly Detection using Outlier Detection A...Drjabez
This document describes a proposed approach for anomaly detection in intrusion detection systems using outlier detection. It begins with background on intrusion detection systems and issues with existing approaches. It then presents the proposed two-stage approach using outlier detection: 1) Training with large normal datasets in a distributed storage environment, and 2) Testing intrusion datasets to compute an error value compared to the trained model. If the error value exceeds a threshold, the test data is flagged as anomalous. Experimental results on network packet datasets demonstrate the approach can effectively identify anomalies.
A simplified predictive framework for cost evaluation to fault assessment usi...IJECEIAES
Software engineering is an integral part of any software development scheme which frequently encounters bugs, errors, and faults. Predictive evaluation of software fault contributes towards mitigating this challenge to a large extent; however, there is no benchmarked framework being reported in this case yet. Therefore, this paper introduces a computational framework of the cost evaluation method to facilitate a better form of predictive assessment of software faults. Based on lines of code, the proposed scheme deploys adopts a machine-learning approach to address the perform predictive analysis of faults. The proposed scheme presents an analytical framework of the correlation-based cost model integrated with multiple standards machine learning (ML) models, e.g., linear regression, support vector regression, and artificial neural networks (ANN). These learning models are executed and trained to predict software faults with higher accuracy. The study considers assessing the outcomes based on error-based performance metrics in detail to determine how well each learning model performs and how accurate it is at learning. It also looked at the factors contributing to the training loss of neural networks. The validation result demonstrates that, compared to logistic regression and support vector regression, neural network achieves a significantly lower error score for software fault prediction.
an error in that computer program. In order to improve the software quality, prediction of faulty modules is
necessary. Various Metric suites and techniques are available to predict the modules which are critical and
likely to be fault prone. Genetic Algorithm is a problem solving algorithm. It uses genetics as its model of
problem solving. It’s a search technique to find approximate solutions to optimization and search
problems.Genetic algorithm is applied for solving the problem of faulty module prediction and as well as
for finding the most important attribute for fault occurrence. In order to perform the analysis, performance
validation of the Genetic Algorithm using open source software jEdit is done. The results are measured in
terms Accuracy and Error in predicting by calculating probability of detection and probability of false
Alarms
MACHINE LEARNING APPLICATIONS IN MALWARE CLASSIFICATION: A METAANALYSIS LITER...IJCI JOURNAL
With a text mining and bibliometrics approach, this study reviews the literature on the evolution
of malware classification using machine learning. This work takes literature from 2008 to 2022
on the subject of using machine learning for malware classification to understand the impact of
this technology on malware classification. Throughout this study, we seek to answer three main
research questions: RQ1: Is the application of machine learning for malware classification
growing? RQ2: What is the most common machine-learning application for malware
classification? RQ3: What are the outcomes of the most common machine learning
applications? The analysis of 2186 articles resulting from a data collection process from peerreviewed databases shows the trajectory of the application of this technology on malware
classification as well as trends in both the machine learning and malware classification fields of
study. This study performs quantitative and qualitative analysis using statistical and N-gram
analysis techniques and a formal literature review to answer the proposed research questions.
The research reveals methods such as support vector machines and random forests to be
standard machine learning methods for malware classification in efforts to detect maliciousness
or categorize malware by family. Machine learning is a highly researched technology with
many applications, from malware classification and beyond.
A new proactive feature selection model based on the enhanced optimization a...IJECEIAES
This document presents a new proactive feature selection (PFS) model to detect distributed reflection denial of service (DRDoS) attacks using an optimized feature selection approach. The PFS model uses swarm optimization and evolutionary algorithms like particle swarm optimization, bat algorithm, and differential evolution to select optimal features. It then evaluates selected features using machine learning classifiers like k-nearest neighbors, support vector machine, and random forest. The model was tested on the CICDDoS2019 dataset and achieved a high DRDoS detection accuracy of 89.59% while reducing the number of features. Evaluation metrics like accuracy, precision, recall and F1-score were also improved compared to previous models. The PFS model provides an effective approach
Insights of effectivity analysis of learning-based approaches towards softwar...IJECEIAES
Software defect prediction is one of the essential sets of operation towards mitigating issues of risk management in software development known to contribute towards enhancing the quality of software. There is evolution of various methodologies towards resolving this issue while learning-based methodology is witnessed to be the most dominant contributor. The problem identified is that there are yet many unsolved queries associated with practical viability of such learning-based approach adoption in software quality management. Proposed approaches discussed in this paper contributes towards mitigating this challenge by introducing a simplified, compact, and crisp analysis of effectiveness associated with learning-based schemes. The paper presents its major findings of effectivity analysis of machine learning, deep learning, hybrid, and other miscellaneous approaches deployed for fault prediction followed by highlighting research trend. The major findings infer that feature selection, data imbalance, interpretability, and in adequate involvement of context are prime gaps in existing methods. The paper also contributes towards research gap as well as essential learning outcomes of present review work.
Ransomware Attack Detection based on Pertinent System Calls Using Machine Lea...IJCNCJournal
In the last few years, the evolution of information technology has resulted in the development of several interesting and sensitive fields such as the dark Web and cyber-criminality, especially using ransomware attacks. This paper aims to bring out only critical features and make their observation, or not, in software behaviour sufficient to decide whether it is ransomware or not. Therefore, we propose a new solution for ransomware detection based on machine learning algorithms and system calls. First, we introduce our produced dataset of collected system calls of both ransomware and Benignware. Then, we push preprocessing steps deeply to reduce efficiently data dimensionality. After that, we introduce a new technique to select pertinent features. Next, we bring out the critical system calls, their importance and their contribution to the distinction between dataset elements. Finally, we present our model that achieves an overall accuracy of 99.81% after K-Fold cross-validation.
Ransomware Attack Detection Based on Pertinent System Calls Using Machine Lea...IJCNCJournal
In the last few years, the evolution of information technology has resulted in thedevelopmentof several interesting and sensitive fields such as the dark Web and cyber-criminality, especially using ransomware attacks. This paper aims to bring out only critical features and make their observation, or not, in software behaviour sufficient to decide whether it is ransomware or not. Therefore, we propose a new solution for ransomware detection based on machine learning algorithms and system calls. First, we introduce our produced dataset of collected system calls of both ransomware and Benignware. Then, we push pre-processing steps deeply to reduce efficiently data dimensionality. After that, we introduce a new technique to select pertinent features. Next, we bring out the critical system calls, their importance and their contribution to the distinction between dataset elements. Finally, we present our model that achieves an overall accuracy of 99.81% after K-Fold cross-validation.
ANALYTIC HIERARCHY PROCESS-BASED FUZZY MEASUREMENT TO QUANTIFY VULNERABILITIE...IJCNCJournal
Much research has been conducted to detect vulnerabilities of Web Applications; however, these never
proposed a methodology to measure the vulnerabilities either qualitatively or quantitatively. In this paper,
a methodology is proposed to investigate the quantification of vulnerabilities in Web Applications. We
applied the Goal Question Metrics (GQM) methodology to determine all possible security factors and subfactors of Web Applications in the Department of Transportation (DOT) as our proof of concept. Then we
introduced a Multi-layered Fuzzy Logic (MFL) approach based on the security sub-factors’ prioritization
in the Analytic Hierarchy Process (AHP). Using AHP, we weighted each security sub-factor before the
quantification process in the Fuzzy Logic to handle imprecise crisp number calculation.
Analytic Hierarchy Process-based Fuzzy Measurement to Quantify Vulnerabilitie...IJCNCJournal
Much research has been conducted to detect vulnerabilities of Web Applications; however, these never proposed a methodology to measure the vulnerabilities either qualitatively or quantitatively. In this paper, a methodology is proposed to investigate the quantification of vulnerabilities in Web Applications. We applied the Goal Question Metrics (GQM) methodology to determine all possible security factors and subfactors of Web Applications in the Department of Transportation (DOT) as our proof of concept. Then we introduced a Multi-layered Fuzzy Logic (MFL) approach based on the security sub-factors’ prioritization in the Analytic Hierarchy Process (AHP). Using AHP, we weighted each security sub-factor before the quantification process in the Fuzzy Logic to handle imprecise crisp number calculation.
Analytic Hierarchy Process-based Fuzzy Measurement to Quantify Vulnerabilitie...IJCNCJournal
Much research has been conducted to detect vulnerabilities of Web Applications; however, these never proposed a methodology to measure the vulnerabilities either qualitatively or quantitatively. In this paper, a methodology is proposed to investigate the quantification of vulnerabilities in Web Applications. We applied the Goal Question Metrics (GQM) methodology to determine all possible security factors and subfactors of Web Applications in the Department of Transportation (DOT) as our proof of concept. Then we introduced a Multi-layered Fuzzy Logic (MFL) approach based on the security sub-factors’ prioritization in the Analytic Hierarchy Process (AHP). Using AHP, we weighted each security sub-factor before the quantification process in the Fuzzy Logic to handle imprecise crisp number calculation.
ANALYTIC HIERARCHY PROCESS-BASED FUZZY MEASUREMENT TO QUANTIFY VULNERABILITIE...IJCNCJournal
Much research has been conducted to detect vulnerabilities of Web Applications; however, these never proposed a methodology to measure the vulnerabilities either qualitatively or quantitatively. In this paper, a methodology is proposed to investigate the quantification of vulnerabilities in Web Applications. We applied the Goal Question Metrics (GQM) methodology to determine all possible security factors and subfactors of Web Applications in the Department of Transportation (DOT) as our proof of concept. Then we
introduced a Multi-layered Fuzzy Logic (MFL) approach based on the security sub-factors’ prioritization in the Analytic Hierarchy Process (AHP). Using AHP, we weighted each security sub-factor before the quantification process in the Fuzzy Logic to handle imprecise crisp number calculation.
