A Novel Malware Detection and Classification Method Based on Capsule Network

By using camouflage technologies such as code confusion, packing and signature, malware could escape the killing of anti-virus software with a high probability. To detect malware efficiently, traditional machine learning methods usually require complex feature extraction work in advance, CNN and other deep learning methods usually need a large number of labeled samples, all of these will affect the detection performance. For these problems, an improved deep learning method (ColCaps) based on malware color image visualization technology and capsule network is proposed in this paper to detect malware. Firstly, the malware is transformed into a color image. Then, the dynamic routing-based capsule network is used to detect and classify the color image. Without advanced feature extraction and with only a small number of labeled samples, ColCaps has better performances in cross-platform detection and classification. The experimental results show that, the detection accuracy of the proposed method on Android and Windows platforms is 99.3% and 96.5% respectively, which is 20% higher than that of the existing method. Meanwhile, the classification task in Drebin dataset has an accuracy of 98.2%, which is a significant improvement over the prior DREBIN.

[1]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[2]  B. S. Manjunath,et al.  Malware images: visualization and automatic classification , 2011, VizSec '11.

[3]  V. Sheng,et al.  An abnormal network flow feature sequence prediction approach for DDoS attacks detection in big data environment , 2018 .

[4]  Konstantin Berlin,et al.  Deep neural network based malware detection using two dimensional binary program features , 2015, 2015 10th International Conference on Malicious and Unwanted Software (MALWARE).

[5]  Eunjin Kim,et al.  A Novel Approach to Detect Malware Based on API Call Sequence Analysis , 2015, Int. J. Distributed Sens. Networks.

[6]  Chao Yang,et al.  DroidMiner: Automated Mining and Characterization of Fine-grained Malicious Behaviors in Android Applications , 2014, ESORICS.

[7]  Li Ting,et al.  Description of Android Malware Feature Based on Dalvik Instructions , 2014 .

[8]  Geoffrey E. Hinton,et al.  Dynamic Routing Between Capsules , 2017, NIPS.

[9]  Geoffrey E. Hinton,et al.  Transforming Auto-Encoders , 2011, ICANN.

[10]  Chia-Mu Yu,et al.  R2-D2: ColoR-inspired Convolutional NeuRal Network (CNN)-based AndroiD Malware Detections , 2017, 2018 IEEE International Conference on Big Data (Big Data).

[11]  Konrad Rieck,et al.  DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket , 2014, NDSS.

[12]  Heng Yin,et al.  DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis , 2012, USENIX Security Symposium.

[13]  Qiang Liu,et al.  An Optimization View on Dynamic Routing Between Capsules , 2018, ICLR.

[14]  Kieran McLaughlin,et al.  Obfuscation: The Hidden Malware , 2011, IEEE Security & Privacy.

[15]  Sakir Sezer,et al.  Analysis of Bayesian classification-based approaches for Android malware detection , 2016, IET Inf. Secur..

[16]  Yuhong Zhang,et al.  Sentiment Classification based on Piecewise Pooling Convolutional Neural Network , 2018 .

[17]  Martin Wattenberg,et al.  Visualizing Dataflow Graphs of Deep Learning Models in TensorFlow , 2018, IEEE Transactions on Visualization and Computer Graphics.

[18]  Yajin Zhou,et al.  Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets , 2012, NDSS.

[19]  Sakir Sezer,et al.  A New Android Malware Detection Approach Using Bayesian Classification , 2013, 2013 IEEE 27th International Conference on Advanced Information Networking and Applications (AINA).

[20]  Amara Dinesh Kumar,et al.  Novel Deep Learning Model for Traffic Sign Detection Using Capsule Networks , 2018, ArXiv.

[21]  Mohammed S. Alam,et al.  Random Forest Classification for Detecting Android Malware , 2013, 2013 IEEE International Conference on Green Computing and Communications and IEEE Internet of Things and IEEE Cyber, Physical and Social Computing.