Top

Journal of Computer Virology and Hacking Techniques

Published in:

14-05-2021 | Original Paper

Malware detection and classification using community detection and social network analysis

Authors: Varshini Reddy, Naimisha Kolli, N. Balakrishnan

Published in: Journal of Computer Virology and Hacking Techniques | Issue 4/2021

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Despite the efforts of antivirus vendors and researchers to overcome the threat of malware and its growth, malware remains a rampant problem causing significant economic and intellectual property loss. Malware developers evade commercial detection tools by introducing minor code changes and obfuscation, leading to the creation of variants of known malware families. The volume of malware variants being introduced is increasing every day, resulting in the need for new methods to detect and classify malware with high scalability in less time. To this end, we propose a novel technique that exploits community detection properties and social network analysis concepts. The proposed method is based on system call graphs obtained by extracting the system calls found in the execution of the malware files. To study the inherent characteristics of different malware families, we extract features conforming to community and social network properties and use them for classification. A set of 5 models ranging from using only OS-level actions, to the model that includes community-level features and social network features have been presented. The highest performance has been shown to arise when community-level features and social network features were used in combination with malware class-level features. A suite of 9 machine learning algorithms have been used, and the results have been compared. Our evaluation results demonstrate that our combined approach outperforms many previously used methods in malware detection and classification, being able to achieve precision, recall, and accuracy of more than 0.97 using Multilayer Perceptron and k-Nearest Neighbors.

previous article A novel method for malware detection based on hardware events using deep neural networks

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Infographic - Internet Security Insights Q1 2019. https://www.watchguard.com/wgrd-resource-center/infographic/internet-security-insights-q1-2019 (2018).

Ucci, D., Aniello, L., Baldoni, R.: Survey of machine learning techniques for malware analysis. Comput. Secur. 81, 123–147 (2019)CrossRef

Souri, A., Hosseini, R.: A state-of-the-art survey of malware detection approaches using data mining techniques. HCIS 8(1), 3 (2018). https://doi.org/10.1186/s13673-018-0125-xCrossRef

Gibert, D., Mateu, C., Planes, J.: The rise of machine learning for detection and classification of malware: research developments, trends and challenges. J. Netw. Comput. Appl. 153, 102526 (2020)CrossRef

Latha, H Pa RM.: Classification of malware detection using machine learning algorithms-a survey. Int. J. Sci. Res. Technol. 9(2), 1796–1802 (2020)

Jang, J.W., Woo, J., Mohaisen, A., Yun, J., Kim, H.K.: Mal-netminer: Malware classification approach based on social network analysis of system call graph. Math. Probl. Eng. 2015, 1–20 (2015)

Kim, H.M., Song, H.M., Seo, J.W., Kim, H.K.: Andro-simnet: Android malware family classification using social network analysis. In: 2018 16th Annual Conference on Privacy, Security and Trust (PST) 2018, pp. 1–8. IEEE

Cruickshank, I., Johnson, A., Davison, T., Elder, M., Carley, K.M.: Detecting malware communities using socio-cultural cognitive mapping. Comput. Math. Organ. Theory 26(3), 307–319 (2020)CrossRef

Cruickshank, I.J., Carley, K.M.: Analysis of malware communities using multi-modal features. IEEE Access 8, 77435–77448 (2020)CrossRef

10.

Jang, J., Brumley, D., Venkataraman, S.: Bitshred: feature hashing malware for scalable triage and semantic analysis. In: Proceedings of the 18th ACM conference on Computer and communications security 2011, pp. 309–320

11.

Ye, Y., Li, T., Adjeroh, D., Iyengar, S.S.: A survey on malware detection using data mining techniques. ACM Comput. Surv. (CSUR) 50(3), 1–40 (2017)CrossRef

12.

Balram, N., Hsieh, G., McFall, C.: Static Malware Analysis Using Machine Learning Algorithms on APT1 Dataset with String and PE Header Features. In: 2019 International Conference on Computational Science and Computational Intelligence (CSCI) 2019, pp. 90–95. IEEE

13.

Yewale, A., Singh, M.: Malware detection based on opcode frequency. In: 2016 International Conference on Advanced Communication Control and Computing Technologies (ICACCCT) 2016, pp. 646–649. IEEE

14.

Kolosnjaji, B., Zarras, A., Webster, G., Eckert, C.: Deep learning for classification of malware system call sequences. In: Australasian Joint Conference on Artificial Intelligence 2016, pp. 137–149. Springer

15.

Ye, Y., Wang, D., Li, T., Ye, D., Jiang, Q.: An intelligent PE-malware detection system based on association mining. J. Comput. Virol. 4(4), 323–334 (2008)CrossRef

16.

Chowdhury, M., Rahman, A., Islam, R.: Malware analysis and detection using data mining and machine learning classification. In: International Conference on Applications and Techniques in Cyber Security and Intelligence 2017, pp. 266–274. Springer

17.

Sharma, A.B., Prakash, B.A.: Graphs for Malware Detection: The Next Frontier.

18.

Park, Y., Reeves, D.S., Stamp, M.: Deriving common malware behavior through graph clustering. Comput. Secur. 39, 419–430 (2013)CrossRef

19.