TOWARDS PREDICTING SOFTWARE DEFECTS WITH CLUSTERING TECHNIQUESijaia
The purpose of software defect prediction is to improve the quality of a software project by building a
predictive model to decide whether a software module is or is not fault prone. In recent years, much
research in using machine learning techniques in this topic has been performed. Our aim was to evaluate
the performance of clustering techniques with feature selection schemes to address the problem of software
defect prediction problem. We analysed the National Aeronautics and Space Administration (NASA)
dataset benchmarks using three clustering algorithms: (1) Farthest First, (2) X-Means, and (3) selforganizing map (SOM). In order to evaluate different feature selection algorithms, this article presents a
comparative analysis involving software defects prediction based on Bat, Cuckoo, Grey Wolf Optimizer
(GWO), and particle swarm optimizer (PSO). The results obtained with the proposed clustering models
enabled us to build an efficient predictive model with a satisfactory detection rate and acceptable number
of features.
Similar to Fisher exact Boschloo and polynomial vector learning for malware detection (20)
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...IJECEIAES
Medical image analysis has witnessed significant advancements with deep learning techniques. In the domain of brain tumor segmentation, the ability to
precisely delineate tumor boundaries from magnetic resonance imaging (MRI)
scans holds profound implications for diagnosis. This study presents an ensemble convolutional neural network (CNN) with transfer learning, integrating
the state-of-the-art Deeplabv3+ architecture with the ResNet18 backbone. The
model is rigorously trained and evaluated, exhibiting remarkable performance
metrics, including an impressive global accuracy of 99.286%, a high-class accuracy of 82.191%, a mean intersection over union (IoU) of 79.900%, a weighted
IoU of 98.620%, and a Boundary F1 (BF) score of 83.303%. Notably, a detailed comparative analysis with existing methods showcases the superiority of
our proposed model. These findings underscore the model’s competence in precise brain tumor localization, underscoring its potential to revolutionize medical
image analysis and enhance healthcare outcomes. This research paves the way
for future exploration and optimization of advanced CNN models in medical
imaging, emphasizing addressing false positives and resource efficiency.
Embedded machine learning-based road conditions and driving behavior monitoringIJECEIAES
Car accident rates have increased in recent years, resulting in losses in human lives, properties, and other financial costs. An embedded machine learning-based system is developed to address this critical issue. The system can monitor road conditions, detect driving patterns, and identify aggressive driving behaviors. The system is based on neural networks trained on a comprehensive dataset of driving events, driving styles, and road conditions. The system effectively detects potential risks and helps mitigate the frequency and impact of accidents. The primary goal is to ensure the safety of drivers and vehicles. Collecting data involved gathering information on three key road events: normal street and normal drive, speed bumps, circular yellow speed bumps, and three aggressive driving actions: sudden start, sudden stop, and sudden entry. The gathered data is processed and analyzed using a machine learning system designed for limited power and memory devices. The developed system resulted in 91.9% accuracy, 93.6% precision, and 92% recall. The achieved inference time on an Arduino Nano 33 BLE Sense with a 32-bit CPU running at 64 MHz is 34 ms and requires 2.6 kB peak RAM and 139.9 kB program flash memory, making it suitable for resource-constrained embedded systems.
Advanced control scheme of doubly fed induction generator for wind turbine us...IJECEIAES
This paper describes a speed control device for generating electrical energy on an electricity network based on the doubly fed induction generator (DFIG) used for wind power conversion systems. At first, a double-fed induction generator model was constructed. A control law is formulated to govern the flow of energy between the stator of a DFIG and the energy network using three types of controllers: proportional integral (PI), sliding mode controller (SMC) and second order sliding mode controller (SOSMC). Their different results in terms of power reference tracking, reaction to unexpected speed fluctuations, sensitivity to perturbations, and resilience against machine parameter alterations are compared. MATLAB/Simulink was used to conduct the simulations for the preceding study. Multiple simulations have shown very satisfying results, and the investigations demonstrate the efficacy and power-enhancing capabilities of the suggested control system.
Neural network optimizer of proportional-integral-differential controller par...IJECEIAES
Wide application of proportional-integral-differential (PID)-regulator in industry requires constant improvement of methods of its parameters adjustment. The paper deals with the issues of optimization of PID-regulator parameters with the use of neural network technology methods. A methodology for choosing the architecture (structure) of neural network optimizer is proposed, which consists in determining the number of layers, the number of neurons in each layer, as well as the form and type of activation function. Algorithms of neural network training based on the application of the method of minimizing the mismatch between the regulated value and the target value are developed. The method of back propagation of gradients is proposed to select the optimal training rate of neurons of the neural network. The neural network optimizer, which is a superstructure of the linear PID controller, allows increasing the regulation accuracy from 0.23 to 0.09, thus reducing the power consumption from 65% to 53%. The results of the conducted experiments allow us to conclude that the created neural superstructure may well become a prototype of an automatic voltage regulator (AVR)-type industrial controller for tuning the parameters of the PID controller.
An improved modulation technique suitable for a three level flying capacitor ...IJECEIAES
This research paper introduces an innovative modulation technique for controlling a 3-level flying capacitor multilevel inverter (FCMLI), aiming to streamline the modulation process in contrast to conventional methods. The proposed
simplified modulation technique paves the way for more straightforward and
efficient control of multilevel inverters, enabling their widespread adoption and
integration into modern power electronic systems. Through the amalgamation of
sinusoidal pulse width modulation (SPWM) with a high-frequency square wave
pulse, this controlling technique attains energy equilibrium across the coupling
capacitor. The modulation scheme incorporates a simplified switching pattern
and a decreased count of voltage references, thereby simplifying the control
algorithm.
A review on features and methods of potential fishing zoneIJECEIAES
This review focuses on the importance of identifying potential fishing zones in seawater for sustainable fishing practices. It explores features like sea surface temperature (SST) and sea surface height (SSH), along with classification methods such as classifiers. The features like SST, SSH, and different classifiers used to classify the data, have been figured out in this review study. This study underscores the importance of examining potential fishing zones using advanced analytical techniques. It thoroughly explores the methodologies employed by researchers, covering both past and current approaches. The examination centers on data characteristics and the application of classification algorithms for classification of potential fishing zones. Furthermore, the prediction of potential fishing zones relies significantly on the effectiveness of classification algorithms. Previous research has assessed the performance of models like support vector machines, naïve Bayes, and artificial neural networks (ANN). In the previous result, the results of support vector machine (SVM) were 97.6% more accurate than naive Bayes's 94.2% to classify test data for fisheries classification. By considering the recent works in this area, several recommendations for future works are presented to further improve the performance of the potential fishing zone models, which is important to the fisheries community.
Electrical signal interference minimization using appropriate core material f...IJECEIAES
As demand for smaller, quicker, and more powerful devices rises, Moore's law is strictly followed. The industry has worked hard to make little devices that boost productivity. The goal is to optimize device density. Scientists are reducing connection delays to improve circuit performance. This helped them understand three-dimensional integrated circuit (3D IC) concepts, which stack active devices and create vertical connections to diminish latency and lower interconnects. Electrical involvement is a big worry with 3D integrates circuits. Researchers have developed and tested through silicon via (TSV) and substrates to decrease electrical wave involvement. This study illustrates a novel noise coupling reduction method using several electrical involvement models. A 22% drop in electrical involvement from wave-carrying to victim TSVs introduces this new paradigm and improves system performance even at higher THz frequencies.
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...IJECEIAES
Climate change's impact on the planet forced the United Nations and governments to promote green energies and electric transportation. The deployments of photovoltaic (PV) and electric vehicle (EV) systems gained stronger momentum due to their numerous advantages over fossil fuel types. The advantages go beyond sustainability to reach financial support and stability. The work in this paper introduces the hybrid system between PV and EV to support industrial and commercial plants. This paper covers the theoretical framework of the proposed hybrid system including the required equation to complete the cost analysis when PV and EV are present. In addition, the proposed design diagram which sets the priorities and requirements of the system is presented. The proposed approach allows setup to advance their power stability, especially during power outages. The presented information supports researchers and plant owners to complete the necessary analysis while promoting the deployment of clean energy. The result of a case study that represents a dairy milk farmer supports the theoretical works and highlights its advanced benefits to existing plants. The short return on investment of the proposed approach supports the paper's novelty approach for the sustainable electrical system. In addition, the proposed system allows for an isolated power setup without the need for a transmission line which enhances the safety of the electrical network
Bibliometric analysis highlighting the role of women in addressing climate ch...IJECEIAES
Fossil fuel consumption increased quickly, contributing to climate change
that is evident in unusual flooding and draughts, and global warming. Over
the past ten years, women's involvement in society has grown dramatically,
and they succeeded in playing a noticeable role in reducing climate change.
A bibliometric analysis of data from the last ten years has been carried out to
examine the role of women in addressing the climate change. The analysis's
findings discussed the relevant to the sustainable development goals (SDGs),
particularly SDG 7 and SDG 13. The results considered contributions made
by women in the various sectors while taking geographic dispersion into
account. The bibliometric analysis delves into topics including women's
leadership in environmental groups, their involvement in policymaking, their
contributions to sustainable development projects, and the influence of
gender diversity on attempts to mitigate climate change. This study's results
highlight how women have influenced policies and actions related to climate
change, point out areas of research deficiency and recommendations on how
to increase role of the women in addressing the climate change and
achieving sustainability. To achieve more successful results, this initiative
aims to highlight the significance of gender equality and encourage
inclusivity in climate change decision-making processes.
Voltage and frequency control of microgrid in presence of micro-turbine inter...IJECEIAES
The active and reactive load changes have a significant impact on voltage
and frequency. In this paper, in order to stabilize the microgrid (MG) against
load variations in islanding mode, the active and reactive power of all
distributed generators (DGs), including energy storage (battery), diesel
generator, and micro-turbine, are controlled. The micro-turbine generator is
connected to MG through a three-phase to three-phase matrix converter, and
the droop control method is applied for controlling the voltage and
frequency of MG. In addition, a method is introduced for voltage and
frequency control of micro-turbines in the transition state from gridconnected mode to islanding mode. A novel switching strategy of the matrix
converter is used for converting the high-frequency output voltage of the
micro-turbine to the grid-side frequency of the utility system. Moreover,
using the switching strategy, the low-order harmonics in the output current
and voltage are not produced, and consequently, the size of the output filter
would be reduced. In fact, the suggested control strategy is load-independent
and has no frequency conversion restrictions. The proposed approach for
voltage and frequency regulation demonstrates exceptional performance and
favorable response across various load alteration scenarios. The suggested
strategy is examined in several scenarios in the MG test systems, and the
simulation results are addressed.
