Malware detection employed by visualization and deep neural network

Abstract With the fast growth of malware’s volume circulating in the wild, to obtain a timely and correct classification is increasingly difficult. Traditional approaches to automatic classification suffer from some limitations. The first one concerns the feature extraction: static approaches are hindered by code obfuscation techniques, while dynamic approaches are time consuming and evasion techniques often impede the correct execution of the code. The second limitation regards the building of the prediction models: the adequateness of a training dataset may degrade over time or can not be sufficient for some malware families or instances. With this paper we investigate the effectiveness of a new approach that uses malware visualization, for overcoming the problems related to the features selection and extraction, along with deep learning classification, whose performances are less sensitive to a small dataset than machine learning. The experiments carried out on twelve different neural network architectures and with a dataset of 20,199 malware, demonstrate that the proposed approach is successful as produced an F-measure of 99.97%.

[1]  John R. Goodall,et al.  Visual analysis of code security , 2010, VizSec '10.

[2]  Shiva Darshan S.L,et al.  Windows Malware Detector Using Convolutional Neural Network Based on Visualization Images , 2019, IEEE Transactions on Emerging Topics in Computing.

[3]  Andrew Zisserman,et al.  Very Deep Convolutional Networks for Large-Scale Image Recognition , 2014, ICLR.

[4]  Siu-Ming Yiu,et al.  DroidChecker: analyzing android applications for capability leak , 2012, WISEC '12.

[5]  Zhenlong Yuan,et al.  DroidDetector: Android Malware Characterization and Detection Using Deep Learning , 2016 .

[6]  Ebrahim Ansari,et al.  An advanced profile hidden Markov model for malware detection , 2020, Intell. Data Anal..

[7]  Xu Chen,et al.  A hybrid malware detecting scheme for mobile Android applications , 2016, 2016 IEEE International Conference on Consumer Electronics (ICCE).

[8]  Witawas Srisa-an,et al.  Significant Permission Identification for Machine-Learning-Based Android Malware Detection , 2018, IEEE Transactions on Industrial Informatics.

[9]  Saeed Jalili,et al.  HM3alD: Polymorphic Malware Detection Using Program Behavior-Aware Hidden Markov Model , 2018, Applied Sciences.

[10]  WANG Jun-ling,et al.  Malicious Classification Based on Deep Learning and Visualization , 2019, 2019 2nd International Conference on Artificial Intelligence and Big Data (ICAIBD).

[11]  Razvan Pascanu,et al.  Malware classification with recurrent networks , 2015, 2015 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[12]  Barath Narayanan Narayanan,et al.  Ensemble Malware Classification System Using Deep Neural Networks , 2020 .

[13]  Chih-Hung Lin,et al.  Efficient dynamic malware analysis using virtual time control mechanics , 2018, Comput. Secur..

[14]  Eric Filiol,et al.  Structural analysis of binary executable headers for malware detection optimization , 2017, Journal of Computer Virology and Hacking Techniques.

[15]  Rui Zhang,et al.  Malware identification using visualization images and deep learning , 2018, Comput. Secur..

[16]  Quan Qian,et al.  Deep Learning and Visualization for Identifying Malware Families , 2018, IEEE Transactions on Dependable and Secure Computing.

[17]  Heng Yin,et al.  DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis , 2012, USENIX Security Symposium.

[18]  Shu-Tao Xia,et al.  Back-propagation neural network on Markov chains from system call sequences: a new approach for detecting Android malware with system call sequences , 2017, IET Inf. Secur..

[19]  Brian Mac Namee,et al.  Deep learning at the shallow end: Malware classification for non-domain experts , 2018, Digit. Investig..

[20]  Takahiro Shinagawa,et al.  High-Accuracy Malware Classification with a Malware-Optimized Deep Learning Model , 2020, ArXiv.

[21]  Adam Doupé,et al.  Deep Android Malware Detection , 2017, CODASPY.

[22]  Jin Kwak,et al.  Automatic malware mutant detection and group classification based on the n-gram and clustering coefficient , 2015, The Journal of Supercomputing.

[23]  Fabio Tozeto Ramos,et al.  Malicious Software Classification Using Transfer Learning of ResNet-50 Deep Neural Network , 2017, 2017 16th IEEE International Conference on Machine Learning and Applications (ICMLA).

[24]  Bing Mao,et al.  DroidAlarm: an all-sided static analysis tool for Android privilege-escalation malware , 2013, ASIA CCS '13.

