Detecting Malware with an Ensemble Method Based on Deep Neural Network
作者: Jinpei Yan , Yong Qi , Qifan Rao
DOI: 10.1155/2018/7247095
关键词: Malware 、 Domain knowledge 、 Software 、 Grayscale 、 Opcode 、 Artificial neural network 、 Artificial intelligence 、 Evaluation result 、 Machine learning 、 Computer science
摘要: Malware detection plays a crucial role in computer security. Recent researches mainly use machine learning based methods heavily relying on domain knowledge for manually extracting malicious features. In this paper, we propose MalNet, novel malware method that learns features automatically from the raw data. Concretely, first generate grayscale image file, meanwhile its opcode sequences with decompilation tool IDA. Then MalNet uses CNN and LSTM networks to learn sequence, respectively, takes stacking ensemble classification. We perform experiments more than 40,000 samples including 20,650 benign files collected online software providers 21,736 malwares provided by Microsoft. The evaluation result shows achieves 99.88% validation accuracy detection. addition, also take family classification experiment 9 families compare other related works, which outperforms most of works 99.36% considerable speed-up detecting efficiency comparing two state-of-the-art results Microsoft dataset.
hindawi.com
core.ac.uk
acm.org参考文章(36)
Nedim Šrndić, Battista Biggio, Giorgio Giacinto, Igino Corona, Fabio Roli, Davide Maiorca, Blaine Nelson, Pavel Laskov, Evasion attacks against machine learning at test time european conference on machine learning. ,vol. 8190, pp. 387- 402 ,(2013) , 10.1007/978-3-642-40994-3_25
Igor Santos, Yoseba K Penya, Jaime Devesa, Pablo G Bringas, None, N-GRAMS-BASED FILE SIGNATURES FOR MALWARE DETECTION Proceedings of the 11th International Conference on Enterprise Information. pp. 317- 320 ,(2009) , 10.5220/0001863603170320
Zhi-Hua Zhou, Ensemble Methods: Foundations and Algorithms ,(2012)
Masoud Narouei, Mansour Ahmadi, Giorgio Giacinto, Hassan Takabi, Ashkan Sami, DLLMiner: structural mining for malware detection Security and Communication Networks. ,vol. 8, pp. 3311- 3322 ,(2015) , 10.1002/SEC.1255
Mohaddeseh Zakeri, Fatemeh Faraji Daneshgar, Maghsoud Abbaspour, A static heuristic approach to detecting malware targets Security and Communication Networks. ,vol. 8, pp. 3015- 3027 ,(2015) , 10.1002/SEC.1228
Peng Li, Limin Liu, Debin Gao, Michael K. Reiter, On challenges in evaluating malware clustering recent advances in intrusion detection. ,vol. 6307, pp. 238- 255 ,(2010) , 10.1007/978-3-642-15512-3_13
William W. Cohen, Fast Effective Rule Induction Machine Learning Proceedings 1995. pp. 115- 123 ,(1995) , 10.1016/B978-1-55860-377-6.50023-2
Karen Simonyan, Andrew Zisserman, Very Deep Convolutional Networks for Large-Scale Image Recognition computer vision and pattern recognition. ,(2014)
Christian Szegedy, Sergey Ioffe, Batch Normalization: Accelerating Deep Network Training by Reducing Internal Covariate Shift international conference on machine learning. ,vol. 1, pp. 448- 456 ,(2015)
Konrad Rieck, Philipp Trinius, Carsten Willems, Thorsten Holz, Automatic analysis of malware behavior using machine learning Journal of Computer Security. ,vol. 19, pp. 639- 668 ,(2011) , 10.3233/JCS-2010-0410