Enhancing battery system identification: nonlinear autoregressive modeling fo...IJECEIAES
Precisely characterizing Li-ion batteries is essential for optimizing their
performance, enhancing safety, and prolonging their lifespan across various
applications, such as electric vehicles and renewable energy systems. This
article introduces an innovative nonlinear methodology for system
identification of a Li-ion battery, employing a nonlinear autoregressive with
exogenous inputs (NARX) model. The proposed approach integrates the
benefits of nonlinear modeling with the adaptability of the NARX structure,
facilitating a more comprehensive representation of the intricate
electrochemical processes within the battery. Experimental data collected
from a Li-ion battery operating under diverse scenarios are employed to
validate the effectiveness of the proposed methodology. The identified
NARX model exhibits superior accuracy in predicting the battery's behavior
compared to traditional linear models. This study underscores the
importance of accounting for nonlinearities in battery modeling, providing
insights into the intricate relationships between state-of-charge, voltage, and
current under dynamic conditions.
Smart grid deployment: from a bibliometric analysis to a surveyIJECEIAES
Smart grids are one of the last decades' innovations in electrical energy.
They bring relevant advantages compared to the traditional grid and
significant interest from the research community. Assessing the field's
evolution is essential to propose guidelines for facing new and future smart
grid challenges. In addition, knowing the main technologies involved in the
deployment of smart grids (SGs) is important to highlight possible
shortcomings that can be mitigated by developing new tools. This paper
contributes to the research trends mentioned above by focusing on two
objectives. First, a bibliometric analysis is presented to give an overview of
the current research level about smart grid deployment. Second, a survey of
the main technological approaches used for smart grid implementation and
their contributions are highlighted. To that effect, we searched the Web of
Science (WoS), and the Scopus databases. We obtained 5,663 documents
from WoS and 7,215 from Scopus on smart grid implementation or
deployment. With the extraction limitation in the Scopus database, 5,872 of
the 7,215 documents were extracted using a multi-step process. These two
datasets have been analyzed using a bibliometric tool called bibliometrix.
The main outputs are presented with some recommendations for future
research.
Use of analytical hierarchy process for selecting and prioritizing islanding ...IJECEIAES
One of the problems that are associated to power systems is islanding
condition, which must be rapidly and properly detected to prevent any
negative consequences on the system's protection, stability, and security.
This paper offers a thorough overview of several islanding detection
strategies, which are divided into two categories: classic approaches,
including local and remote approaches, and modern techniques, including
techniques based on signal processing and computational intelligence.
Additionally, each approach is compared and assessed based on several
factors, including implementation costs, non-detected zones, declining
power quality, and response times using the analytical hierarchy process
(AHP). The multi-criteria decision-making analysis shows that the overall
weight of passive methods (24.7%), active methods (7.8%), hybrid methods
(5.6%), remote methods (14.5%), signal processing-based methods (26.6%),
and computational intelligent-based methods (20.8%) based on the
comparison of all criteria together. Thus, it can be seen from the total weight
that hybrid approaches are the least suitable to be chosen, while signal
processing-based methods are the most appropriate islanding detection
method to be selected and implemented in power system with respect to the
aforementioned factors. Using Expert Choice software, the proposed
hierarchy model is studied and examined.
Enhancing of single-stage grid-connected photovoltaic system using fuzzy logi...IJECEIAES
The power generated by photovoltaic (PV) systems is influenced by
environmental factors. This variability hampers the control and utilization of
solar cells' peak output. In this study, a single-stage grid-connected PV
system is designed to enhance power quality. Our approach employs fuzzy
logic in the direct power control (DPC) of a three-phase voltage source
inverter (VSI), enabling seamless integration of the PV connected to the
grid. Additionally, a fuzzy logic-based maximum power point tracking
(MPPT) controller is adopted, which outperforms traditional methods like
incremental conductance (INC) in enhancing solar cell efficiency and
minimizing the response time. Moreover, the inverter's real-time active and
reactive power is directly managed to achieve a unity power factor (UPF).
The system's performance is assessed through MATLAB/Simulink
implementation, showing marked improvement over conventional methods,
particularly in steady-state and varying weather conditions. For solar
irradiances of 500 and 1,000 W/m2
, the results show that the proposed
method reduces the total harmonic distortion (THD) of the injected current
to the grid by approximately 46% and 38% compared to conventional
methods, respectively. Furthermore, we compare the simulation results with
IEEE standards to evaluate the system's grid compatibility.
Enhancing photovoltaic system maximum power point tracking with fuzzy logic-b...IJECEIAES
Photovoltaic systems have emerged as a promising energy resource that
caters to the future needs of society, owing to their renewable, inexhaustible,
and cost-free nature. The power output of these systems relies on solar cell
radiation and temperature. In order to mitigate the dependence on
atmospheric conditions and enhance power tracking, a conventional
approach has been improved by integrating various methods. To optimize
the generation of electricity from solar systems, the maximum power point
tracking (MPPT) technique is employed. To overcome limitations such as
steady-state voltage oscillations and improve transient response, two
traditional MPPT methods, namely fuzzy logic controller (FLC) and perturb
and observe (P&O), have been modified. This research paper aims to
simulate and validate the step size of the proposed modified P&O and FLC
techniques within the MPPT algorithm using MATLAB/Simulink for
efficient power tracking in photovoltaic systems.
Adaptive synchronous sliding control for a robot manipulator based on neural ...IJECEIAES
Robot manipulators have become important equipment in production lines, medical fields, and transportation. Improving the quality of trajectory tracking for
robot hands is always an attractive topic in the research community. This is a
challenging problem because robot manipulators are complex nonlinear systems
and are often subject to fluctuations in loads and external disturbances. This
article proposes an adaptive synchronous sliding control scheme to improve trajectory tracking performance for a robot manipulator. The proposed controller
ensures that the positions of the joints track the desired trajectory, synchronize
the errors, and significantly reduces chattering. First, the synchronous tracking
errors and synchronous sliding surfaces are presented. Second, the synchronous
tracking error dynamics are determined. Third, a robust adaptive control law is
designed,the unknown components of the model are estimated online by the neural network, and the parameters of the switching elements are selected by fuzzy
logic. The built algorithm ensures that the tracking and approximation errors
are ultimately uniformly bounded (UUB). Finally, the effectiveness of the constructed algorithm is demonstrated through simulation and experimental results.
Simulation and experimental results show that the proposed controller is effective with small synchronous tracking errors, and the chattering phenomenon is
significantly reduced.
Remote field-programmable gate array laboratory for signal acquisition and de...IJECEIAES
A remote laboratory utilizing field-programmable gate array (FPGA) technologies enhances students’ learning experience anywhere and anytime in embedded system design. Existing remote laboratories prioritize hardware access and visual feedback for observing board behavior after programming, neglecting comprehensive debugging tools to resolve errors that require internal signal acquisition. This paper proposes a novel remote embeddedsystem design approach targeting FPGA technologies that are fully interactive via a web-based platform. Our solution provides FPGA board access and debugging capabilities beyond the visual feedback provided by existing remote laboratories. We implemented a lab module that allows users to seamlessly incorporate into their FPGA design. The module minimizes hardware resource utilization while enabling the acquisition of a large number of data samples from the signal during the experiments by adaptively compressing the signal prior to data transmission. The results demonstrate an average compression ratio of 2.90 across three benchmark signals, indicating efficient signal acquisition and effective debugging and analysis. This method allows users to acquire more data samples than conventional methods. The proposed lab allows students to remotely test and debug their designs, bridging the gap between theory and practice in embedded system design.
Detecting and resolving feature envy through automated machine learning and m...IJECEIAES
Efficiently identifying and resolving code smells enhances software project quality. This paper presents a novel solution, utilizing automated machine learning (AutoML) techniques, to detect code smells and apply move method refactoring. By evaluating code metrics before and after refactoring, we assessed its impact on coupling, complexity, and cohesion. Key contributions of this research include a unique dataset for code smell classification and the development of models using AutoGluon for optimal performance. Furthermore, the study identifies the top 20 influential features in classifying feature envy, a well-known code smell, stemming from excessive reliance on external classes. We also explored how move method refactoring addresses feature envy, revealing reduced coupling and complexity, and improved cohesion, ultimately enhancing code quality. In summary, this research offers an empirical, data-driven approach, integrating AutoML and move method refactoring to optimize software project quality. Insights gained shed light on the benefits of refactoring on code quality and the significance of specific features in detecting feature envy. Future research can expand to explore additional refactoring techniques and a broader range of code metrics, advancing software engineering practices and standards.
Smart monitoring technique for solar cell systems using internet of things ba...IJECEIAES
Rapidly and remotely monitoring and receiving the solar cell systems status parameters, solar irradiance, temperature, and humidity, are critical issues in enhancement their efficiency. Hence, in the present article an improved smart prototype of internet of things (IoT) technique based on embedded system through NodeMCU ESP8266 (ESP-12E) was carried out experimentally. Three different regions at Egypt; Luxor, Cairo, and El-Beheira cities were chosen to study their solar irradiance profile, temperature, and humidity by the proposed IoT system. The monitoring data of solar irradiance, temperature, and humidity were live visualized directly by Ubidots through hypertext transfer protocol (HTTP) protocol. The measured solar power radiation in Luxor, Cairo, and El-Beheira ranged between 216-1000, 245-958, and 187-692 W/m 2 respectively during the solar day. The accuracy and rapidity of obtaining monitoring results using the proposed IoT system made it a strong candidate for application in monitoring solar cell systems. On the other hand, the obtained solar power radiation results of the three considered regions strongly candidate Luxor and Cairo as suitable places to build up a solar cells system station rather than El-Beheira.