[25]  Sahin Albayrak,et al.  An Android Application Sandbox system for suspicious software detection , 2010, 2010 5th International Conference on Malicious and Unwanted Software.

[26]  Liang Gu,et al.  A Multi-channel Visualization Method for Malware Classification Based on Deep Learning , 2019, 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE).

[27]  Sheng-De Wang,et al.  Machine Learning Based Hybrid Behavior Models for Android Malware Analysis , 2015, 2015 IEEE International Conference on Software Quality, Reliability and Security.

[28]  R. Vinayakumar,et al.  A hybrid deep learning image-based analysis for effective malware detection , 2019, J. Inf. Secur. Appl..

[29]  David J. Field,et al.  Emergence of simple-cell receptive field properties by learning a sparse code for natural images , 1996, Nature.

[30]  Hiromu Yakura,et al.  Malware Analysis of Imaged Binary Samples by Convolutional Neural Network with Attention Mechanism , 2018, CODASPY.

[31]  Lorenzo Cavallaro,et al.  TESSERACT: Eliminating Experimental Bias in Malware Classification across Space and Time , 2018, USENIX Security Symposium.

[32]  Chun-Ying Huang,et al.  Performance Evaluation on Permission-Based Detection for Android Malware , 2013 .

[33]  Jian Sun,et al.  Deep Residual Learning for Image Recognition , 2015, 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[34]  Aziz Makandar,et al.  Malware analysis and classification using Artificial Neural Network , 2015, 2015 International Conference on Trends in Automation, Communications and Computing Technology (I-TACT-15).

[35]  Fabio Martinelli,et al.  Evaluating Convolutional Neural Network for Effective Mobile Malware Detection , 2017, KES.

[36]  Morteza Amini,et al.  Android Malware Detection using Markov Chain Model of Application Behaviors in Requesting System Services , 2017, ArXiv.

[37]  Jon Barker,et al.  Malware Detection by Eating a Whole EXE , 2017, AAAI Workshops.

[38]  Rajesh Kumar,et al.  Opcode and Gray Scale Techniques for Classification of Malware Binaries , 2018 .

[39]  M. R. Turner,et al.  Texture discrimination by Gabor functions , 1986, Biological Cybernetics.

[40]  Yang Wang,et al.  Malware Classification with Deep Convolutional Neural Networks , 2018, 2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS).

[41]  Nitish Srivastava,et al.  Dropout: a simple way to prevent neural networks from overfitting , 2014, J. Mach. Learn. Res..

[42]  Juan E. Tapiador,et al.  The MalSource Dataset: Quantifying Complexity and Code Reuse in Malware Development , 2018, IEEE Transactions on Information Forensics and Security.

[43]  Xiaolei Wang,et al.  A Novel Hybrid Mobile Malware Detection System Integrating Anomaly Detection With Misuse Detection , 2015, MCS '15.

[44]  Mohsen Soryani,et al.  Malware clustering using image processing hashes , 2015, 2015 9th Iranian Conference on Machine Vision and Image Processing (MVIP).

[45]  Lorie M. Liebrock,et al.  Visualizing compiled executables for malware analysis , 2009, 2009 6th International Workshop on Visualization for Cyber Security.

[46]  Jinjun Chen,et al.  Detection of Malicious Code Variants Based on Deep Learning , 2018, IEEE Transactions on Industrial Informatics.

[47]  Eul Gyu Im,et al.  A Multimodal Deep Learning Method for Android Malware Detection Using Various Features , 2019, IEEE Transactions on Information Forensics and Security.

[48]  Konstantin Berlin,et al.  Deep neural network based malware detection using two dimensional binary program features , 2015, 2015 10th International Conference on Malicious and Unwanted Software (MALWARE).

[49]  Mauro Conti,et al.  Similarity-based Android Malware Detection Using Hamming Distance of Static Binary Features , 2019, Future Gener. Comput. Syst..

[50]  Abdelouahid Derhab,et al.  MalDozer: Automatic framework for android malware detection using deep learning , 2018, Digit. Investig..

[51]  InSeon Yoo,et al.  Visualizing windows executable viruses using self-organizing maps , 2004, VizSEC/DMSEC '04.

[52]  Salvatore J. Stolfo,et al.  Data mining methods for detection of new malicious executables , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[53]  Nathan S. Netanyahu,et al.  DeepSign: Deep learning for automatic malware signature generation and classification , 2015, 2015 International Joint Conference on Neural Networks (IJCNN).

