Windows Malware Detector Using Convolutional Neural Network Based on Visualization Images

The evolution of malware is continuing at an alarming rate, despite the efforts made towards detecting and mitigating them. Malware analysis is needed to defend against its sophisticated behaviour. However, the manual heuristic inspection is no longer effective or efficient. To cope with these critical issues, behaviour-based malware detection approaches with machine learning techniques have been widely adopted as a solution. It involves supervised classifiers to appraise their predictive performance on gaining the most relevant features from the original features' set and the trade-off between high detection rate and low computation overhead. Though machine learning-based malware detection techniques have exhibited success in detecting malware, their shallow learning architecture is still deficient in identifying sophisticated malware. Therefore, in this paper, a Convolutional Neural Network (CNN) based Windows malware detector has been proposed that uses the execution time behavioural features of the Portable Executable (PE) files to detect and classify obscure malware. The 10-fold cross-validation tests were conducted to assess the proficiency of the proposed approach. The experimental results showed that the proposed approach was effective in uncovering malware PE files by utilizing significant behavioural features suggested by the Relief Feature Selection Technique. It attained detection accuracy of 97.968%.

[1]  Igor Kononenko,et al.  Estimating Attributes: Analysis and Extensions of RELIEF , 1994, ECML.

[2]  Guanhua Yan,et al.  Exploring Discriminatory Features for Automated Malware Classification , 2013, DIMVA.

[3]  G. Aghila,et al.  A learning model to detect maliciousness of portable executable using integrated feature set , 2017, J. King Saud Univ. Comput. Inf. Sci..

[4]  Christopher Krügel,et al.  Limits of Static Analysis for Malware Detection , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[5]  Marcus A. Maloof,et al.  Learning to Detect and Classify Malicious Executables in the Wild , 2006, J. Mach. Learn. Res..

[6]  Rui Zhang,et al.  Malware identification using visualization images and deep learning , 2018, Comput. Secur..

[7]  Ponciano Jorge Escamilla-Ambrosio,et al.  Feature selection and ensemble of classifiers for Android malware detection , 2016, 2016 8th IEEE Latin-American Conference on Communications (LATINCOM).

[8]  Om Prakash Vyas,et al.  A Feature Subset Selection Technique for High Dimensional Data Using Symmetric Uncertainty , 2014 .

[9]  Felix C. Freiling,et al.  Visual analysis of malware behavior using treemaps and thread graphs , 2009, 2009 6th International Workshop on Visualization for Cyber Security.

[10]  Eric Filiol,et al.  Structural analysis of binary executable headers for malware detection optimization , 2017, Journal of Computer Virology and Hacking Techniques.

[11]  Igor Santos,et al.  Opcode sequences as representation of executables for data-mining-based unknown malware detection , 2013, Inf. Sci..

[12]  D. JaidharC.,et al.  Leveraging virtual machine introspection with memory forensics to detect and characterize unknown malware using machine learning techniques at hypervisor , 2017, Digit. Investig..

[13]  John R. Goodall,et al.  Visual analysis of code security , 2010, VizSec '10.

[14]  Kevin Jones,et al.  Early Stage Malware Prediction Using Recurrent Neural Networks , 2017, Comput. Secur..

[15]  Xin Wang,et al.  Growing Grapes in Your Computer to Defend Against Malware , 2014, IEEE Transactions on Information Forensics and Security.

[16]  Tankut Acarman,et al.  Malware classification based on API calls and behaviour analysis , 2017, IET Inf. Secur..

[17]  Eul Gyu Im,et al.  Malware analysis using visualized images and entropy graphs , 2014, International Journal of Information Security.

[18]  Tatsuya Mori,et al.  Discovering similar malware samples using API call topics , 2015, 2015 12th Annual IEEE Consumer Communications and Networking Conference (CCNC).

[19]  Takeshi Yagi,et al.  Malware Detection with Deep Neural Network Using Process Behavior , 2016, 2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC).

[20]  Claudia Eckert,et al.  Deep Learning for Classification of Malware System Call Sequences , 2016, Australasian Conference on Artificial Intelligence.

[21]  Mark Stamp,et al.  A comparison of static, dynamic, and hybrid analysis for malware detection , 2015, Journal of Computer Virology and Hacking Techniques.

[22]  Yiming Yang,et al.  A Comparative Study on Feature Selection in Text Categorization , 1997, ICML.

[23]  Ali Dehghantanha,et al.  A deep Recurrent Neural Network based approach for Internet of Things malware threat hunting , 2018, Future Gener. Comput. Syst..

[24]  Yong Qi,et al.  Detecting Malware with an Ensemble Method Based on Deep Neural Network , 2018, Secur. Commun. Networks.