An efficient security framework for intrusion detection and prevention in int...IJECEIAES
Over the past few years, the internet of things (IoT) has advanced to connect billions of smart devices to improve quality of life. However, anomalies or malicious intrusions pose several security loopholes, leading to performance degradation and threat to data security in IoT operations. Thereby, IoT security systems must keep an eye on and restrict unwanted events from occurring in the IoT network. Recently, various technical solutions based on machine learning (ML) models have been derived towards identifying and restricting unwanted events in IoT. However, most ML-based approaches are prone to miss-classification due to inappropriate feature selection. Additionally, most ML approaches applied to intrusion detection and prevention consider supervised learning, which requires a large amount of labeled data to be trained. Consequently, such complex datasets are impossible to source in a large network like IoT. To address this problem, this proposed study introduces an efficient learning mechanism to strengthen the IoT security aspects. The proposed algorithm incorporates supervised and unsupervised approaches to improve the learning models for intrusion detection and mitigation. Compared with the related works, the experimental outcome shows that the model performs well in a benchmark dataset. It accomplishes an improved detection accuracy of approximately 99.21%.
We have designed & manufacture the Lubi Valves LBF series type of Butterfly Valves for General Utility Water applications as well as for HVAC applications.
Build the Next Generation of Apps with the Einstein 1 Platform.
Rejoignez Philippe Ozil pour une session de workshops qui vous guidera à travers les détails de la plateforme Einstein 1, l'importance des données pour la création d'applications d'intelligence artificielle et les différents outils et technologies que Salesforce propose pour vous apporter tous les bénéfices de l'IA.
Open Channel Flow: fluid flow with a free surfaceIndrajeet sahu
Open Channel Flow: This topic focuses on fluid flow with a free surface, such as in rivers, canals, and drainage ditches. Key concepts include the classification of flow types (steady vs. unsteady, uniform vs. non-uniform), hydraulic radius, flow resistance, Manning's equation, critical flow conditions, and energy and momentum principles. It also covers flow measurement techniques, gradually varied flow analysis, and the design of open channels. Understanding these principles is vital for effective water resource management and engineering applications.
AI in customer support Use cases solutions development and implementation.pdfmahaffeycheryld
AI in customer support will integrate with emerging technologies such as augmented reality (AR) and virtual reality (VR) to enhance service delivery. AR-enabled smart glasses or VR environments will provide immersive support experiences, allowing customers to visualize solutions, receive step-by-step guidance, and interact with virtual support agents in real-time. These technologies will bridge the gap between physical and digital experiences, offering innovative ways to resolve issues, demonstrate products, and deliver personalized training and support.
https://www.leewayhertz.com/ai-in-customer-support/#How-does-AI-work-in-customer-support
Sri Guru Hargobind Ji - Bandi Chor Guru.pdfBalvir Singh
Sri Guru Hargobind Ji (19 June 1595 - 3 March 1644) is revered as the Sixth Nanak.
• On 25 May 1606 Guru Arjan nominated his son Sri Hargobind Ji as his successor. Shortly
afterwards, Guru Arjan was arrested, tortured and killed by order of the Mogul Emperor
Jahangir.
• Guru Hargobind's succession ceremony took place on 24 June 1606. He was barely
eleven years old when he became 6th Guru.
• As ordered by Guru Arjan Dev Ji, he put on two swords, one indicated his spiritual
authority (PIRI) and the other, his temporal authority (MIRI). He thus for the first time
initiated military tradition in the Sikh faith to resist religious persecution, protect
people’s freedom and independence to practice religion by choice. He transformed
Sikhs to be Saints and Soldier.
• He had a long tenure as Guru, lasting 37 years, 9 months and 3 days
Height and depth gauge linear metrology.pdfq30122000
Height gauges may also be used to measure the height of an object by using the underside of the scriber as the datum. The datum may be permanently fixed or the height gauge may have provision to adjust the scale, this is done by sliding the scale vertically along the body of the height gauge by turning a fine feed screw at the top of the gauge; then with the scriber set to the same level as the base, the scale can be matched to it. This adjustment allows different scribers or probes to be used, as well as adjusting for any errors in a damaged or resharpened probe.
Fisher exact Boschloo and polynomial vector learning for malware detection
1. International Journal of Electrical and Computer Engineering (IJECE)
Vol. 13, No. 3, June 2023, pp. 2942~2952
ISSN: 2088-8708, DOI: 10.11591/ijece.v13i3.pp2942-2952 2942
Journal homepage: http://ijece.iaescore.com
Fisher exact Boschloo and polynomial vector learning for
malware detection
Sheelavathy Veerabhadrappa Kudrekar, Udaya Rani Vinayaka Murthy
Department of Computer Science and Engineering, REVA University, Bengalore, India
Article Info ABSTRACT
Article history:
Received Apr 8, 2022
Revised Sep 27, 2022
Accepted Oct 1, 2022
Computer technology shows swift progress that has infiltrated people’s lives
with the candidness and pliability of computers to work ease shows security
breaches. Thus, malware detection methods perform modifications in
running the malware based on behavioral and content factors. The factors are
taken into consideration compromises of convergence rate and speed. This
research paper proposed a method called fisher exact Boschloo and
polynomial vector learning (FEB-PVL) to perform both content and
behavioral-based malware detection with early convergence to speed up the
process. First, the input dataset is provided as input then fisher exact
Boschloo’s test Bernoulli feature extraction model is applied to obtain
independent observations of two binary variables. Next, the extracted
network features form input to polynomial regression support vector
learning to different malware classes from benign classes. The proposed
method validates the results with respect to the malware and the benign files.
The present research aimed to develop the behaviors to detect the accuracy
process of the features that have minimum time speeds the overall
performances. The proposed FEB-PVL increases the true positive rate and
reduces the false positive rate and hence increasing the precision rate using
FEB-PVL by 7% compared to existing approaches.
Keywords:
Behavior-based network feature
Content-based network feature
Malware detection
Polynomial regression
Support vector learning
This is an open access article under the CC BY-SA license.
Corresponding Author:
Sheelavathy Veerabhadrappa Kudrekar
Department of Computer Science and Engineering, REVA University
Bengalore, India
Email: Sheela.kv@reva.edu.in
1. INTRODUCTION
In recent years, the computer system is retained to secure from malware infection which is a
substantial ultimatum [1]. There is rapid growth and also intricacy for malware as it is creating a big issue for
network and computer security [2]. A hypervisor content-based malware detection method uses the
hypervisor [3]. The comparison is done for prevailing the hypervisor content based on the proposed method
as it used a new model for a sophisticated crafted monitoring element which was injected into the guest
operating system address space [4]. Moreover, the hypervisor in the proposed content-based malware
detection method also safeguarded the monitoring component from detection and modification [5]. The
performances are evaluated and handled by the guest context finds negligible contributes to the overhead of
minimum [6]. However, the developed model focused on detecting malware based on content [7]. A novel
behavior-based malware detection method was proposed in [8].
To design this method, a dynamic analysis environment with various behaviors artifacts is extracted
such as printable string information (PSI), calls, application programming interface (API) calls, registry
changes, operations, and network activities, with the help of count vectorization, string tokens of the
vocabulary were created [9]–[12]. Next, a singular value decomposition model was utilized that in turn
2. Int J Elec & Comp Eng ISSN: 2088-8708
Fisher exact Boschloo and polynomial vector learning for … (Sheelavathy Veerabhadrappa Kudrekar)
2943
minimized the feature matrix dimension. Finally, malware classifiers were trained and therefore results in
moderate accuracy [13]–[15]. Despite improvement observed in terms of accuracy, efforts were not made in
addressing content-based malware detection [16], [17]. The creation and curating of a large set of useful
features consume significant amounts of time [18], [19]. The motivation for malware detection is that the
malware detection model concentrates mainly on content and behavior aspects [20].
Leon et al. [21] performed a hypervisor-assisted dynamic malware analysis. The developed model
detected the malware and the latter significantly showed improvement in performance. The developed model
analyzed the malware with respect to the context of the operating system (OS) which made it completely
transparent for running OS. The OS component was camouflaged by a hypervisor and analyzed the model to
run OS and its applications. However, the model has a hypervisor that failed to meet the transparency. Singh
and Singh [22] analyzed the behavioral artifacts using machine learning algorithms for detecting malicious
software. The runtime features were extracted to set the dynamic analysis in an environment by Cuckoo
sandbox. The primary features were processed to develop a malware classifier that overcame the problem of
the existing research problem. The model experimentally tested the inclusion of features that showed
improvement in accuracy for the malware classifiers. Vinayakumar et al. [23] developed a deep learning
model for malware detection using a robust intelligent model of an advanced type. However, the most
significant direction for malware detection was an important step to improve safety.
Lu et al. [24] developed a hybrid deep-learning model for Android-based malware detection. The
android malware detection uses a deep learning model as it combines deep belief network (DBN) and gate
recurrent unit (GRU). However, the separate model and traditional machine learning algorithm were used to
improve and optimize to reduce the time cost. Xiao et al. [25] utilized a deep learning model for behavior
graphs (BDLF) to detect malware. However, the stacked autoencoders (SAEs) had inserted one another, and
the last layer required classifiers to some extent. Semi-supervised technique for recognizing distributed denial
of service in an SD-honeypot network environment has been developed by Sumadi et al. [26]. Faieq and
Mijwil [27] proposed the support vector machine (SVM) and artificial neural network (ANN), two
techniques for the early identification of cardiac disease. The medical information was obtained from a
database maintained by the University of California, Irvine (UCI), and it includes 170 individuals’ reports.
The analysis’ findings validated the SVM technique is ideal use, which yields highly accurate prediction
outcomes.