[54]  Xi Xiao,et al.  CSCdroid: Accurately Detect Android Malware via Contribution-Level-Based System Call Categorization , 2017, 2017 IEEE Trustcom/BigDataSE/ICESS.

[55]  Eul Gyu Im,et al.  Malware classification method via binary content comparison , 2012, RACS.

[56]  Prabaharan Poornachandran,et al.  Deep Learning Framework and Visualization for Malware Classification , 2019, 2019 5th International Conference on Advanced Computing & Communication Systems (ICACCS).

[57]  Fabio Ramos,et al.  Malicious Software Classification Using VGG16 Deep Neural Network’s Bottleneck Features , 2018 .

[58]  Geoffrey E. Hinton,et al.  ImageNet classification with deep convolutional neural networks , 2012, Commun. ACM.

[59]  Kanubhai K. Patel,et al.  Detection and Mitigation of Android Malware Through Hybrid Approach , 2015, SSCC.

[60]  Nicolai Petkov,et al.  Comparison of texture features based on Gabor filters , 2002, IEEE Trans. Image Process..

[61]  Yongxin Feng,et al.  MalDeep: A Deep Learning Classification Framework against Malware Variants Based on Texture Visualization , 2019, Secur. Commun. Networks.

[62]  Simin Nadjm-Tehrani,et al.  Crowdroid: behavior-based malware detection system for Android , 2011, SPSM '11.

[63]  R. Vinayakumar,et al.  DeepMalNet: Evaluating shallow and deep networks for static PE malware detection , 2018, ICT Express.

[64]  Eul Gyu Im,et al.  Malware analysis method using visualization of binary files , 2013, RACS.

[65]  Yunsick Sung,et al.  FastText-Based Local Feature Visualization Algorithm for Merged Image-Based Malware Classification Framework for Cyber Security and Cyber Defense , 2020, Mathematics.

[66]  Hirofumi Yamaki,et al.  A Malware Classification Method Based on Similarity of Function Structure , 2012, 2012 IEEE/IPSJ 12th International Symposium on Applications and the Internet.

[67]  Dong Seong Kim,et al.  Malware Detection with Malware Images using Deep Learning Techniques , 2019, 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE).

[68]  Takeshi Yagi,et al.  Malware Detection with Deep Neural Network Using Process Behavior , 2016, 2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC).

[69]  Shih-Hao Hung,et al.  DroidDolphin: a dynamic Android malware detection framework using big data and machine learning , 2014, RACS '14.

[70]  Yoshua Bengio,et al.  Gradient-based learning applied to document recognition , 1998, Proc. IEEE.

[71]  Ying Tan,et al.  Black-Box Attacks against RNN based Malware Detection Algorithms , 2017, AAAI Workshops.

[72]  Eul Gyu Im,et al.  Malware analysis using visualized images and entropy graphs , 2014, International Journal of Information Security.

[73]  R. Jayawardena,et al.  Validity of a food frequency questionnaire to assess nutritional intake among Sri Lankan adults , 2016, SpringerPlus.

[74]  Yong Qi,et al.  Detecting Malware with an Ensemble Method Based on Deep Neural Network , 2018, Secur. Commun. Networks.

[75]  Jie He,et al.  CBM: Free, Automatic Malware Analysis Framework Using API Call Sequences , 2014 .

[76]  Guang Chen,et al.  Malware visualization methods based on deep convolution neural networks , 2019, Multimedia Tools and Applications.

[77]  Aziz Mohaisen,et al.  Detecting and classifying method based on similarity matching of Android malware behavior with profile , 2016, SpringerPlus.

[78]  P. V. Shijo,et al.  Integrated Static and Dynamic Analysis for Malware Detection , 2015 .

[79]  Srinivas Mukkamala,et al.  Image visualization based malware detection , 2013, 2013 IEEE Symposium on Computational Intelligence in Cyber Security (CICS).

[80]  Abien Fred Agarap,et al.  Towards Building an Intelligent Anti-Malware System: A Deep Learning Approach using Support Vector Machine (SVM) for Malware Classification , 2017, ArXiv.

[81]  Yuval Elovici,et al.  “Andromaly”: a behavioral malware detection framework for android devices , 2012, Journal of Intelligent Information Systems.

[82]  Rui Han,et al.  Complex object relighting via split-then-composition by semantics and materials , 2020, Multimedia Tools and Applications.

[83]  B. S. Manjunath,et al.  Malware images: visualization and automatic classification , 2011, VizSec '11.

[84]  Mansour Ahmadi,et al.  Microsoft Malware Classification Challenge , 2018, ArXiv.