Evolving Computational Intelligence System for Malware Detection

Recent malware developments have the ability to remain hidden during infection and operation. They prevent analysis and removal, using various techniques, namely: obscure filenames, modification of file attributes, or operation under the pretense of legitimate programs and services. Also, the malware might attempt to subvert modern detection software, by hiding running processes, network connections and strings with malicious URLs or registry keys. The malware can go a step further and obfuscate the entire file with a packer, which is special software that takes the original malware file and compresses it, thus making all the original code and data unreadable. This paper proposes a novel approach, which uses minimum computational power and resources, to indentify Packed Executable (PEX), so as to spot the existence of malware software. It is an Evolving Computational Intelligence System for Malware Detection (ECISMD) which performs classification by Evolving Spiking Neural Networks (eSNN), in order to properly label a packed executable. On the other hand, it uses an Evolving Classification Function (ECF) for the detection of malwares and applies Genetic Algorithms to achieve ECF Optimization.

[1]  Muhammad Zubair Shafiq,et al.  PE-Miner: Mining Structural Information to Detect Malicious Executables in Realtime , 2009, RAID.

[2]  Konstantinos Demertzis,et al.  Intelligent Bio-Inspired Detection of Food Borne Pathogen by DNA Barcodes: The Case of Invasive Fish Species Lagocephalus Sceleratus , 2015, EANN.

[3]  Ioannis M. Dokas,et al.  Information Systems for Crisis Response and Management in Mediterranean Countries , 2015, Lecture Notes in Business Information Processing.

[4]  Konstantinos Demertzis,et al.  A Hybrid Network Anomaly and Intrusion Detection Approach Based on Evolving Spiking Neural Network Classification , 2013, e-Democracy.

[5]  Konstantinos Demertzis,et al.  Adaptive Elitist Differential Evolution Extreme Learning Machines on Big Data: Intelligent Recognition of Invasive Species , 2016, INNS Conference on Big Data.

[6]  InSeon Yoo,et al.  Visualizing windows executable viruses using self-organizing maps , 2004, VizSEC/DMSEC '04.

[7]  Konstantinos Demertzis,et al.  Semi-supervised Hybrid Modeling of Atmospheric Pollution in Urban Centers , 2016, EANN.

[8]  Wenke Lee,et al.  PolyUnpack: Automating the Hidden-Code Extraction of Unpack-Executing Malware , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[9]  Marcus A. Maloof,et al.  Learning to Detect and Classify Malicious Executables in the Wild , 2006, J. Mach. Learn. Res..

[10]  Nikola Kasabov,et al.  Evolving Connectionist System Based Role Allocation for Robotic Soccer , 2008 .

[11]  Somesh Jha,et al.  OmniUnpack: Fast, Generic, and Safe Unpacking of Malware , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[12]  Andrew Walenstein,et al.  Using Markov chains to filter machine-morphed variants of malicious programs , 2008, 2008 3rd International Conference on Malicious and Unwanted Software (MALWARE).

[13]  Nikola K. Kasabov,et al.  DENFIS: dynamic evolving neural-fuzzy inference system and its application for time-series prediction , 2002, IEEE Trans. Fuzzy Syst..

[14]  S. Momina Tabish,et al.  PE-Probe: Leveraging Packer Detection and Structural Information to Detect Malicious Portable Executables , 2009 .

[15]  Yang Xiang,et al.  Software Similarity and Classification , 2012, SpringerBriefs in Computer Science.

[16]  Igor Santos,et al.  Collective classification for packed executable identification , 2011, CEAS '11.

[17]  Nikola K. Kasabov,et al.  Evolving fuzzy neural networks for supervised/unsupervised online knowledge-based learning , 2001, IEEE Trans. Syst. Man Cybern. Part B.

[18]  Konstantinos Demertzis,et al.  Evolving Smart URL Filter in a Zone-Based Policy Firewall for Detecting Algorithmically Generated Malicious Domains , 2015, SLDS.

[19]  Jeff Dozier,et al.  Environmental Informatics , 2012 .

[20]  Shambhu J. Upadhyaya,et al.  SpyCon: Emulating User Activities to Detect Evasive Spyware , 2007, 2007 IEEE International Performance, Computing, and Communications Conference.

[21]  Konstantinos Demertzis,et al.  HISYCOL a hybrid computational intelligence system for combined machine learning: the case of air pollution modeling in Athens , 2015, Neural Computing and Applications.

[22]  Konstantinos Demertzis,et al.  Detecting invasive species with a bio-inspired semi-supervised neurocomputing approach: the case of Lagocephalus sceleratus , 2017, Neural Computing and Applications.

[23]  Arnaud Delorme,et al.  Spike-based strategies for rapid processing , 2001, Neural Networks.

