A New Multitasking Malware Classification Model Based on Feature Fusion

In this paper, In this paper, we achieved a new Multitask Malware Classification Model Based on DNN (Deep Neural Network), we use the API functions extracted from the dynamic analysis as the main features, the static extracted n-gram, entropy, SYM, Metadata, asm-image and grayscale image as the fusion features to construct a classifier that can deal with the dichotomy problem and the family classification problem. The system was trained in 12 malware families, 3,792 malicious samples and 138 benign samples. The accuracy of the dichotomous problem is 99.61%. The proposed malware family classification model also achieves 99.33% malware family classification error rate.

[1]  Christopher Krügel,et al.  Exploring Multiple Execution Paths for Malware Analysis , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[2]  Junfeng Wang,et al.  An unknown malware detection scheme based on the features of graph , 2013, Secur. Commun. Networks.

[3]  Salvatore J. Stolfo,et al.  Data mining methods for detection of new malicious executables , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[4]  Kuinam J. Kim,et al.  A Study on Malicious Codes Pattern Analysis Using Visualization , 2011, 2011 International Conference on Information Science and Applications.

[5]  S. Sitharama Iyengar,et al.  A Survey on Malware Detection Using Data Mining Techniques , 2017, ACM Comput. Surv..

[6]  Carsten Willems,et al.  Learning and Classification of Malware Behavior , 2008, DIMVA.

[7]  Xiaohong Su,et al.  A Framework for Understanding Dynamic Anti-Analysis Defenses , 2014, PPREW-4.

[8]  Wenyi Huang,et al.  MtNet: A Multi-Task Neural Network for Dynamic Malware Classification , 2016, DIMVA.

[9]  Mark Stamp,et al.  Structural entropy and metamorphic malware , 2013, Journal of Computer Virology and Hacking Techniques.

[10]  Herbert Bos,et al.  Prudent Practices for Designing Malware Experiments: Status Quo and Outlook , 2012, 2012 IEEE Symposium on Security and Privacy.

[11]  Christopher Krügel,et al.  AccessMiner: using system-centric models for malware protection , 2010, CCS '10.

[12]  Mansour Ahmadi,et al.  Novel Feature Extraction, Selection and Fusion for Effective Malware Family Classification , 2015, CODASPY.

[13]  Felix C. Freiling,et al.  Toward Automated Dynamic Malware Analysis Using CWSandbox , 2007, IEEE Secur. Priv..

[14]  Yuval Elovici,et al.  Detecting unknown malicious code by applying classification techniques on OpCode patterns , 2012, Security Informatics.