Malware Detection with Convolutional Neural Network Using Hardware Events
作者: Wei Guo , Tenghai Wang , Jizeng Wei
DOI: 10.1007/978-981-10-7844-6_11
关键词:
摘要: Detection of malicious programs (i.e., malwares) is a great challenge due to increasing amount and variety attacks. Recent works have shown that machine learning, especially neural network, performs well in malware detection. In this paper, convolution network (CNN) used build the classification model. Different from other works, our work uses hardware events generate feature image programs. These events, such as cache miss rate, branch misprediction can be collected performance counter Intel CPUs. We train CNN with kinds data sizes kernel sizes, evaluate result by area under receiver operating characteristics (ROC) curve (AUC). The results show proposed model achieve AUC = 0.9973 best case influence size or very little. Moreover, comparison CNNs trained software-based features, it indicated has higher accuracy than ones.
springer.com
sci-hub.st 参考文章(14)
Silvio Cesare, Yang Xiang, Classification of malware using structured control flow AusPDC '10 Proceedings of the Eighth Australasian Symposium on Parallel and Distributed Computing - Volume 107. pp. 61- 70 ,(2010)
Silvio Cesare, Yang Xiang, Malware Variant Detection Using Similarity Search over Sets of Control Flow Graphs trust security and privacy in computing and communications. pp. 181- 189 ,(2011) , 10.1109/TRUSTCOM.2011.26
Wen-Chieh Wu, Shih-Hao Hung, DroidDolphin: a dynamic Android malware detection framework using big data and machine learning research in adaptive and convergent systems. pp. 247- 252 ,(2014) , 10.1145/2663761.2664223
Mihai Christodorescu, Somesh Jha, Christopher Kruegel, Mining specifications of malicious behavior Proceedings of the 1st conference on India software engineering conference - ISEC '08. pp. 5- 14 ,(2008) , 10.1145/1342211.1342215
Sarat Kompalli, Using Existing Hardware Services for Malware Detection 2014 IEEE Security and Privacy Workshops. pp. 204- 208 ,(2014) , 10.1109/SPW.2014.49
Adrian Tang, Simha Sethumadhavan, Salvatore J. Stolfo, Unsupervised anomaly-based malware detection using hardware features recent advances in intrusion detection. pp. 109- 129 ,(2014) , 10.1007/978-3-319-11379-1_6
Tom Fawcett, An introduction to ROC analysis Pattern Recognition Letters. ,vol. 27, pp. 861- 874 ,(2006) , 10.1016/J.PATREC.2005.10.010
Sanjeev Das, Yang Liu, Wei Zhang, Mahintham Chandramohan, Semantics-Based Online Malware Detection: Towards Efficient Real-Time Protection Against Malware IEEE Transactions on Information Forensics and Security. ,vol. 11, pp. 289- 302 ,(2016) , 10.1109/TIFS.2015.2491300
Khaled N. Khasawneh, Meltem Ozsoy, Caleb Donovick, Nael Abu-Ghazaleh, Dmitry Ponomarev, Ensemble Learning for Low-Level Hardware-Supported Malware Detection recent advances in intrusion detection. pp. 3- 25 ,(2015) , 10.1007/978-3-319-26362-5_1
Akshay Kapoor, Sunita Dhavale, Control Flow Graph Based Multiclass Malware Detection Using Bi-normal Separation Defence Science Journal. ,vol. 66, pp. 138- 145 ,(2016) , 10.14429/DSJ.66.9701