nach oben

Erschienen in:

2019 | OriginalPaper | Buchkapitel

A Detailed Investigation and Analysis of Deep Learning Architectures and Visualization Techniques for Malware Family Identification

verfasst von : S. Akarsh, Prabaharan Poornachandran, Vijay Krishna Menon, K. P. Soman

Erschienen in: Cybersecurity and Secure Information Systems

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

At present time, malware is one of the biggest threats to Internet service security. This chapter propose a novel file agnostic deep learning architecture for malware family identification which converts malware binaries into gray scale images and then identifies their families by a hybrid in-house model, Convolutional Neural Network and Long Short Term Memory (CNN-LSTM). The significance of the hybrid model enables the network to capture the spatial and temporal features which can be used effectively to distinguish among malwares. In this novel method, usual methods like disassembly, de-compiling, de-obfuscation or execution of the malware binary need not be done. Various experiments were run to identify an optimal deep learning network parameters and network structure on benchmark and well-known data set. All experiments were run at a learning rate 0.1 for 1,000 epochs. To select a model which is generalizable, various test-train splits were done during experimentation. Additionally. this facilitates to find how well the models perform on imbalanced data sets. Experimental results shows that the hybrid model is very effective for malware family classification in all the train-test splits. It indicates that the model can work in unevenly distributed samples too. The classification accuracy obtained by deep learning architectures on all train-test splits performed better than other compared classical machine learning algorithms and existing method based on deep learning. Finally, a scalable framework based on deep learning and visualization approach is proposed which can be used in real time for malware family identification.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Clustering Based Cybersecurity Model for Cloud Data

Nächstes Kapitel Design and Implementation of a Research and Education Cybersecurity Operations Center

https://www.symantec.com/security-center/threat-report.

https://nakedsecurity.sophos.com/2017/05/17/wannacry-the-ransomware-worm-that-didnt-arrive-on-a-phishing-hook/.

https://www.bbc.com/news/world-europe-39907965.

https://www.theverge.com/2017/5/14/15637888/authorities-wannacry-ransomware-attack-spread-150-countries.

https://www.tensorflow.org/.

https://keras.io/.

https://scikit-learn.org/stable/.

Elhoseny H, Elhoseny M, Abdelrazek S, Riad AM, Hassanien AE (2017) Ubiquitous smart learning system for smart cities. In: 2017 Eighth international conference on intelligent computing and information systems (ICICIS). IEEE, pp 329–334

Elhoseny H, Elhoseny M, Riad AM, Hassanien AE (2018) A framework for big data analysis in smart cities. In: International conference on advanced machine learning technologies and applications. Springer, Cham, pp 405–414CrossRef

Farahat IS, Tolba AS, Elhoseny M, Eladrosy W (2019) Data security and challenges in smart cities. In: Security in smart cities: models, applications, and challenges. Springer, Cham, pp 117–142

Ghandour AG, Elhoseny M, Hassanien AE (2019) Blockchains for smart cities: a survey. In: Security in smart cities: models, applications, and challenges. Springer, Cham, pp 193–210

Azmoodeh A, Dehghantanha A, Conti M, Choo KKR (2017) Detecting crypto-ransomware in IoT networks based on energy consumption footprint. J Ambient Intell Hum Comput 1–12

Azmoodeh A, Dehghantanha A, Choo KKR (2018) Robust malware detection for internet of (battlefield) things devices using deep eigenspace learning. IEEE Trans Sustain Comput

Gammons B (2017) 6 Must-know cybersecurity statistics for 2017—Barkly blog [Blog post]. Retrieved from https://blog.barkly.com/cyber-security-statistics-2017

Vinayakumar R, Soman KP, Poornachandran P (2017) Applying convolutional neural network for network intrusion detection. In: 2017 International conference on advances in computing, communications and informatics (ICACCI). IEEE, pp 1222–1228

Vinayakumar R, Soman KP, Poornachandran P (2018) Detecting malicious domain names using deep learning approaches at scale. J Int Fuzzy Syst 34(3):1355–1367

10.