[24]  Heng Yin,et al.  Renovo: a hidden code extractor for packed executables , 2007, WORM '07.

[25]  Konstantinos Demertzis,et al.  Artificial Intelligence Applications and Innovations: 18th IFIP WG 12.5 International Conference, AIAI 2022, Hersonissos, Crete, Greece, June 17–20, 2022, Proceedings, Part II , 2022, IFIP Advances in Information and Communication Technology.

[26]  Konstantinos Demertzis,et al.  SAME: An Intelligent Anti-malware Extension for Android ART Virtual Machine , 2015, ICCCI.

[27]  Jacques Gautrais,et al.  Rank order coding , 1998 .

[28]  G. G. Meyer,et al.  Lecture notes in business information processing , 2009 .

[29]  Dragos Gavrilut,et al.  Malware detection using machine learning , 2009, 2009 International Multiconference on Computer Science and Information Technology.

[30]  Konstantinos Demertzis,et al.  Fast and low cost prediction of extreme air pollution values with hybrid unsupervised learning , 2016, Integr. Comput. Aided Eng..

[31]  Stefan Schliebs,et al.  Evolving spiking neural network—a survey , 2013, Evolving Systems.

[32]  Nikola Kasabov,et al.  Evolving Connectionist Systems: Methods and Applications in Bioinformatics, Brain Study and Intelligent Machines , 2002, IEEE Transactions on Neural Networks.

[33]  Michael Defoin-Platel,et al.  Integrated Feature and Parameter Optimization for an Evolving Spiking Neural Network , 2008, ICONIP.

[34]  Wenke Lee,et al.  McBoost: Boosting Scalability in Malware Collection and Analysis Using Statistical Classification of Executables , 2008, 2008 Annual Computer Security Applications Conference (ACSAC).

[35]  Nirwan Ansari,et al.  Revealing Packed Malware , 2008, IEEE Security & Privacy.

[36]  Konstantinos Demertzis,et al.  Fuzzy Cognitive Maps for Long-Term Prognosis of the Evolution of Atmospheric Pollution, Based on Climate Change Scenarios: The Case of Athens , 2016, ICCCI.

[37]  Konstantinos Demertzis,et al.  Bio-inspired Hybrid Intelligent Method for Detecting Android Malware , 2016, KICSS.

[38]  Liang Goh,et al.  A Hybrid Feature Selection Approach for Microarray Gene Expression Data , 2006, International Conference on Computational Science.

[39]  Konstantinos Demertzis,et al.  A Bio-Inspired Hybrid Artificial Intelligence Framework for Cyber Security , 2015 .

[40]  Arnaud Delorme,et al.  Networks of integrate-and-fire neurons using Rank Order Coding B: Spike timing dependent plasticity and emergence of orientation selectivity , 2001, Neurocomputing.

[41]  Igor Santos,et al.  Semi-supervised learning for packed executable detection , 2011, 2011 5th International Conference on Network and System Security.

[42]  Qutaibah M. Malluhi,et al.  Advances in Intelligent Systems and Computing , 2015 .

[43]  Vinod Yegneswaran,et al.  Eureka: A Framework for Enabling Static Malware Analysis , 2008, ESORICS.

[44]  Mario Köppen,et al.  Advances in Neuro-Information Processing, 15th International Conference, ICONIP 2008, Auckland, New Zealand, November 25-28, 2008, Revised Selected Papers, Part I , 2009, International Conference on Neural Information Processing.

[45]  Mark Stamp,et al.  Profile hidden Markov models and metamorphic virus detection , 2009, Journal in Computer Virology.

[46]  Simei Gomes Wysoski,et al.  Adaptive Learning Procedure for a Network of Spiking Neurons and Visual Pattern Recognition , 2006, ACIVS.

[47]  Yanfang Ye,et al.  IMDS: intelligent malware detection system , 2007, KDD '07.

[48]  Qun Song Weighted Data Normalization and Feature Selection for Evolving Connectionist Systems Proceedings , 2003 .

[49]  Rubén Santamarta,et al.  GENERIC DETECTION AND CLASSIFICATION OF POLYMORPHIC MALWARE USING NEURAL PATTERN RECOGNITION , 2006 .

[50]  Konstantinos Demertzis,et al.  Machine learning use in predicting interior spruce wood density utilizing progeny test information , 2017, Neural Computing and Applications.

[51]  Komal Babar,et al.  Generic unpacking techniques , 2009, 2009 2nd International Conference on Computer, Control and Communication.

[52]  Nikola Kasabov,et al.  GA-parameter optimisation of evolving connectionist systems for classification and a case study from bioinformatics , 2002, Proceedings of the 9th International Conference on Neural Information Processing, 2002. ICONIP '02..

[53]  L. Iliadis,et al.  Ladon: A Cyber-Threat Bio-Inspired Intelligence Management System , 2016 .