Malware Detection for Healthcare Data Security

  • Mozammel Chowdhury
  • Sharmin Jahan
  • Rafiqul Islam
  • Junbin Gao
Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 255)


In recent years, malware attacks against data and information is considered as a serious cyber threat in the industries and organizations. Cyber criminals attempt to attack and gain access to computer networks or systems of many organizations especially in the healthcare industry by malicious software or malware to breach or manipulate sensitive data, or to make illegal financial transactions. Healthcare organizations nowadays preserve huge sensitive data into virtual and cloud environments. As a result, targeted attacks on healthcare data have become more common in recent years. Hence, protecting the medical data is a big concern in the healthcare industry. This paper proposes an effective approach for malware detection and classification using machine learning techniques. The proposed scheme can uncover targeted attacks and stop spear phishing attacks on healthcare records by detecting advanced malware and attacker behavior and deliver custom sandbox analysis to identify malware. In this work, we employ dynamic features in order to achieve high accuracy in malware detection. Experimental results support the superior performance and effectiveness of the proposed method over similar approaches.


Malware Healthcare data Cyber security API call Machine learning 


  1. 1. Accessed 12 Mar 2018
  2. 2.
    Paster, M.: Why healthcare security needs a new approach to Malware. Health IT Security-Cybersecurity News, January 2015.
  3. 3.
  4. 4.
    Healthcare Data Breach Report: April 2018, posted by HIPPA Journal on 18 May 2018.
  5. 5.
    Islam, R., Tian, R., Batten, L.M., Versteeg, S.: Classification of malware based on integrated static and dynamic features. J. Netw. Comput. Appl. 36, 646–656 (2013)CrossRefGoogle Scholar
  6. 6.
    Tang, K., Zhou, M.T., Zuo, Z.-H.: An enhanced automated signature generation algorithm for polymorphic malware detection. J. Electron. Sci. Technol. China 8, 114–121 (2010)Google Scholar
  7. 7.
    Xu, X., Wang, X.: An adaptive network intrusion detection method based on PCA and support vector machines. In: Li, X., Wang, S., Dong, Z.Y. (eds.) ADMA 2005. LNCS (LNAI), vol. 3584, pp. 696–703. Springer, Heidelberg (2005). Scholar
  8. 8.
    O’Kane, P., Sezer, S., McLaughlin, K., Im, E.: SVM training phase reduction using dataset feature filtering for malware detection. IEEE Trans. Inf. Forensics Secur. 8(3), 500–509 (2013)CrossRefGoogle Scholar
  9. 9.
    Hadžiosmanović, D., Simionato, L., Bolzoni, D., Zambon, E., Etalle, S.: N-gram against the machine: on the feasibility of the N-Gram network analysis for binary protocols. In: Balzarotti, D., Stolfo, Salvatore J., Cova, M. (eds.) RAID 2012. LNCS, vol. 7462, pp. 354–373. Springer, Heidelberg (2012). Scholar
  10. 10.
    Chowdhury, M., Rahman, A., Islam, R.: Protecting data from malware threats using machine learning technique. In: IEEE Conference on Industrial Electronics and Applications (ICIEA 2017), Siem Reap, Cambodia, 18–20 June 2017Google Scholar
  11. 11.
    Chowdhury, M., Rahman, A., Islam, R.: Malware analysis and detection using data mining and machine learning classification. In: Abawajy, J., Choo, K.-K.R., Islam, R. (eds.) ATCI 2017. AISC, vol. 580, pp. 266–274. Springer, Cham (2018). Scholar
  12. 12.
    Devesa, J., Santos, I., Cantero, X., Penya, Y.K., Bringas, P.G.: Automatic behaviour-based analysis and classification system for malware detection. In: Proceedings of the 12th International Conference on Enterprise Information Systems (ICEIS) (2010)Google Scholar
  13. 13.
    Okane, P., Sezer, S., McLaughlin, K.: Obfuscation: the hidden malware. IEEE Secur. Priv. 9(5), 41–47 (2011)CrossRefGoogle Scholar
  14. 14.
    Moser, A., Kruegel, C., Kirda, E.: Limits of static analysis for malware detection. In: Proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC ’07), pp. 421–430, December 2007Google Scholar
  15. 15.
