FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W4385481489> ?p ?o ?g. }

• W4385481489 abstract "Abstract Cyber attackers have constantly updated their attack techniques to evade antivirus software detection in recent years. One popular evasion method is to execute malicious code and perform malicious actions only in memory. Malicious programs that use this attack method are called memory-resident malware, with excellent evasion capability, and have posed huge threats to cyber security. Traditional static and dynamic methods are not effective in detecting memory-resident malware. In addition, existing memory forensics detection solutions perform unsatisfactorily in detection rate and depend on massive expert knowledge in memory analysis. This paper proposes MRm-DLDet, a state-of-the-art memory-resident malware detection framework, to overcome these drawbacks. MRm-DLDet first builds a virtual machine environment and captures memory dumps, then creatively processes the memory dumps into RGB images using a pre-processing technique that combines deduplication and ultra-high resolution image cropping, followed by our neural network MRmNet in MRm-DLDet to fully extract high-dimensional features from memory dump files and detect them. MRmNet receives the labeled sub-images of the cropped high-resolution RGB images as input of ResNet-18, which extracts the features of the sub-images. Then trains a network of gated recurrent units with an attention mechanism. Finally, it determines whether a program is memory-resident malware based on the detection results of each sub-image through a specially designed voting layer. We created a high-quality dataset consisting of 2,060 benign and memory-resident programs. In other words, the dataset contains 1,287,500 labeled sub-images cut from the MRm-DLDet transformed ultra-high resolution RGB images. We implement MRm-DLDet for Windows 10, and it performs better than the latest methods, with a detection accuracy of up to 98.34 $$%$$ <mml:math xmlns:mml=http://www.w3.org/1998/Math/MathML> <mml:mo>%</mml:mo> </mml:math> . Moreover, we measured the effects of mimicry and adversarial attacks on MRm-DLDet, and the experimental results demonstrated the robustness of MRm-DLDet." @default.
• W4385481489 created "2023-08-03" @default.
• W4385481489 creator A5004834139 @default.
• W4385481489 creator A5029912033 @default.
• W4385481489 creator A5031635208 @default.
• W4385481489 creator A5055207211 @default.
• W4385481489 creator A5057737324 @default.
• W4385481489 date "2023-08-03" @default.
• W4385481489 modified "2023-09-23" @default.
• W4385481489 title "MRm-DLDet: a memory-resident malware detection framework based on memory forensics and deep neural network" @default.
• W4385481489 cites W1976468890 @default.
• W4385481489 cites W1977415353 @default.
• W4385481489 cites W2010065958 @default.
• W4385481489 cites W2064675550 @default.
• W4385481489 cites W2135143063 @default.
• W4385481489 cites W2194775991 @default.
• W4385481489 cites W2517194566 @default.
• W4385481489 cites W2517430515 @default.
• W4385481489 cites W2620957293 @default.
• W4385481489 cites W2712617220 @default.
• W4385481489 cites W2744095836 @default.
• W4385481489 cites W2783112941 @default.
• W4385481489 cites W2801888526 @default.
• W4385481489 cites W2806294538 @default.
• W4385481489 cites W2959173014 @default.
• W4385481489 cites W2964199361 @default.
• W4385481489 cites W2969659874 @default.
• W4385481489 cites W2973628901 @default.
• W4385481489 cites W2996642256 @default.
• W4385481489 cites W3006334803 @default.
• W4385481489 cites W3006711782 @default.
• W4385481489 cites W3013896538 @default.
• W4385481489 cites W3118382796 @default.
• W4385481489 cites W3132223643 @default.
• W4385481489 cites W3135185324 @default.
• W4385481489 cites W3138173041 @default.
• W4385481489 cites W3208789089 @default.
• W4385481489 cites W4213012150 @default.
• W4385481489 doi "https://doi.org/10.1186/s42400-023-00157-w" @default.
• W4385481489 hasPublicationYear "2023" @default.
• W4385481489 type Work @default.
• W4385481489 citedByCount "0" @default.
• W4385481489 crossrefType "journal-article" @default.
• W4385481489 hasAuthorship W4385481489A5004834139 @default.
• W4385481489 hasAuthorship W4385481489A5029912033 @default.
• W4385481489 hasAuthorship W4385481489A5031635208 @default.
• W4385481489 hasAuthorship W4385481489A5055207211 @default.
• W4385481489 hasAuthorship W4385481489A5057737324 @default.
• W4385481489 hasBestOaLocation W43854814891 @default.
• W4385481489 hasConcept C111919701 @default.
• W4385481489 hasConcept C156731835 @default.
• W4385481489 hasConcept C176649486 @default.
• W4385481489 hasConcept C203014093 @default.
• W4385481489 hasConcept C2781251061 @default.
• W4385481489 hasConcept C35525427 @default.
• W4385481489 hasConcept C38652104 @default.
• W4385481489 hasConcept C41008148 @default.
• W4385481489 hasConcept C541664917 @default.
• W4385481489 hasConcept C86803240 @default.
• W4385481489 hasConcept C8891405 @default.
• W4385481489 hasConcept C98986596 @default.
• W4385481489 hasConceptScore W4385481489C111919701 @default.
• W4385481489 hasConceptScore W4385481489C156731835 @default.
• W4385481489 hasConceptScore W4385481489C176649486 @default.
• W4385481489 hasConceptScore W4385481489C203014093 @default.
• W4385481489 hasConceptScore W4385481489C2781251061 @default.
• W4385481489 hasConceptScore W4385481489C35525427 @default.
• W4385481489 hasConceptScore W4385481489C38652104 @default.
• W4385481489 hasConceptScore W4385481489C41008148 @default.
• W4385481489 hasConceptScore W4385481489C541664917 @default.
• W4385481489 hasConceptScore W4385481489C86803240 @default.
• W4385481489 hasConceptScore W4385481489C8891405 @default.
• W4385481489 hasConceptScore W4385481489C98986596 @default.
• W4385481489 hasFunder F4320322847 @default.
• W4385481489 hasIssue "1" @default.
• W4385481489 hasLocation W43854814891 @default.
• W4385481489 hasOpenAccess W4385481489 @default.
• W4385481489 hasPrimaryLocation W43854814891 @default.
• W4385481489 hasRelatedWork W2203413815 @default.
• W4385481489 hasRelatedWork W2470502009 @default.
• W4385481489 hasRelatedWork W2526398307 @default.
• W4385481489 hasRelatedWork W2620598574 @default.
• W4385481489 hasRelatedWork W2800989355 @default.
• W4385481489 hasRelatedWork W2969568306 @default.
• W4385481489 hasRelatedWork W3195170298 @default.
• W4385481489 hasRelatedWork W4210517283 @default.
• W4385481489 hasRelatedWork W4318068753 @default.
• W4385481489 hasRelatedWork W4368275542 @default.
• W4385481489 hasVolume "6" @default.
• W4385481489 isParatext "false" @default.
• W4385481489 isRetracted "false" @default.
• W4385481489 workType "article" @default.