Top

Journal of Computer Virology and Hacking Techniques

Published in:

27-01-2018 | Original Paper

Visual malware detection using local malicious pattern

Authors: Hashem Hashemi, Ali Hamzeh

Published in: Journal of Computer Virology and Hacking Techniques | Issue 1/2019

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

In recent years, malware authors have had significant developments in offering new generations of malware and have tried to use different methods to make malware detection hard, so detecting malware has become one of the most important challenges for the security of computer systems. These developments have made detection of malware using conventional methods rather difficult and in many cases impossible. Thus, inventing new methods for detecting malware is critical. In this paper, a new method is proposed to detect unknown malware based on micro-patterns within the executable files. In the proposed method, for extracting required micro-patterns, one of the well-known methods in machine vision field is used. The proposed method works as follows: first executable files are converted into digital images; second, these images are used to extract visual features of the executable files; finally, machine learning methods are used to detect malware. The main idea of the proposed method is based on differences in the behavior and functionality of malware and benign files, where different behavior results in different micro-patterns which can be used to distinguish between malware and benign files. Accordingly, in this paper a textural image classification method is used which aims to extract micro-patterns of digital textural images, to detect and extract micro-patterns of executable files and use them to detect malware.

next article Using convolutional neural networks for classification of malware represented as images

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

www.hex-rays.com/products/ida/index.shtml.

http://vxheaven.org.

http://www.eset.com.

http://www.kaspersky.com.

https://www.hex-rays.com/products/ida/.

Bazrafshan, Z., Hashemi, H., Fard, S.M.H., Hamzeh, A.: A survey on heuristic malware detection techniques. In: IKT 2013—2013 5th Conference on Information and Knowledge Technology, pp. 113–120 (2013)

Harrington, P.: Machine Learning in Action, vol. 5. Greenwich, CT: Manning (2012)

Yang, Y., Newsam, S.: Comparing sift descriptors and gabor texture features for classification of remote sensed imagery. In: Proceedings of International Conference on Image Processing, ICIP, pp. 1852–1855 (2008)

Ding, Y., Dai, W., Yan, S., Zhang, Y.: Control flow-based opcode behavior analysis for Malware detection. Comput. Secur. 44(2007), 65–74 (2014)CrossRef

Santos, I., Devesa, J., Brezo, F., Nieves, J., Bringas, P.G.: OPEM: a static-dynamic approach for machine-learning-based malware detection. Adv. Intell. Syst. Comput. (AISC) 189, 271–280 (2013)

Santos, I., Brezo, F., Ugarte-Pedrero, X., Bringas, P.G.: Opcode sequences as representation of executables for data-mining-based unknown malware detection. Inf. Sci. (Ny) 231, 64–82 (2013)MathSciNetCrossRef

Devesa, J., Santos, I., Cantero, X., Penya, Y.K., Bringas, P.G.: Automatic behaviour-based analysis and classification system for malware detection. Computer (Long. Beach. Calif) 2, 395–399 (2010)

Khorsand, Z., Hamzeh, A.: A novel compression-based approach for malware detection using PE header. In: IKT 2013—2013 5th Conference on Information and Knowledge Technology, pp. 127–133 (2013)

Zhou, Y., Inge, W.M.: Malware detection using adaptive data compression. In: Proceedings of the 1st ACM Work. Work. AISec, pp. 53–60 (2008)

10.

Hashemi, H., Azmoodeh, A., Hamzeh, A., Hashemi, S.: Graph embedding as a new approach for unknown malware detection. J. Comput. Virol. Hacking Tech. 13(3), 153–166 (2017)CrossRef

11.

Lin, F., Cohen, W.W.: Power iteration clustering. In: Proceedings of 27th International Conference on Machine Learning, pp. 655–662 (2010)

12.

Farrokhmanesh, M., Hamzeh, A.: A novel method for malware detection using audio signal processing techniques. In: 2016 Artificial Intelligence and Robotics (IRANOPEN), pp. 85–91 (2016)

13.

Conti, G., Dean, E., Sinda, M., Sangster, B.: Visual reverse engineering of binary and data files. Vis. Comput. Secur. 1–17 (2008)

14.

Conti, G., et al.: A Visual Study of Primitive Binary Fragment Types. Black Hat USA, pp. 1–17 (2010)

15.

Yoo, I.: Visualizing windows executable viruses using self-organizing maps. In: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security—VizSEC/DMSEC ’04, p. 82 (2004)

16.

Kohonen, T.: Self-organizing maps. Springer Ser. Inf. Sci. 30, 1–45 (2001)MathSciNetMATH

17.

Han, K., Lim, J. H., Im, E. G.: Malware analysis method using visualization of binary files. In: Proceedings of the 2013 Research in Adaptive and Convergent Systems, pp. 317–321 (2013)

18.

Datar, M., Immorlica, N., Indyk, P., Mirrokni, V. S.: Locality-sensitive hashing scheme based on p-stable distributions. In: Proceedings of the Twentieth Annual Symposium on Computational Geometry—SCG ’04. p. 253 (2004)

19.

Ojala, S., Member, T., Ma, T.: Multiresolution gray-scale and rotation invariant texture classification with local binary patterns. IEEE Trans. Pattern Anal. Mach. Intell. 24(7), 971–987 (2002)CrossRef

20.

Kirschen, R.H., O’Higgins, E.A., Lee, R.T.: The Royal London Space Planning: an integration of space analysis and treatment planning part I: assessing the space required to meet treatment objectives. Am. J. Orthod. Dentofac. Orthop. 118(4), 448–455 (2000)CrossRef

Title: Visual malware detection using local malicious pattern
Authors: Hashem Hashemi
Ali Hamzeh
Publication date: 27-01-2018
Publisher: Springer Paris
Published in: Journal of Computer Virology and Hacking Techniques / Issue 1/2019
Electronic ISSN: 2263-8733
DOI: https://doi.org/10.1007/s11416-018-0314-1

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 1/2019

Smart-TV security: risk analysis and experiments on Smart-TV communication channels

Security implications of running windows software on a Linux system using Wine: a malware analysis study

Analysis of ResNet and GoogleNet models for malware detection

Using convolutional neural networks for classification of malware represented as images

Premium Partner