Nataraj L, Karthikeyan S, Jacob G, Manjunath BS (2011) Malware images: visualization and automatic classification. In: Proceedings of the 8th international symposium on visualization for cyber security. ACM, p 4

11.

Kirat D, Nataraj L, Vigna G, Manjunath BS (2013) Sigmal: a static signal processing based malware triage. In: Proceedings of the 29th annual computer security applications conference. ACM, pp 89–98

12.

Rao H, Shi X, Rodrigue AK, Feng J, Xia Y, Elhoseny M, Gu L (2019) Feature selection based on artificial bee colony and gradient boosting decision tree. Appl Soft Comput 74:634–642CrossRef

13.

Vinayakumar R, Poornachandran P, Soman KP (2018) Scalable framework for cyber threat situational awareness based on domain name systems data analysis. In: Big data in engineering applications. Springer, Singapore, pp 113–142

14.

Vinayakumar R, Soman KP, Poornachandran P (2018) Evaluating deep learning approaches to characterize and classify malicious URLs. J Intell Fuzzy Syst 34(3):1333–1343CrossRef

15.

Vinayakumar R, Soman KP, Velan KS, Ganorkar S (2017). Evaluating shallow and deep networks for ransomware detection and classification. In: 2017 International conference on advances in computing, communications and informatics (ICACCI). IEEE, pp 259–265

16.

Vinayakumar R, Soman KP, Poornachandran P (2017) Applying deep learning approaches for network traffic prediction. In: 2017 International conference on advances in computing, communications and informatics (ICACCI). IEEE, pp 2353–2358

17.

Vinayakumar R, Soman KP, Poornachandran P (2017) Deep encrypted text categorization. In: 2017 International conference on advances in computing, communications and informatics (ICACCI). IEEE, pp 364–370

18.

Vinayakumar R, Soman KP, Poornachandran P (2017) Deep android malware detection and classification. In: 2017 International conference on advances in computing, communications and informatics (ICACCI). IEEE, pp 1677–1683

19.

Vinayakumar R, Soman KP, Poornachandran P (2017) Long short-term memory based operation log anomaly detection. In: 2017 International conference on advances in computing, communications and informatics (ICACCI). IEEE, pp 236–242

20.

Vinayakumar R, Soman KP, Poornachandran P (2017). Evaluating effectiveness of shallow and deep networks to intrusion detection system. In: 2017 International conference on advances in computing, communications and informatics (ICACCI). IEEE, pp 1282–1289

21.

Vinayakumar R, Soman KP, Poornachandran P (2017) Evaluation of recurrent neural network and its variants for intrusion detection system (IDS). Int J Inf Syst Model Des (IJISMD) 8(3):43–63CrossRef

22.

Vinayakumar R, Soman KP, Poornachandran P, Mohan VS, Kumar AD (2019) ScaleNet: scalable and hybrid framework for cyber threat situational awareness based on DNS, URL, and email data analysis. J Cyber Secur Mob 8(2):189–240CrossRef

23.

Vinayakumar R, Soman KP (2018) DeepMalNet: evaluating shallow and deep networks for static PE malware detection. ICT Express 4(4):255–258CrossRef

24.

Mohan VS, Vinayakumar R, Soman KP, Poornachandran P (2018) Spoof net: syntactic patterns for identification of ominous online factors. In: 2018 IEEE security and privacy workshops (SPW). IEEE, pp 258–263

25.

Kim CH, Kabanga EK, Kang SJ (2018) Classifying malware using convolutional gated neural network. In 2018 20th International conference on advanced communication technology (ICACT). IEEE, pp 40–44

26.

Agarap AF, Pepito FJH (2017) Towards building an intelligent anti-malware system: a deep learning approach using support vector machine (SVM) for malware classification. arXiv preprint arXiv:1801.00318

27.