Eskandari, M., Hashemi, S.: A graph mining approach for detecting unknown malwares. J. Vis. Lang. Comput. 23(3), 154–162 (2012)CrossRef

20.

Elhadi, A.A.E., Maarof, M.A., Barry, B.I.: Improving the detection of malware behaviour using simplified data dependent API call graph. Int. J. Secur. Appl. 7(5), 29–42 (2013)

21.

Chau, D.H.P., Nachenberg, C., Wilhelm, J., Wright, A., Faloutsos, C.: Polonium: Tera-scale graph mining and inference for malware detection. In: Proceedings of the 2011 SIAM International Conference on Data Mining 2011, pp. 131–142. SIAM

22.

Chen, L., Li, T., Abdulhayoglu, M., Ye, Y.: Intelligent malware detection based on file relation graphs. In: Proceedings of the 2015 IEEE 9th International Conference on Semantic Computing (IEEE ICSC 2015) 2015, pp. 85–92. IEEE

23.

Venkatesh, B., Choudhury, S.H., Nagaraja, S., Balakrishnan, N.: BotSpot: fast graph based identification of structured P2P bots. J. Comput. Virol. Hack. Tech. 11(4), 247–261 (2015)CrossRef

24.

Bhattacharya, A., Goswami, R.T.: Community based feature selection method for detection of android malware. J. Global Inf. Manag. (JGIM) 26(3), 54–77 (2018)CrossRef

25.

Kim, C.W.: Ntmaldetect: A machine learning approach to malware detection using native API system calls. arXiv preprint. arXiv1802.05412 (2018).

26.

Du, Y., Wang, J., Li, Q.: An android malware detection approach using community structures of weighted function call graphs. IEEE Access 5, 17478–17486 (2017)CrossRef

27.

Fan, M., Liu, J., Luo, X., Chen, K., Chen, T., Tian, Z., Zhang, X., Zheng, Q., Liu, T.: Frequent subgraph based familial classification of android malware. In: 2016 IEEE 27th International Symposium on Software Reliability Engineering (ISSRE) 2016, pp. 24–35. IEEE

28.

Girvan, M., Newman, M.E.: Community structure in social and biological networks. Proc. Natl. Acad. Sci. 99(12), 7821–7826 (2002)MathSciNetCrossRef

29.

Kim, S.: PE header analysis for malware detection. (2018).

30.

Kolli, N., Balakrishnan, N.: Hybrid Features for Churn Prediction in Mobile Telecom Networks with Data Constraints.

31.

Blondel, V.D., Guillaume, J.-L., Lambiotte, R., Lefebvre, E.: Fast unfolding of communities in large networks. J. Stat. Mech: Theory Exp. 2008(10), 10008 (2008)CrossRef

32.

Van Steen, M.: An introduction to graph theory and complex networks. Copyrighted material (2010).

33.

Goodfellow, I., Bengio, Y., Courville, A.: Deep Learning (Adaptive Computation and Machine Learning series). In. e MIT Press, Cambridge, England (2016)MATH

34.

Géron, A.: Hands-on machine learning with Scikit-Learn, Keras, and TensorFlow: concepts, tools, and techniques to build intelligent systems. Massachusetts, O’Reilly Media (2019)

35.

Roccia, T.: Malware packers use tricks to avoid analysis, detection. McAfee Blogs (2017).

36.

Devi, D., Nandi, S.: Detection of packed malware. In: Proceedings of the First International Conference on Security of Internet of Things 2012, pp. 22–26

37.

Yan, W., Zhang, Z., Ansari, N.: Revealing packed malware. IEEE Secur. Priv. 6(5), 65–69 (2008)CrossRef

38.

Afianian, A., Niksefat, S., Sadeghiyan, B., Baptiste, D.: Malware dynamic analysis evasion techniques: a survey. ACM Comput. Surv. (CSUR) 52(6), 1–28 (2019)CrossRef

39.

Miramirkhani, N., Appini, M.P., Nikiforakis, N., Polychronakis, M.: Spotless sandboxes: Evading malware analysis systems using wear-and-tear artifacts. In: 2017 IEEE Symposium on Security and Privacy (SP) 2017, pp. 1009–1024. IEEE

40.

Lindorfer, M., Kolbitsch, C., Comparetti, P.M.: Detecting environment-sensitive malware. In: International Workshop on Recent Advances in Intrusion Detection 2011, pp. 338–357. Springer

Title: Malware detection and classification using community detection and social network analysis
Authors: Varshini Reddy
Naimisha Kolli
N. Balakrishnan
Publication date: 14-05-2021
Publisher: Springer Paris
Published in: Journal of Computer Virology and Hacking Techniques / Issue 4/2021
Electronic ISSN: 2263-8733
DOI: https://doi.org/10.1007/s11416-021-00387-x

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 4/2021

A novel method for malware detection based on hardware events using deep neural networks

Understanding Linux kernel vulnerabilities

Data augmentation and transfer learning to classify malware images in a deep learning context

Signature-less ransomware detection and mitigation

Android malware classification using convolutional neural network and LSTM

Premium Partner