Scientific Reports (Feb 2022)

Antivirus applied to JAR malware detection based on runtime behaviors

  • Ricardo P. Pinheiro,
  • Sidney M. L. Lima,
  • Danilo M. Souza,
  • Sthéfano H. M. T. Silva,
  • Petrônio G. Lopes,
  • Rafael D. T. de Lima,
  • Jemerson R. de Oliveira,
  • Thyago de A. Monteiro,
  • Sérgio M. M. Fernandes,
  • Edison de Q. Albuquerque,
  • Washington W. A. da Silva,
  • Wellington P. dos Santos

DOI
https://doi.org/10.1038/s41598-022-05921-5
Journal volume & issue
Vol. 12, no. 1
pp. 1 – 17

Abstract

Read online

Abstract Java vulnerabilities correspond to 91% of all exploits observed on the worldwide web. The present work aims to create antivirus software with machine learning and artificial intelligence and master in Java malware detection. Within the proposed methodology, the suspected JAR sample is executed to intentionally infect the Windows OS monitored in a controlled environment. In all, our antivirus monitors and considers, statistically, 6824 actions that the suspected JAR file can perform when executed. Our antivirus achieved an average performance of 91.58% in the distinction between benign and malware JAR files. Different initial conditions, learning functions and architectures of our antivirus are investigated. The limitations of commercial antiviruses can be supplied by intelligent antiviruses. Instead of blacklist-based models, our antivirus allows JAR malware detection preventively and not reactively as Oracle’s Java and traditional antivirus modus operandi.