Youness Mourtaji
Daniyal Alghazzawi
ABSTRACT
In this paper, we propose a deep learning framework for malware classification. There was a big boom within the quantity of malware in current years which poses an extreme safety chance to financial establishments, agencies, and people. In order to fight the proliferation of malware, new techniques are essential to quickly perceive and classify malware samples so that their behavior can be analyzed. Machine learning methods are becoming famous for classifying malware, but, the maximum of the modern gadget gaining knowledge of strategies for malware classification use machine learning algorithms (e.g., SVM). Currently, Convolutional Neural Networks (CNN), a deep getting to know approach, have proven advanced performance in comparison to traditional getting to know algorithms, particularly in duties which include image classification. Influenced by way of this achievement, we recommend a CNN-based architecture to classify malware samples. We convert malware binaries to a grayscale image, and at the end, we train a CNN network for classification. Experiments on hard malware classification datasets, Malimg, and Microsoft malware, reveal that our technique achieves higher than the modern-day overall performance.
- Malware definition," https://searchsecurity.techtarget.com/definition/malware", {online}, accessed: 2018-11-16.Google Scholar
- Malware Statistics & Trends Report | AV-Test," https://www.av-test.org/en/statistics/malware/", {online}, accessed: 2018-11-16.Google Scholar
- Internet Security Threat Report," https://www.symantec.com/content/dam/symantec/docs/reports/istr-23-2018-en.pdf", {online}, accessed: 2018-11-16.Google Scholar
- L. Nataraj, S. Karthikeyan, and B. Manjunath. 2015. Sattva: Sparsity inspired classification of malware variants. In Proceedings of the 3rd ACMWorkshop on Information Hiding and Multimedia Security. (ACM, 2015). 135--140. Google ScholarDigital Library
- W. Hardy, L. Chen, S. Hou, Y. Ye, and X. Li, "Dl4md: A deep learning framework for intelligent malware detection," In Proceedings of the International Conference on Data Mining (DMTN-2016), 61--67Google Scholar
- L. Nataraj, S. Karthikeyan, G. Jacob, and B. Manjunath.2011. Malware images: visualization and automatic classification. In Proceedings of the 8th international symposium on visualization for cyber security. (ACM,2011). Article N4.DOI= https://dl.acm.org/citation. cfm?doid=2016904.2016908. Google ScholarDigital Library
- K. Simonyan and A. Zisserman. 2014. Very deep convolutional networks for large-scale image recognition. arXiv preprint. (arXiv, 2014). 1409.1556. DOI= https://arxiv.org/abs/1409.1556.Google Scholar
- Microsoft malware classification challenge (big 2015), "https://www.kaggle.com/c/malware-classification". {online}. accessed: 2018-11-16.Google Scholar
- Microsoft malware classification challenge first place team: Say no to overfitting," http://blog.kaggle.com/2015/05/26/microsoft-malware-winners-interview-1st-place-no-to-overfitting/". {online}, accessed: 2018-11-16.Google Scholar
- Malimg Dataset Based on grayscale images." https://www.kaggle.com/afagarap/malimg-dataset". {online}, accessed: 2018-11-16.Google Scholar
- N. Idika and A. P. Mathur. 2007. A survey of malware detection techniques. Purdue University. Vol. 48, 2007. 2--48.Google Scholar
- I. You and K. Yim. 2010. Malware obfuscation techniques: A brief survey. In International Conference on Broadband, Wireless Computing, Communication, and Applications. (IEEE, 2010). 297--300. Google ScholarDigital Library
- A. H. Sung, J. Xu, P. Chavez, and S. Mukkamala. 2004. The static analyzer of vicious executables (save). Annual Computer Security Applications Conference. (IEEE, 2004). 326--334. Google ScholarDigital Library
- K. Rieck, T. Holz, C. Willems, P. Düssel, and P. Laskov. 2008. Learning and classification of malware behavior. International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. (Springer, 2008). 108--125. Google ScholarDigital Library
- M. G. Schultz, E. Eskin, F. Zadok, and S. J. Stolfo.2001. Data mining methods for the detection of new malicious executables. IEEE Symposium on Security and Privacy. (IEEE, 2001). 38--49. Google ScholarDigital Library
- J. Z. Kolter and M. A. Maloof. 2004. Learning to detect malicious executables in the wild. In Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining. (ACM, 2004). 470--478. Google ScholarDigital Library
- A. Oliva and A. Torralba. 2001. Modeling the shape of the scene: A holistic representation of the spatial envelope. In International journal of computer vision. vol. 42, no. 3 (Springer, 2001). 145--175. Google ScholarDigital Library
- A. Torralba, K. P. Murphy, W. T. Freeman, M. A. Rubin et al. 2003. Contextbased vision system for place and object recognition. In International Conference on Computer Vision, vol. 3, 2003. 273--280. Google ScholarDigital Library
- J. Drew, M. Hahsler, and T. Moore. 2017. Polymorphic malware detection using sequence classification methods and ensembles. In EURASIP Journal on Information Security. vol. 2017. no 1. P 2. (ACM, 2017). Google ScholarDigital Library
- Drew, M. Hahsler, and T. Moore. 2017. Polymorphic malware detection using sequence classification methods and ensembles. In EURASIP Journal on Information Security. vol. 2017. No 55. 2017. Google ScholarDigital Library
- M. Ahmadi, D. Ulyanov, S. Semenov, M. Trofimov, and G. Giacinto. 2016. Novel feature extraction, selection and fusion for effective malware family classification. In Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy. (ACM, 2016). 183--194. Google ScholarDigital Library
- Xgboost extreme gradient boosting."https://github.com/dmlc/xgboost". {online}.2017, accessed: 2018-11-16.Google Scholar
- Sang Ni, Quan Qian, Rui Zhang. 2018. Malware identification using visualization images and deep learning. Computers & Security. (2018). V77. 871--885.Google Scholar
- Intro to convolutional neural networks." https://www.tensorflow.org/tutorials/layers". {online}. accessed: 2018-11-16.Google Scholar
- SciPy," https://www.scipy.org/". {online}. accessed: 2018-11-16.Google Scholar
- Numpy, "http://www.numpy.org/". {online}. accessed: 2018-11-16.Google Scholar
- Keras. "https://keras.io/". {online}. accessed: 2018-11-16.Google Scholar
Index Terms
- Intelligent Framework for Malware Detection with Convolutional Neural Network
Recommendations
Image-based malware representation approach with EfficientNet convolutional neural networks for effective malware classification
AbstractThe targeted malware attacks are usually created by few crime groups. They may essentially use their existing malware sample malicious code to rebuild the variants for sophistication and evade the malware detection. This trend ...
Malware classification using byte sequence information
RACS '18: Proceedings of the 2018 Conference on Research in Adaptive and Convergent SystemsThe number of new malware and new malware variants have been increasing continuously. Security experts analyze malware to capture the malicious properties of malware and to generate signatures or detection rules, but the analysis overheads keep ...
A Novel Malware Analysis Framework for Malware Detection and Classification using Machine Learning Approach
ICDCN '18: Proceedings of the 19th International Conference on Distributed Computing and NetworkingNowadays, the digitization of the world is under a serious threat due to the emergence of various new and complex malware every day. Due to this, the traditional signature-based methods for detection of malware effectively become an obsolete method. The ...
Comments