In [28], various machine-learning approaches were put to the test to evaluate how well they
identified ransomware attacks. The gain ratio was used as a feature selection approach to choose the top
1,000 features from raw bytes. To obtain considerable ransomware detection accuracy, three separate
classifiers that were accessible in the Waikato environment for knowledge analysis (WEKA) based machine
learning platform has been investigated. Security concerns and potential cyber-attacks were mentioned in
[29] as a result of the utilization of the main prominent VM apps by academic institutions. Additionally, a
thorough comparison of the various VM programs from the viewpoint of cybersecurity was done. In contrast,
Ojugo and Oyemade [30] suggested using a string match method as part of a deep learning ensemble on a
hybrid spam filtering method to normalize noisy features, expand text, and use semantic dictionaries of
categorization to train underlying learning algorithms and accurately categorize SMS into legitimate and
spam classes. The objective of the survey by Nordin et al. [31] was to do a comparative examination of the
metaheuristic fuzzy modeling algorithms for phishing attack detection. Apache spark machine learning
library (MLlib), that serves as an open source, independent, scalable, and distributed learning library, has
been proven by Ali et al. [32]. However, the Boruta feature selection method was used in [33] to identify the
most crucial features while building a machine learning model.
Convolutional neural networks (CNN) and large short-term memories were combined to provide a
method for identifying cross-site scripting (XSS) attacks while taking the cross-site scripting attack into
consideration [34]. Long short-term memory (LSTM) decoding, generalization, and tokenization were first
used to pre-process the XSS data set, after which word2vec was used to turn the phrases in the XSS payloads
into word vectors. After that, train and test word vectors using CNN and LSTM to develop an algorithm that
could be applied to a web-based application. By recommending a system that employs feature selection based
on an ensemble extra tree classifier technique and machine learning classifier, Alkaaf et al. [35] have
supplied exploring permission in android applications utilizing ensemble-based extra tree feature selection to
investigate the sequence of malware apps interpreting authorizations. A malicious uniform resource locator
(URL) detection method employing optimization and machine learning classifiers has been developed by Lee
et al. [36]. To identify applications with dangerous URLs, the static analysis combined with machine learning
has been employed. This integration with other important properties leads to encouraging results and
increased detection accuracy in this work. Particle swarm optimization (PSO), a bio-inspired technique has
been utilized to optimize the properties of URLs. It demonstrates that naive Bayes and SVM may achieve
excellent detection accuracy when detecting dangerous URLs.
3. ISSN: 2088-8708
Int J Elec & Comp Eng, Vol. 13, No. 3, June 2023: 2942-2952
2944
From the overall analysis of the above-stated literature, the existing model has a hypervisor that
failed to meet the transparency, because it requires the extension for the layer to improve the precision. In
order to overcome those issues, the fisher exact Boschloo and polynomial vector learning (FEB-PVL) model
is proposed. The major contributions of this research are i) that this research develops the fisher exact
Boschloo and the polynomial vector learning model for the detection of content, and behavior-based features;
ii) additionally, the integration method is performed for the selection of network features based on the
dissimilar features among the benign and malware classes; and iii) the network features utilized in benign and
malware classes showed classification among benign and malware classes.
This research paper is structured as: section 2 explains the proposed FEB-PVL model for malware
detection. The results evaluated are provided in section 4. The comparative analysis for the precision
performance is stated in section 4. And the conclusion of this research work is presented in section 5.
2. FISHER EXACT BOSCHLOO AND POLYNOMIAL VECTOR LEARNING (FEB-PVL)
The FEB-PVL is proposed to design both content and behavioral-based malware detection. The
integrated method selects the network features by identifying the dissimilarity between malware and benign
classes. As the network features are normally utilized in malware and hardly utilized in benign classes that
are more paramount to different malware classes from benign classes an objective function of the proposed
method is split into two parts. Figure 1 shows the structure of the FEB-PVL method. As shown in Figure 1,
the network anomaly dataset is provided with input at first and then fisher exact Boschloo’s test Bernoulli
feature extraction model is used. The design of the contingency table extracts both content-based network
features and behavior-based network features.
Figure 1. Structure of FEB-PVL method
2.1. Fisher exact Boschloo’s test Bernoulli feature extraction model
The procedure of feature extraction plays a very significant role in deciding the cost-effectiveness
and accuracy of the malware detection process. It focuses on influencing the feature subset that assists in
significantly differentiating between malicious and benign files. In this section, fisher exact Boschloo’s test
Bernoulli feature extraction model is designed with the purpose of extracting both content-based and
behavior-based network features in a timely and efficient manner.
The fisher exact Boschloo’s test Bernoulli feature extraction being a statistical significance test is
valid for all sample sizes. The exact tests are owed with the significance of divergence from the null
hypothesis estimated. Instead of this, an approximation has become an exact limit that shows an increase in
sample size with statistical tests arranged numerously. With this advantage, absolute features are extracted in
a timely and accurate manner. Comprising of three different features 𝐹 as shown in Table 1, i.e., basic
4. Int J Elec & Comp Eng ISSN: 2088-8708
Fisher exact Boschloo and polynomial vector learning for … (Sheelavathy Veerabhadrappa Kudrekar)
2945
features 𝐵𝐹, content-related features 𝐶 and time related traffic features 𝑇𝑇𝐹, the objective remains in
extracting the relevant features promptly and ensuring an early convergence rate. Let us consider a sample of
2 ∗ 2 contingency as given in Table 1.
Table 1. Sample contingency table
Row Columns Total
𝐶1 𝐶2
𝑅1 𝐹11 𝐹12 𝐹11 + 𝐹12
𝑅2 𝐹21 𝐹22 𝐹21 + 𝐹22
𝑇𝑜𝑡𝑎𝑙 𝐹11 + 𝐹21 𝐹12 + 𝐹22 𝑛
As given in the sample contingency Table 1, 𝐹𝑖𝑗 represents the feature in row 𝑖 and column 𝑗, 𝐹11 +
𝐹12 represent the sum of two features in row 𝑖 and 𝐹12 + 𝐹22 denotes the sum of two features in column 𝑗,
respectively. Then, the probability of obtaining the values as in the above contingency table based on the
hypergeometric distribution function is mathematically expressed in (1)-(3).
𝑃𝑟𝑜𝑏 (𝑅1𝐶1 → 𝑅2𝐶1) =
(
𝐹11+𝐹12
𝐹11
)(
𝐹21+𝐹22
𝐹21
)
(
𝑛
𝐹11+𝐹21
)
(1)
𝑃𝑟𝑜𝑏 (𝑅1𝐶2 → 𝑅2𝐶2) =
(
𝐹11+𝐹12
𝐹12
)(
𝐹21+𝐹22
𝐹22
)
(
𝑛
𝐹12+𝐹21
)
(2)
𝑃𝑟𝑜𝑏(𝑅1𝐶1 → 𝑅2𝐶1 ∪ 𝑅1𝐶2 → 𝑅2𝐶2) =
(𝐹11+𝐹21)!(𝐹21+𝐹22)!(𝐹11+𝐹21)!(𝐹12+𝐹22)!
𝐹11!𝐹12!𝐹21!𝐹22!
(3)
From (1)-(3), (
𝑛
𝑙
) denotes the network connection vector binomial coefficients and exclamation
mark! represents factorial representing with 𝑙 denoting a 2 × 2 contingency table, respectively. Then, the
probability that network feature vectors are positive in a random selection is based on the significance level
from a larger network feature vector set. It is containing elements in total out of which are positive using the
hypergeometric distribution function that is mathematically stated as given in (4) and (5).
𝑍𝑝(𝐹1, 𝐹0) =
𝑝1
′ −𝑝0
′
√𝑝′(1−𝑝) (
1
𝑛1
+
1
𝑛0
)
(4)
𝑝𝑖
′
=
𝐹𝑖
𝑛𝑖
; 𝑝′
=
𝐹1+𝐹0
𝑛1+𝑛0
(5)
From (4), and (5), 𝑝𝑖
′
represents the group network connection vector event rates and 𝑝𝑖
′
denotes the
pooled network connection vector event rate 𝑝′
respectively. Moreover, 𝑝0 and 𝑝1 denote the expected and
variance random values of the Bernoulli distribution. The higher the significance level obtained based on
hyper-geometric distribution function, the higher is the probability of extracting the features. The pseudo-
code representation of hyper-geometric fisher exact Bernoulli feature extraction is given in Algorithm 1.
Algorithm 1. Hyper-geometric fisher exact Bernoulli feature extraction
Input: Features 𝐹 = {𝐵𝐹 ∪ 𝐶𝐹}, basic features 𝐵𝐹 = {𝑏𝑓1,𝑏𝑓2,…, 𝑏𝑓9}, content features 𝐶𝐹 =
{𝑐𝑓1, 𝑐𝑓2, … ., 𝑐𝑓13}
Output: Precise content-based and behavior-based significant feature 𝑆𝐹 = 𝑆𝐹1,𝑆𝐹2, 𝑆𝐹3, …, 𝑆𝐹
𝑛
1: Begin
2: For each Features 𝐹
3: For each basic features 𝐵𝐹, content features 𝐶𝐹
4: Obtain contingency table based on hyper-geometric distribution function as in (1), (2)
and (3)
4: Estimate significance level from a larger network feature vector set as in (4) and (5)
5: Return (high significance feature 𝑆𝐹)
6: End for
7: End for
8: End
As given in the above hyper-geometric fisher exact Bernoulli feature extraction model, an objective
function for the extraction of highly précised information is provided. At the first, a contingency table is used
5. ISSN: 2088-8708
Int J Elec & Comp Eng, Vol. 13, No. 3, June 2023: 2942-2952
2946
for the hyper-geometric distribution function for modeling it. With the employment of this hyper-geometric
distribution function, the probability of obtaining a certain number of successes for the corresponding
network connection vector without the replacement of specific basic feature, content-related, and time-related
traffic feature size. Also, it explores the relationship of two Bernoulli distributed random variables by
employing fisher exact Boschloo’s test via contingency table. The weights are evaluated based on fisher
exact Boschloo’s test that utilized a table for the behavior-based and content-based features that have to be
extracted precisely to ensure a convergence rate better.