    Cavallaro, L., Saxena, P., Sekar, R.: On the limits of information flow techniques for malware analysis and containment. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol. 5137, pp. 143–163. Springer, Heidelberg (2008). Scholar
  16. 16.
    PEid Unpacker.
  17. 17.
    Tian, R., Islam, M.R., Batten, L., Versteeg, S.: Differentiating malware from cleanware using behavioural analysis. In: Proceedings of the 5th International Conference on Malicious and Unwanted Software (MALWARE 2010), Nancy, France, pp. 23–30 October 2010Google Scholar
  18. 18.
    Shankarapani, M., Kancherla, K., Ramammoorthy, S., Movva, R., Mukkamala, S.: Kernel machines for malware classification and similarity analysis. In: Proceedings of the International Joint Conference on Neural Networks (IJCNN ’10), pp. 1–6, July 2010Google Scholar
  19. 19.
    Shankarapani, M.K., Ramamoorthy, S., Movva, R.S., Mukkamala, S.: Malware detection using assembly and API call sequences. J. Comput. Virol. 7(2), 107–119 (2011)CrossRefGoogle Scholar
  20. 20.
    Ahmed, F., Hameed, H., Shafq, M.Z., Farooq, M.: Using spatio-temporal information in API calls with machine learning algorithms for malware detection. In: Proceedings of the 2nd ACM Workshop on Security and Artificial Intelligence, pp. 55–62, November 2009Google Scholar
  21. 21.
    Qiao, Y., Yang, Y., Ji, L., He, J.: Analyzing malware by abstracting the frequent item sets in API call sequences. In: Proceedings of the 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom ’13), pp. 265–270, July 2013Google Scholar
  22. 22.
    Rajagopalan, M., Hiltunen, M.A., Jim, T., Schlichting, R.D.: System call monitoring using authenticated system calls. IEEE Trans. Dependable Secure Comput. 3(3), 216–229 (2006)CrossRefGoogle Scholar
  23. 23.
    Abadi, M., Budiu, M., Erlingsson, U., Ligatti, J.: Control-flow integrity. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, pp. 340–353, November 2005Google Scholar
  24. 24.
    Tian, R., Islam, R., Batten, L., Versteeg, S.: Differentiating malware from cleanware using behavioural analysis. In: International Conference on Malicious and Unwanted Software: MALWARE 2010, pp. 23–30 (2010)Google Scholar
  25. 25.
  26. 26.
  27. 27.
    Weka library. Data mining software in Java.
  28. 28.
    VX Heaven collection. VX Heaven website.
  29. 29.
    Huda, S. et al.: Hybrids of support vector machine wrapper and filter-based framework for malware detection, Future Gener. Comput. Syst. 55, 376–390Google Scholar
  30. 30.
    Sharmeen, S., Huda, S., Abawajy, J.H., Ismail, W.N., Hassan, M.M.: Malware threats and detection for industrial mobile-IoT networks. IEEE Access 6, 15941–15957 (2018)CrossRefGoogle Scholar
  31. 31.
    Jahan, S., Chowdhury, M., Islam, R.: Robust user authentication model for securing electronic healthcare system using fingerprint biometrics. Int. J. Comput. Appl. (2018). Scholar
  32. 32.
    Jahan, S., Chowdhury, M., Islam, R., Gao, J.: Security and privacy protection for ehealth data. In: Doss, R., Piramuthu, S., Zhou, W. (eds.) FNSS 2018. CCIS, vol. 878, pp. 197–205. Springer, Cham (2018). Scholar
  33. 33.
    Jahan, S., Chowdhury, M., Islam, R., Chaudhry, J.: Securing healthcare data using biometric authentication. In: Lin, X., Ghorbani, A., Ren, K., Zhu, S., Zhang, A. (eds.) SecureComm 2017. LNICST, vol. 239, pp. 123–132. Springer, Cham (2018). Scholar
  34. 34.
    Jahan, S., Chowdhury, M., Islam, R.: Robust fingerprint verification for enhancing security in healthcare system. In: Image and Vision Computing New Zealand conference (IVCNZ 2017), 4–6 December 2017, Christchurch, New Zealand (2017)Google Scholar

Copyright information

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2018

Authors and Affiliations

  • Mozammel Chowdhury
    • 1
  • Sharmin Jahan
    • 2
  • Rafiqul Islam
    • 1
  • Junbin Gao
    • 3
  1. 1.School of Computing and MathematicsCharles Sturt UniversityBathurstAustralia
  2. 2.Department of Biochemistry and Molecular BiologyJahangirnagar UniversityDhakaBangladesh
  3. 3.School of BusinessThe University of SydneySydneyAustralia

Personalised recommendations