A Worm Detection System Based on Deep Learning

In today’s cyber world, worms pose a great threat to the global network infrastructure. In this paper, we propose a worm detection system based on deep learning. It includes two main modules: one worm detection module based on a convolutional neural network (CNN) and one automatic worm signature generation module based on a deep neural network (DNN). In the CNN-based worm detection module, we propose three kinds of data preprocessing methods: frequency processing, frequency weighted processing, and difference processing, and use CNN to train the model for worm detection. In the DNN-based worm signature generation module, there are two phrase: DNN is firstly utilized for training the model with worm payloads and their corresponding signatures as input in the training phrase. After worm payloads are fed into the trained DNN model in the test phrase, worm signatures are generated by our proposed Signature Beam Search algorithm. In the experiment, we firstly analyzed the impact of different data preprocessing methods and the number of convolution-pooling layers in the CNN model on the worm detection performance. Then we analyzed the effects of different signatures in the DNN algorithm on the automatic generation of worm signatures. Experiments show that the generated signatures have a good detection performance.

[1]  Yuval Elovici,et al.  Deep feature transfer learning for trusted and automated malware signature generation in private cloud environments , 2020, Neural Networks.

[2]  Shahid Alam,et al.  Mining nested flow of dominant APIs for detecting android malware , 2020, Comput. Networks.

[3]  Dongmei Zhao,et al.  An Automatic Signature-Based Approach for Polymorphic Worms in Big Data Environment , 2019, 2019 International Conference on Networking and Network Applications (NaNA).

[4]  Yong Tang,et al.  Signature Tree Generation for Polymorphic Worms , 2011, IEEE Transactions on Computers.

[5]  K. P. Soman,et al.  Applying convolutional neural network for network intrusion detection , 2017, 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI).

[6]  Ibrahim Sogukpinar,et al.  Graph based signature classes for detecting polymorphic worms via content analysis , 2012, Comput. Networks.

[7]  Yoshua Bengio,et al.  A Neural Probabilistic Language Model , 2003, J. Mach. Learn. Res..

[8]  Fakhri Alam Khan,et al.  Static malware detection and attribution in android byte-code through an end-to-end deep system , 2020, Future Gener. Comput. Syst..

[9]  Yahia A. Fadlalla,et al.  Detecting Zero-day Polymorphic Worm: A Review , 2018, 2018 21st Saudi Computer Society National Computer Conference (NCC).

[10]  R. Vinayakumar,et al.  A hybrid deep learning image-based analysis for effective malware detection , 2019, J. Inf. Secur. Appl..

[11]  Chang Hoon Kim,et al.  Classifying malware using convolutional gated neural network , 2018, 2018 20th International Conference on Advanced Communication Technology (ICACT).

[12]  Jason Weston,et al.  A Neural Attention Model for Abstractive Sentence Summarization , 2015, EMNLP.

[13]  Geoffrey E. Hinton,et al.  ImageNet classification with deep convolutional neural networks , 2012, Commun. ACM.

[14]  Maninder Singh,et al.  A Survey on Zero-Day Polymorphic Worm Detection Techniques , 2014, IEEE Communications Surveys & Tutorials.

[15]  Mehdi Shajari,et al.  Automatic signature generation for polymorphic worms by combination of token extraction and sequence alignment approaches , 2015, 2015 7th Conference on Information and Knowledge Technology (IKT).

[16]  Ewa Niewiadomska-Szynkiewicz,et al.  Design and evaluation of a system for network threat signatures generation , 2017, J. Comput. Sci..

[17]  Kemal Özkan,et al.  Evaluation of convolutional neural network features for malware detection , 2018, 2018 6th International Symposium on Digital Forensic and Security (ISDFS).

[18]  Di Wu,et al.  DeepFlow: Deep learning-based malware detection by mining Android application for abnormal usage of sensitive data , 2017, 2017 IEEE Symposium on Computers and Communications (ISCC).

[19]  Phil Blunsom,et al.  A Convolutional Neural Network for Modelling Sentences , 2014, ACL.

[20]  Kyungbaek Kim,et al.  Design and implementation of intrusion detection system using convolutional neural network for DoS detection , 2018, ICMLSC '18.

[21]  Yehuda Afek,et al.  Zero-Day Signature Extraction for High-Volume Attacks , 2019, IEEE/ACM Transactions on Networking.

[22]  Feng Gu,et al.  A multi-level deep learning system for malware detection , 2019, Expert Syst. Appl..

[23]  Shadi Aljawarneh,et al.  Investigations of automatic methods for detecting the polymorphic worms signatures , 2016, Future Gener. Comput. Syst..

[24]  Maninder Singh,et al.  Hybrid intrusion detection and signature generation using Deep Recurrent Neural Networks , 2019, Neural Computing and Applications.

[25]  Subrata Paul,et al.  Automated signature generation for polymorphic worms using substrings extraction and principal component analysis , 2015, 2015 IEEE International Conference on Computational Intelligence and Computing Research (ICCIC).