2.2. Polynomial regression support vector learning model
With the extracted content-based and behavior-based network features, malware is detected using
the polynomial regression support vector learning model. Malware detection refers to the procedure of
detecting the malware presence by differentiating whether a software code is malicious or benign. Early
malware detection helps the hackers from malicious users to intercept the data packets to compromise the
information. By using the polynomial regression support vector learning model, the grouping of significant
network features is performed via polynomial kernel, therefore it maximizes the margin of detection and
classification. Let us consider training data (𝑎𝑖, 𝑏𝑖) for 𝑖 = 1,2,3, … 𝑛, where each 𝑎𝑖 is a real-valued
significant feature vector of length 𝑛 and each 𝑏𝑖 ∈ {−1, +1} refers to the equivalent class label. This is
mathematically formulated as (6).
𝑇𝐷 = {(𝑎𝑖, 𝑏𝑖)| 𝑎𝑖 ∈ 𝑆𝐹, 𝑏𝑖 ∈ {−1, +1}} (6)
In (6), 𝑎𝑖 represents the training sample consisting of 𝑛 samples with 𝑏𝑖 representing the binary label
related to the 𝑖𝑡ℎ
vector. Then, for a degree 𝑑 polynomials, the polynomial kernel is mathematically
formulated as given in (7), where 𝑆𝐹 and 𝑐 refer to the vectors in the input space (i.e., significant features)
and the parameter 𝑝 trading of higher order versus lower order. On the other hand, as a kernel, 𝐾 refers to the
innermost consequence in a feature space based on the mapping parameter 𝜑 as formulated in (8).
𝐾(𝑆𝐹, 𝑐) = (𝑆𝐹𝑇
𝑐 + 𝑝)𝑑
(7)
𝐾(𝑆𝐹, 𝑐) =< 𝜑(𝑎), 𝜑(𝑐) > (8)
The weight mapping between input space and feature space for each significant feature is then
updated as given in (9), where 𝑆𝐹 represents the significant feature, 𝑅𝑆 is the random sample selected from
the set of significant features, 𝑁𝑁(𝑆𝑅𝑆) denotes the nearest neighbor from the same random sample whereas
𝑁𝑁(𝐷𝑅𝑆) represents the nearest neighbor from different samples respectively, the weight update of each
feature is obtained. Therefore, the polynomial regression support vector learning is proposed for estimating
the relationship between two network features using quadratic kernel feature mapping and a statistical
pattern.
𝑊(𝑆𝐹) = 𝑊(𝑆𝐹) −
𝐷𝑖𝑓𝑓 [𝑆𝐹,𝑅𝑆,𝑁𝑁(𝑆𝑅𝑆)]
𝑛
+
𝐷𝑖𝑓𝑓 [𝑆𝐹,𝑅𝑆,𝑁𝑁(𝐷𝑅𝑆)]
𝑛
(9)
Therefore, to find the benign classes and attack classes, speeding up the process is performed for
malware detection using (10) and (11). Based on the weight update and regrouping for a parameter 𝑝
regression kernel results are obtained from (10) and (11). Then, for a hyperplane parametrized by vector 𝑤
and a parameter 𝑝 the classification rule between malicious class and benign class for early malware
detection is mathematically expressed as given in (12).
𝐾(𝑆𝐹, 𝑐) = (∑ 𝑆𝐹𝑖, 𝑐𝑖
𝑛
𝑖=1 + 𝑝)2
(10)
= ∑ (𝑆𝐹𝑖
2)(𝑐𝑖
2) + ∑ ∑ (√2𝑆𝐹𝑖𝑆𝐹𝑗)(√2𝑐𝑖𝑐𝑗)
𝑛
𝑗−1 + ∑ (√2𝑝𝑆𝐹𝑖)(√2𝑝𝑐𝑖)
𝑛
𝑖=1
𝑛
𝑖=1
𝑛
𝑖=1 (11)
𝐶𝑅 = ℎ𝑤(𝑆𝐹) = 𝑆𝑖𝑔𝑛 (𝑤𝑇
𝑆𝐹 + 𝑐) (12)
From (12), the function ℎ𝑤(𝑆𝐹) precisely classifies the training data or the significance feature,
therefore, improving the margin of detection and classification. The given polynomial quadratic support
vector learning for malware detection algorithm has the objective to detect the malware at an early stage. In a
timely manner, a polynomial regression function is first modeled via quadratic kernel feature by mapping the
6. Int J Elec & Comp Eng ISSN: 2088-8708
Fisher exact Boschloo and polynomial vector learning for … (Sheelavathy Veerabhadrappa Kudrekar)
2947
input space with the feature space. By performing this mapping, the relationships between two network
features (i.e., content-based and behavior-based) are determined with which highly significant results (i.e.,
network features) are considered as a malicious class and less significant results (i.e., network features) are
contemplated as benign classes. Finally, the vector kernel results, hyperplane is parameterized therefore
improving the margin of detection and classification. The pseudo code representation of polynomial
quadratic support vector learning for malware detection is given in Algorithm 2.
Algorithm 2. Polynomial quadratic support vector learning for malware detection
Input: Features 𝐹 = {𝐵𝐹 ∪ 𝐶𝐹}, basic features 𝐵𝐹 = {𝑏𝑓1,𝑏𝑓2,…, 𝑏𝑓9}, content features 𝐶𝐹 =
{𝑐𝑓1, 𝑐𝑓2, … ., 𝑐𝑓13}, Threshold 𝑇𝑃
Output: Timely and early malware detection
1: Initialize high significance feature 𝑆𝐹
2: Initialize threshold values 𝑇ℎ𝑟𝑒𝑠ℎ𝐻𝐸𝑟𝑟, 𝑇ℎ𝑟𝑒𝑠ℎ𝐷𝑢𝑟, 𝑇ℎ𝑟𝑒𝑠ℎ𝑁𝐹𝑖𝑙𝑒, 𝑇ℎ𝑟𝑒𝑠ℎ𝐹𝐿𝑜𝑔𝑖𝑛𝑠
3: Begin
4: For each high significance feature 𝑆𝐹 as input
5: Formulate polynomial kernel as in (7)
6: Perform quadratic kernel feature mapping as in (8) and (9)
7: Evaluate weight update and regrouping as in (10) and (11)
8: Classify between malicious class and benign class as in (12)
9: Return (classified results)
10: If 𝐶𝑅 < 𝑇ℎ𝑟𝑒𝑠ℎ𝐻𝐸𝑟𝑟 then no attack
11: Else attack type is DDoS
12: End if
13: If 𝐶𝑅 < 𝑇ℎ𝑟𝑒𝑠ℎ𝐷𝑢𝑟 then no attack
14: Else attack type is Probing
15: End if
16: If 𝐶𝑅 < 𝑇ℎ𝑟𝑒𝑠ℎ𝑁𝐹𝑖𝑙𝑒 then no attack
17: Else attack type is U2R
18: End if
19: If 𝐶𝑅 < 𝑇ℎ𝑟𝑒𝑠ℎ𝐹𝐿𝑜𝑔𝑖𝑛𝑠 then no attack
20: Else attack type is R2L
21: End if
22: End for
23: End
3. EVALUATION OF PERFORMANCE PARAMETERS
In the results section of the research, the underlying definitions of the performance parameters
employed assess the proposed method for malware detection. The proposed method is conducted for fisher
exact Boschloo and polynomial vector learning to detect the malware attack. Based on the behavior and
content of the network features, the implementation is done in Java.
Fair comparisons for a similar number of connections or counts are utilized in the network for
anomaly detection [3]. An in-depth analysis is proposed to be made for malware detection performance using
FEB-PVL with respect to three different parameters, attack detection time, attack detection overhead, and
precision for estimating the malware detection performance. Attack detection time symbolizes the time
consumed in detecting different types of attacks, namely, DDoS, probing, U2R, and R2L, respectively. This
is mathematically formulated as given in (13).
𝐴𝐷𝑇 = ∑ 𝐶𝑜𝑢𝑛𝑡𝑖 ∗ 𝑇𝑖𝑚𝑒 (𝐴𝐷[𝐶𝑏𝑎𝑠𝑒𝑑 + 𝐵𝑏𝑎𝑠𝑒𝑑])
𝑛
𝑖=1 (13)
From (13), the attack detection time 𝐴𝐷𝑇 is measured based on the number of connections taken
into consideration for simulation 𝐶𝑜𝑢𝑛𝑡𝑖 and the time consumed in detecting the content-based 𝐶𝑏𝑎𝑠𝑒𝑑 and
behavior-based 𝐵𝑏𝑎𝑠𝑒𝑑 network feature, respectively. It is measured in terms of milliseconds (ms). The
second parameter of significance is the attack detection overhead. A small portion of memory is said to be
consumed during the attack detection process and this is mathematically formulated as given in (14).
𝐴𝐷𝑂 = ∑ 𝐶𝑜𝑢𝑛𝑡𝑖 ∗ 𝑀𝑒𝑚 (𝐴𝐷[𝐶𝑏𝑎𝑠𝑒𝑑 + 𝐵𝑏𝑎𝑠𝑒𝑑])
𝑛
𝑖=1 (14)
From (14), the attack detection overhead 𝐴𝐷𝑂 is measured based on the connections involved
𝐶𝑜𝑢𝑛𝑡𝑖 and the memory consumed in detecting content-based 𝐶𝑏𝑎𝑠𝑒𝑑 and behavior-based network features
𝐵𝑏𝑎𝑠𝑒𝑑. It is measured in terms of kilobytes (KB). Finally, precision quantifies the number of positive class
predictions that belong to the positive class. This is mathematically formulated as given in (15), where the
precision rate 𝑃 is estimated based on the number of malware cases identified as malware 𝑁𝑢𝑚𝑀−𝑀 and the
number of benign cases identified as malware 𝑁𝑢𝑚𝐵−𝑀 respectively.