Gibert D, Mateu C, Planes J, Vicens R (2018) Using convolutional neural networks for classification of malware represented as images. J Comput Virol Hacking Tech 1–14

28.

Nataraj L, Yegneswaran V, Porras P, Zhang J (2011) A comparative assessment of malware classification using binary texture analysis and dynamic analysis. In: Proceedings of the 4th ACM workshop on security and artificial intelligence. ACM, pp 21–30

29.

Han KS, Lim JH, Kang B, Im EG (2015) Malware analysis using visualized images and entropy graphs. Int J Inf Secur 14(1):1–14CrossRef

30.

Ahmadi M, Ulyanov D, Semenov S, Trofimov M, Giacinto G (2016). Novel feature extraction, selection and fusion for effective malware family classification. In: Proceedings of the sixth ACM conference on data and application security and privacy. ACM, pp 183–194

31.

Nataraj L, Karthikeyan S, Manjunath BS (2015) SATTVA: SpArsiTy inspired classificaTion of malware VAriants. In: Proceedings of the 3rd ACM workshop on information hiding and multimedia security. ACM, pp 135–140

32.

Garcia FCC, Muga II, Felix P (2016) Random forest for malware classification. arXiv preprint arXiv:1609.07770

33.

Yue S (2017) Imbalanced malware images classification: a CNN based approach. arXiv preprint arXiv:1708.08042

34.

Luo JS, Lo DCT (2017) Binary malware image classification using machine learning with local binary pattern. In: 2017 IEEE international conference on big data (big data). IEEE, pp 4664–4667

35.

Makandar A, Patrot A (2017) Malware class recognition using image processing techniques. In: 2017 International conference on data management, analytics and innovation (ICDMAI). IEEE, pp 76–80

36.

Yajamanam S, Selvin VRS, Di Troia F, Stamp M (2018) Deep learning versus gist descriptors for image-based malware classification. In: ICISSP, pp 553–561

37.

Kabanga EK, Kim CH (2017) Malware images classification using convolutional neural network. J Comput Commun 6(01):153CrossRef

38.

Zhou X, Pang J, Liang G (2017) Image classification for malware detection using extremely randomized trees. In: 2017 11th IEEE international conference on anti-counterfeiting, security, and identification (ASID). IEEE, pp 54–59

39.

Yan J, Qi Y, Rao Q (2018) Detecting malware with an ensemble method based on deep neural network. Hindawi Secur Communi Netw 2018:7247095

40.

Kalash M, Rochan M, Mohammed N, Bruce ND, Wang Y, Iqbal F (2018) Malware classification with deep convolutional neural networks. In: 2018 9th IFIP international conference on new technologies, mobility and security (NTMS). IEEE, pp 1–5

41.

Su J, Vargas DV, Prasad S, Sgandurra D, Feng Y, Sakurai K (2018) Lightweight classification of IoT malware based on image recognition. arXiv preprint arXiv:1802.03714

42.

Dai Y, Li H, Qian Y, Lu X (2018) A malware classification method based on memory dump grayscale image. Digital Invest 27:30–37CrossRef

43.

Ni S, Qian Q, Zhang R (2018) Malware identification using visualization images and deep learning. Comput Secur

44.

Sun G, Qian Q (2018) Deep learning and visualization for identifying malware families. IEEE Trans Dependable Secure Comput

Titel: A Detailed Investigation and Analysis of Deep Learning Architectures and Visualization Techniques for Malware Family Identification
verfasst von: S. Akarsh
Prabaharan Poornachandran
Vijay Krishna Menon
K. P. Soman
Verlag: Springer International Publishing
Buch: Cybersecurity and Secure Information Systems
Print ISBN: 978-3-030-16836-0

Electronic ISBN: 978-3-030-16837-7

Copyright-Jahr: 2019
DOI: https://doi.org/10.1007/978-3-030-16837-7_12

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"