Malware classification algorithm using advanced Word2vec-based Bi-LSTM for ground control stations

Abstract Recently, Internet of Drones (IoD) are issued to utilize the diverse kinds of drones for leisure, education and so on. Researchers study to prevent the situations that drones are disabled by cyber-attackers by embedding malwares into the drones and Ground Control Stations (GCS). Therefore, it is required to protect the malwares considering the diverse kinds of features of the drones and GCSs. Signature-based detection approaches are traditionally utilized. However, given that those approaches only scan files partially, some of malwares are not detected. This paper proposes a novel method for finding the malwares in GCSs that utilizes a fastText model to create lower-dimension vectors than those the vectors by one-hot encoding and a bidirectional LSTM model to analyze the correlation with sequential opcodes. In addition, API function names are utilized to increase the classification accuracy of the sequential opcodes. In the experiments, the Microsoft malware classification challenge dataset was utilized and the malwares in the dataset were classified by family types. The proposed method showed the performance improvement of 1.87% comparing with the performance by a one-hot encoding-based approach. When the proposed method was compared with a similar decision tree-based malware detection approach, the performance of the proposed method was improved by 0.76%.

[1]  Daehyeok Kim,et al.  ELPA: Emulation-Based Linked Page Map Analysis for the Detection of Drive-by Download Attacks , 2016, J. Inf. Process. Syst..

[2]  Smaine Mazouzi,et al.  A Chi-Square-Based Decision for Real-Time Malware Detection Using PE-File Features , 2016, J. Inf. Process. Syst..

[3]  M. Shamim Hossain,et al.  Energy-Aware Green Adversary Model for Cyberphysical Security in Industrial System , 2020, IEEE Transactions on Industrial Informatics.

[4]  Wei Dai,et al.  Control flow-based opcode behavior analysis for Malware detection , 2014, Comput. Secur..

[5]  Ali Dehghantanha,et al.  Know Abnormal, Find Evil: Frequent Pattern Mining for Ransomware Threat Hunting and Intelligence , 2018, IEEE Transactions on Emerging Topics in Computing.

[6]  Kyungeun Cho,et al.  Generative Adversarial Network-Based Method for Transforming Single RGB Image Into 3D Point Cloud , 2019, IEEE Access.

[7]  Laurence T. Yang,et al.  Launching an Efficient Participatory Sensing Campaign , 2015, MM 2015.

[8]  Chang Gyoon Lim,et al.  Automated Link Tracing for Classification of Malicious Websites in Malware Distribution Networks , 2019, J. Inf. Process. Syst..

[9]  Arun Kumar Sangaiah,et al.  Energy Consumption in Point-Coverage Wireless Sensor Networks via Bat Algorithm , 2019, IEEE Access.

[10]  Yunsick Sung,et al.  Autonomous UAV Flight Control for GPS-Based Navigation , 2018, IEEE Access.

[11]  Yong Qi,et al.  LSTM-Based Hierarchical Denoising Network for Android Malware Detection , 2018, Secur. Commun. Networks.

[12]  Laurence T. Yang,et al.  A trajectory-based recruitment strategy of social sensors for participatory sensing , 2014, IEEE Communications Magazine.

[13]  김현주,et al.  Malware classification using statistical techniques , 2017 .

[14]  Rahil Hosseini,et al.  A state-of-the-art survey of malware detection approaches using data mining techniques , 2018, Human-centric Computing and Information Sciences.

[15]  George R. S. Weir,et al.  that influence judgment of social engineering attacks in social networks , 2018 .

[16]  Zheng Qin,et al.  Sensitive system calls based packed malware variants detection using principal component initialized MultiLayers neural networks , 2018, Cybersecur..