[25]  Ausif Mahmood,et al.  A Framework for Designing the Architectures of Deep Convolutional Neural Networks , 2017, Entropy.

[26]  Yanfang Ye,et al.  DL 4 MD : A Deep Learning Framework for Intelligent Malware Detection , 2016 .

[27]  Zheng Qin,et al.  IRMD: Malware Variant Detection Using Opcode Image Recognition , 2016, 2016 IEEE 22nd International Conference on Parallel and Distributed Systems (ICPADS).

[28]  Carsten Willems,et al.  Learning and Classification of Malware Behavior , 2008, DIMVA.

[29]  Mohsen Soryani,et al.  Malware clustering using image processing hashes , 2015, 2015 9th Iranian Conference on Machine Vision and Image Processing (MVIP).

[30]  Srinivas Mukkamala,et al.  Image visualization based malware detection , 2013, 2013 IEEE Symposium on Computational Intelligence in Cyber Security (CICS).

[31]  B. S. Manjunath,et al.  Malware images: visualization and automatic classification , 2011, VizSec '11.

[32]  Md. Rafiqul Islam,et al.  Defending unknown attacks on cyber-physical systems by semi-supervised approach and available unlabeled data , 2017, Inf. Sci..

[33]  Jianguo Jiang,et al.  Using Multi-features and Ensemble Learning Method for Imbalanced Malware Classification , 2016, 2016 IEEE Trustcom/BigDataSE/ISPA.

[34]  Felix C. Freiling,et al.  Toward Automated Dynamic Malware Analysis Using CWSandbox , 2007, IEEE Secur. Priv..

[35]  Jie He,et al.  CBM: Free, Automatic Malware Analysis Framework Using API Call Sequences , 2014 .

[36]  Konstantin Berlin,et al.  Deep neural network based malware detection using two dimensional binary program features , 2015, 2015 10th International Conference on Malicious and Unwanted Software (MALWARE).

[37]  Cody Miller,et al.  Insights gained from constructing a large scale dynamic analysis platform , 2017 .

[38]  Smaine Mazouzi,et al.  A Real-Time PE-Malware Detection System Based on CHI-Square Test and PE-File Features , 2015, CIIA.

[39]  Rajesh Kumar,et al.  Malicious Code Detection based on Image Processing Using Deep Learning , 2018, ICCAI 2018.

[40]  Haoyu Wang,et al.  Towards Light-Weight Deep Learning Based Malware Detection , 2018, 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC).

[41]  Ashkan Sami,et al.  MAAR: Robust features to detect malicious activity based on API calls, their arguments and return values , 2017, Eng. Appl. Artif. Intell..

[42]  Chih-Hung Lin,et al.  Efficient dynamic malware analysis using virtual time control mechanics , 2018, Comput. Secur..

[43]  Lior Rokach,et al.  Improving malware detection by applying multi-inducer ensemble , 2009, Comput. Stat. Data Anal..

[44]  Li Deng,et al.  Three Classes of Deep Learning Architectures and Their Applications: A Tutorial Survey , 2012 .

[45]  Carsten Willems,et al.  Automatic analysis of malware behavior using machine learning , 2011, J. Comput. Secur..

[46]  Bhavani M. Thuraisingham,et al.  A scalable multi-level feature extraction technique to detect malicious executables , 2007, Inf. Syst. Frontiers.

[47]  Lorie M. Liebrock,et al.  Visualizing compiled executables for malware analysis , 2009, 2009 6th International Workshop on Visualization for Cyber Security.

[48]  Jinjun Chen,et al.  Detection of Malicious Code Variants Based on Deep Learning , 2018, IEEE Transactions on Industrial Informatics.

[49]  Claudia Eckert,et al.  Empowering convolutional networks for malware classification and analysis , 2017, 2017 International Joint Conference on Neural Networks (IJCNN).

[50]  Arun K. Pujari,et al.  N-gram analysis for computer virus detection , 2006, Journal in Computer Virology.

[51]  Hiromu Yakura,et al.  Malware Analysis of Imaged Binary Samples by Convolutional Neural Network with Attention Mechanism , 2018, CODASPY.

[52]  InSeon Yoo,et al.  Visualizing windows executable viruses using self-organizing maps , 2004, VizSEC/DMSEC '04.

[53]  Salvatore J. Stolfo,et al.  Data mining methods for detection of new malicious executables , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[54]  Nathan S. Netanyahu,et al.  DeepSign: Deep learning for automatic malware signature generation and classification , 2015, 2015 International Joint Conference on Neural Networks (IJCNN).