7. ISSN: 2088-8708
Int J Elec & Comp Eng, Vol. 13, No. 3, June 2023: 2942-2952
2948
𝑃 =
𝑁𝑢𝑚𝑀−𝑀 (𝑇𝑃)
𝑁𝑢𝑚𝑀−𝑀 (𝑇𝑃)+𝑁𝑢𝑚𝐵−𝑀(𝐹𝑃)
(15)
3.1. Dataset details
In this section, the detailed analysis of the network anomaly dataset [37] considered for detecting
different types of malwares is discussed. The majority of anomaly-based detection techniques have been the
subject of extensive research in the intrusion detection field for a very long period, whereas anomaly
detection is frequently thought of as a more potent technique in academic research because of its theoretical
potential for addressing various attacks. Three different types of network connection vectors are called basic
features of each network connection vector; content-related features of each network connection vector are
analyzed.
3.2. Performance analysis of attack detection time
Table 2 shows the results of attack detection time using three methods, FEB-PVL, hypervisor
content-based malware detection [21], and behavior-based malware detection [22] respectively. From the
results, it is evident that FEB-PVL consumes comparatively minimum attack detection time than hypervisor
content-based malware detection [21] and behavior-based malware detection [22]. For a detailed comparison
of the methods, the indicator line chart is shown in Figure 2.
Table 2. Attack detection time using FEB-PVL, hypervisor content-based malware detection [21] and
behavior-based malware detection [22]
Count Attack detection time (ms)
FEB-PVL Hypervisor content-based malware detection Behavior-based malware detection
15 6.075 6.375 7.275
30 7.085 10.115 13.315
45 9.325 13.255 19.255
60 11.515 15.125 20.215
75 15.355 18.315 25.325
90 19.215 25.215 34.135
105 21.535 29.315 40.55
120 28.595 40.235 49.215
135 35.455 45.155 53.585
150 41.255 51.255 60.215
Figure 2. Graphical representation of attack detection time
From Figure 2, performances were compared in terms of average attack detection time for distinct
numbers of connections (i.e., count) ranging from 15 to 150. The results obtained show that the attack
detection time of the proposed method FEB-PVL is better and rise more steadily than the other methods,
[21], [22]. Moreover, it can also be inferred from Figure 2 that the proposed FEB-PVL method consumes less
time to detect both the content and behavior types of attacks. Both of the models outperform [21], [22] in
terms of both qualities of services and convergence speed. Also from the figure, when the overall network
connection vector (i.e., count) increases, the proposed method exhibits more stability. But in the case of [21],
[22], the probability of identifying attack detection time becomes robust. Hence, the FEB-PVL method
discloses adequate convergence features. The attack detection time is minimized considerably upon the
increase in the number of connections.
8. Int J Elec & Comp Eng ISSN: 2088-8708
Fisher exact Boschloo and polynomial vector learning for … (Sheelavathy Veerabhadrappa Kudrekar)
2949
3.3. Performance analysis of attack detection overhead
Table 3 lists the results of attack detection overhead using three methods, FEB-PVL, Hypervisor
content-based malware detection [21] and behavior-based malware detection [22], respectively. From the
results, it is evident that FEB-PVL is better than, Hypervisor content-based malware detection [21] and
behavior-based malware detection [22] in terms of attack detection overhead. Figure 3 illustrates the average
attack detection overhead of the FEB-PVL, hypervisor content-based malware detection [21], and behavior-
based malware detection [22].
Table 3. Attack detection overhead using FEB-PVL, hypervisor content-based malware detection [21]
and behavior-based malware detection [22]
Count Attack detection overhead (KB)
FEB-PVL Hypervisor content-based malware detection Behavior-based malware detection
15 45 60 75
30 60 90 120
45 90 135 180
60 120 180 240
75 225 300 375
90 270 360 450
105 315 420 525
120 360 480 600
135 405 540 675
150 450 600 750
Attack detection overhead is an essential performance parameter as it denotes the detection
overhead and also measures to which extent the network connection vectors were busy to detect the malware.
The result represents that the attack detection overhead of FEB-PVL is maintained at a high level which
means that it has the lowest detection overhead compared with hypervisor content-based malware detection
[21] and behavior-based malware detection [22]. Moreover, hypervisor content-based malware detection [21]
shows good performance in comparison with behavior-based malware detection [22]. However, the
divergence between the proposed method and these state-of-the-art methods, [21], [22] is predominant and
hence corroborates the significance of the proposed method based on learning. Therefore, the FEB-PVL
method has the adaptability to probe, explore and detect both content-based and behavior-based malware
intelligently. The comparison between the proposed method FEB-PVL shows that [22] exhibit less
performance than [21]. Also, the proposed FEB-PVL detects both the types of malwares.
Figure 3. Graphical representation of attack detection overhead
4. COMPARATIVE ANALYSIS OF PRECISION
Finally, Table 4 lists the results of precision rate using three methods, FEB-PVL, hypervisor
content-based malware detection [21] and behavior-based malware detection [22] respectively. From the
results, it is inferred that with the deployment of the FEB-PVL method, precision is comparatively increased
than enhanced heterogeneous earliest finish time based on rule (EHEFT-R) [21] and quantitative risk
assessment system (QRAS) [22]. Figure 4 illustrates the precision rate for 150 different network connections.
From Figure 4, it is inferred that the precision rate is neither directly proportional nor inversely
proportional to the number of network connection vectors provided as input. In other words, increasing the
9. ISSN: 2088-8708
Int J Elec & Comp Eng, Vol. 13, No. 3, June 2023: 2942-2952
2950
number of network connection vectors neither increases the precision rate nor decreases the precision rate.
However, the precision rate was higher for the existing methods [21], [22] when compared to the proposed
FEB-PVL method. The hyper-geometric fisher exact Bernoulli feature extraction algorithm can efficiently
control the drawback of [21], [22], therefore extracting the precise content-related and behavior-related
features via hyper-geometric distribution function. This in turn increases the true positive rate (i.e., the
number of malicious is identified as malicious and the number of benign is identified as benign cases) and
reduces the false positive rate and hence increasing the precision rate using FEB-PVL by 7% compared to
[21] and 14% compared to [22] respectively.
Table 4. Precision using FEB-PVL, hypervisor content-based malware detection [21]
and behavior-based malware detection [22]
Count
Precision (%)
FEB-PVL Hypervisor content-based malware detection Behavior-based malware detection
15 0.86 0.8 0.73
30 0.85 0.79 0.73
45 0.83 0.77 0.72
60 0.81 0.76 0.72
75 0.81 0.76 0.72
90 0.81 0.77 0.73
105 0.82 0.78 0.74
120 0.83 0.78 0.74
135 0.85 0.79 0.75
150 0.87 0.79 0.75
Figure 4. Graphical representation of precision
5. CONCLUSION
Detection of malicious code or malware at an early stage saves the time and money involved in the
software engineering process. Malicious code detection in recent years has been designed using learning
techniques. In this work, a fisher exact Boschloo and polynomial vector learning (FEB-PVL) performs both
content and behavioral-based malware detection with early convergence and speed. First, fisher exact
Boschloo’s test Bernoulli feature extraction model is designed based on a contingency table and hyper-
geometric distribution function. The polynomial regression support vector learning for early malware
detection is proposed by employing quadratic kernel feature mapping for significant classification between
benign classes and attack classes. The simulation results demonstrate the proposed FEB-PVL method
achieved a 7% improvement in precision when compared with existing hypervisor-assisted dynamic malware
analysis. Also, comparison simulation results disclosed that the proposed method outperforms recent state-of-
the-art malware detection methods in terms of attack detection time, attack detection overhead, and precision
rate.
REFERENCES
[1] X. Gao, C. Hu, C. Shan, B. Liu, Z. Niu, and H. Xie, “Malware classification for the cloud via semi-supervised transfer learning,”
Journal of Information Security and Applications, vol. 55, Dec. 2020, doi: 10.1016/j.jisa.2020.102661.
[2] X. Huang, L. Ma, W. Yang, and Y. Zhong, “A method for windows malware detection based on deep learning,” Journal of Signal
Processing Systems, vol. 93, no. 2–3, pp. 265–273, Mar. 2021, doi: 10.1007/s11265-020-01588-1.
1
0.8
0.6
0.4
0.2
0
10. Int J Elec & Comp Eng ISSN: 2088-8708
Fisher exact Boschloo and polynomial vector learning for … (Sheelavathy Veerabhadrappa Kudrekar)
2951
[3] V. Syrris and D. Geneiatakis, “On machine learning effectiveness for malware detection in Android OS using static analysis
data,” Journal of Information Security and Applications, vol. 59, Jun. 2021, doi: 10.1016/j.jisa.2021.102794.
[4] T. Aishwarya and V. Ravi Kumar, “Machine learning and deep learning approaches to analyze and detect COVID-19: a review,”
SN Computer Science, vol. 2, no. 3, May 2021, doi: 10.1007/s42979-021-00605-9.
[5] M. K. Alzaylaee, S. Y. Yerima, and S. Sezer, “DL-Droid: Deep learning based android malware detection using real devices,”
Computers and Security, vol. 89, Feb. 2020, doi: 10.1016/j.cose.2019.101663.
[6] D. Gibert, C. Mateu, and J. Planes, “The rise of machine learning for detection and classification of malware: Research
developments, trends and challenges,” Journal of Network and Computer Applications, vol. 153, Mar. 2020, doi:
10.1016/j.jnca.2019.102526.
[7] J. Hemalatha, S. Roseline, S. Geetha, S. Kadry, and R. Damaševičius, “An efficient DenseNet-based deep learning model for
malware detection,” Entropy, vol. 23, no. 3, Mar. 2021, doi: 10.3390/e23030344.
[8] J. Singh and J. Singh, “A survey on machine learning-based malware detection in executable files,” Journal of Systems
Architecture, vol. 112, Jan. 2021, doi: 10.1016/j.sysarc.2020.101861.
[9] D. Yuxin and Z. Siyi, “Malware detection based on deep learning algorithm,” Neural Computing and Applications, vol. 31, no. 2,
pp. 461–472, Feb. 2019, doi: 10.1007/s00521-017-3077-6.
[10] H.-S. Ham, H.-H. Kim, M.-S. Kim, and M.-J. Choi, “Linear SVM-based android malware detection for reliable IoT services,”
Journal of Applied Mathematics, pp. 1–10, 2014, doi: 10.1155/2014/594501.
[11] O. Aslan and R. Samet, “A comprehensive review on malware detection approaches,” IEEE Access, vol. 8, pp. 6249–6271, 2020,
doi: 10.1109/ACCESS.2019.2963724.
[12] Z. Liu, R. Wang, N. Japkowicz, D. Tang, W. Zhang, and J. Zhao, “Research on unsupervised feature learning for android malware
detection based on restricted Boltzmann machines,” Future Generation Computer Systems, vol. 120, pp. 91–108, Jul. 2021, doi:
10.1016/j.future.2021.02.015.
[13] V. Kouliaridis and G. Kambourakis, “A comprehensive survey on machine learning techniques for android malware detection,”
Information, vol. 12, no. 5, Apr. 2021, doi: 10.3390/info12050185.
[14] H. Cai, “Assessing and improving malware detection sustainability through app evolution studies,” ACM Transactions on
Software Engineering and Methodology, vol. 29, no. 2, pp. 1–28, Apr. 2020, doi: 10.1145/3371924.
[15] A. Pektaş and T. Acarman, “Deep learning for effective Android malware detection using API call graph embeddings,” Soft
Computing, vol. 24, no. 2, pp. 1027–1043, Jan. 2020, doi: 10.1007/s00500-019-03940-5.
[16] G. D’Angelo, M. Ficco, and F. Palmieri, “Malware detection in mobile environments based on Autoencoders and API-images,”
Journal of Parallel and Distributed Computing, vol. 137, pp. 26–33, Mar. 2020, doi: 10.1016/j.jpdc.2019.11.001.
[17] S. Jeon and J. Moon, “Malware-detection method with a convolutional recurrent neural network using Opcode Sequences,”
Information Sciences, vol. 535, pp. 1–15, Oct. 2020, doi: 10.1016/j.ins.2020.05.026.
[18] R. U. Khan, X. Zhang, and R. Kumar, “Analysis of ResNet and GoogleNet models for malware detection,” Journal of Computer
Virology and Hacking Techniques, vol. 15, no. 1, pp. 29–37, Mar. 2019, doi: 10.1007/s11416-018-0324-z.
[19] H. Darabian, A. Dehghantanha, S. Hashemi, S. Homayoun, and K.-K. R. Choo, “An opcode‐based technique for polymorphic
internet of things malware detection,” Concurrency and Computation: Practice and Experience, vol. 32, no. 6, Mar. 2020, doi:
10.1002/cpe.5173.
[20] E. Amer and I. Zelinka, “A dynamic windows malware detection and prediction method based on contextual understanding of
API call sequence,” Computers and Security, vol. 92, May 2020, doi: 10.1016/j.cose.2020.101760.
[21] R. S. Leon, M. Kiperberg, A. A. Leon Zabag, and N. J. Zaidenberg, “Hypervisor-assisted dynamic malware analysis,”
Cybersecurity, vol. 4, no. 1, Jun. 2021, doi: 10.1186/s42400-021-00083-9.
[22] J. Singh and J. Singh, “Detection of malicious software by analyzing the behavioral artifacts using machine learning algorithms,”
Information and Software Technology, vol. 121, May 2020, doi: 10.1016/j.infsof.2020.106273.
[23] R. Vinayakumar, M. Alazab, K. P. Soman, P. Poornachandran, and S. Venkatraman, “Robust intelligent malware detection using
deep learning,” IEEE Access, vol. 7, pp. 46717–46738, 2019, doi: 10.1109/ACCESS.2019.2906934.
[24] T. Lu, Y. Du, L. Ouyang, Q. Chen, and X. Wang, “Android malware detection based on a hybrid deep learning model,” Security
and Communication Networks, pp. 1–11, Aug. 2020, doi: 10.1155/2020/8863617.
[25] F. Xiao, Z. Lin, Y. Sun, and Y. Ma, “Malware detection based on deep learning of behavior graphs,” Mathematical Problems in
Engineering, pp. 1–10, Feb. 2019, doi: 10.1155/2019/8195395.
[26] F. D. S. Sumadi, C. S. K. Aditya, A. A. Maulana, S. Syaifuddin, and V. Suryani, “Semi-supervised approach for detecting
distributed denial of service in SD-honeypot network environment,” IAES International Journal of Artificial Intelligence (IJ-AI),
vol. 11, no. 3, pp. 1094–1100, Sep. 2022, doi: 10.11591/ijai.v11.i3.pp1094-1100.
[27] A. K. Faieq and M. M. Mijwil, “Prediction of heart diseases utilising support vector machine and artificial neural network,”
Indonesian Journal of Electrical Engineering and Computer Science (IJEECS), vol. 26, no. 1, pp. 374–380, Apr. 2022, doi:
10.11591/ijeecs.v26.i1.pp374-380.
[28] B. M. Khammas, “Comparative analysis of various machine learning algorithms for ransomware detection,” Telecommunication
Computing Electronics and Control (TELKOMNIKA), vol. 20, no. 1, Feb. 2022, doi: 10.12928/telkomnika.v20i1.18812.
[29] N. A. Karim and A. H. Ali, “E-learning virtual meeting applications: A comparative study from a cybersecurity perspective,”
Indonesian Journal of Electrical Engineering and Computer Science (IJEECS), vol. 24, no. 2, pp. 1121–1129, Nov. 2021, doi:
10.11591/ijeecs.v24.i2.pp1121-1129.
[30] A. A. Ojugo and D. A. Oyemade, “Boyer Moore string-match framework for a hybrid short message service spam filtering
technique,” IAES International Journal of Artificial Intelligence (IJ-AI), vol. 10, no. 3, pp. 519–527, Sep. 2021, doi:
10.11591/ijai.v10.i3.pp519-527.
[31] N. S. Nordin et al., “A comparative analysis of metaheuristic algorithms in fuzzy modelling for phishing attack detection,”
Indonesian Journal of Electrical Engineering and Computer Science (IJEECS), vol. 23, no. 2, pp. 1146–1158, Aug. 2021, doi:
10.11591/ijeecs.v23.i2.pp1146-1158.
[32] A. H. Ali, M. N. Abbod, M. K. Khaleel, M. A. Mohammed, and T. Sutikno, “Large scale data analysis using MLlib,”
Telecommunication Computing Electronics and Control (TELKOMNIKA), vol. 19, no. 5, Oct. 2021, doi:
10.12928/telkomnika.v19i5.21059.
[33] C. Aroef, Y. Rivan, and Z. Rustam, “Comparing random forest and support vector machines for breast cancer classification,”
Telecommunication Computing Electronics and Control (TELKOMNIKA), vol. 18, no. 2, Apr. 2020, doi:
10.12928/telkomnika.v18i2.14785.
[34] R. W. Kadhim and M. T. Gaata, “A hybrid of CNN and LSTM methods for securing web application against cross-site scripting
attack,” Indonesian Journal of Electrical Engineering and Computer Science (IJEECS), vol. 21, no. 2, pp. 1022–1029, Feb. 2021,
doi: 10.11591/ijeecs.v21.i2.pp1022-1029.
11. ISSN: 2088-8708
Int J Elec & Comp Eng, Vol. 13, No. 3, June 2023: 2942-2952
2952
[35] H. A. Alkaaf, A. Ali, S. M. Shamsuddin, and S. Hassan, “Exploring permissions in android applications using ensemble-based
extra tree feature selection,” Indonesian Journal of Electrical Engineering and Computer Science (IJEECS), vol. 19, no. 1,
pp. 543–552, Jul. 2020, doi: 10.11591/ijeecs.v19.i1.pp543-552.
[36] O. V. Lee et al., “A malicious URLs detection system using optimization and machine learning classifiers,” Indonesian Journal of
Electrical Engineering and Computer Science (IJEECS), vol. 17, no. 3, pp. 1210–1214, Mar. 2020, doi:
10.11591/ijeecs.v17.i3.pp1210-1214.
[37] Anush, “Network anamoly detection,” Kaggle. https://www.kaggle.com/datasets/anushonkar/network-anamoly-
detection?select=Train.txt (accessed Jan. 15, 2022).
BIOGRAPHIES OF AUTHORS
Sheelavathy Veerabhadrappa Kudrekar pursued M.Tech. degree in computer
science and engineering from Jain University. She has 12 years of teaching experience. Her
areas of interest and teaching include big data and data analytics, data warehousing, data
mining, and advanced database management systems. She is pursuing her Ph.D. at REVA
University. She has presented 1 paper at a national conference and published 1 paper in
international journals. Her qualifications are B. E., M. Tech., (Ph.D.). She can be contacted at
Sheela.kv@reva.edu.in.
Udaya Rani Vinayaka Murthy received her Ph.D. from the Mother Teresa
University, Kodaikanal, Tamil Nadu, India, in 2014, her M.Tech degree from MSRIT,
Bangalore, India, in 2009 under VTU, and her B.E. degree from SJCE, Mysore, India, in 1994
under VTU. She started her career as a lecturer in Govt. CPC Polytechnic, Mysore for one
year. She served as a lecturer in various colleges during her career such as NIE-Mysore,
SMSG JAIN COLLEGE-Bangalore, RBANM’s College-Bangalore, Nagarjuna College of
Management-Bangalore for five years, as HOD and assistant professor in Sambhram Institute
of Engineering-Bangalore for two years in the meanwhile she got BEST Lecturer Award. Now
she has been serving at REVA University as a senior associate professor since 2011. She is
having a total of 22 years of experience. She has published more than 60 journal papers in
national and international journals. Her research area includes data mining and warehousing,
machine learning, big data analytics, big data and Hadoop, and genetic algorithms. She is
currently guiding 8 students through their research at VTU and REVA University. Currently,
she is working as a senior associate professor in School of C&IT, as Head of IPR, and as a PG
coordinator at REVA University. She can be contacted at udayarani.v@reva.edu.in.