access icon free Parallel-CNN network for malware detection

© The Institution of Engineering and Technology
Received 16/04/2019, Accepted 16/12/2019, Revised 17/08/2019, Published 24/12/2019

Nowadays, computers and the Internet have become an inseparable part of our life. We accomplish a wide range of our daily tasks through the Internet. A massive number of malwares have been designed annually to infiltrate computers and other electronic devices that endanger their security strikingly. Hence, developing a method that is capable of proactively detect and prevent malware is a perpetual demand. Recently, diverse approaches have been introduced for detecting malware by the help of high-level features and machine learning techniques. Although these methods provide reasonable results, in most of them identifying and extracting proper features from files is one of the most challenging steps. Deep learning techniques that have recently been applied in the area of malware detection, automate the feature extraction operations and represent much better results with respect to multi-layer training. In this study, a novel method is proposed for malware detection by employing a parallel architecture of convolutional neural network (CNN). The proposed method utilises raw bytes of executable files and eliminates the need to extract high-level features. The results of experiments show that the proposed approach can achieve high detection rate, outperforming traditional machine learning based methods which reveals the merit of deep learning techniques in malware detection.

Inspec keywords: neural net architecture; learning (artificial intelligence); Internet; feature extraction; convolutional neural nets; invasive software

Other keywords: Internet; malware detection; deep learning techniques; parallel-CNN network; feature extraction operations; machine learning techniques

Subjects: Neural computing techniques; Data security; Information networks

References

    1. 1)
      • 26. LeCun, Y., Bengio, Y.: ‘Convolutional networks for images, speech, and time series’, ‘The handbook of brain theory and neural networks’ vol. 3361, (MIT Press, MA, USA, 1995).
    2. 2)
      • 12. Sanz, B., Santos, I., Laorden, C., et al: ‘Permission usage to detect malware in android’. InInt. Joint Conf. CISIS'12-ICEUTE 12-SOCO 12 Special Sessions, Springer, Berlin, Heidelberg, 2013, pp. 289298.
    3. 3)
      • 10. Apvrille, L., Apvrille, A.: ‘Identifying unknown android malware with feature extractions and classification techniques’. In2015 IEEE Trustcom/BigDataSE/ISPA, Helsinki, Finland, 2015, vol. 1, pp. 182189.
    4. 4)
      • 15. Lv, Y., Duan, Y., Kang, W., et al: ‘Traffic flow prediction with big data: a deep learning approach’, IEEE Trans. Intell. Transp. Syst., 2014, 16, (2), pp. 865873.
    5. 5)
      • 5. Filiol, E., Jacob, G., Le Liard, M.: ‘Evaluation methodology and theoretical model for antiviral behavioural detection strategies’, J. Comput. Virol., 2007, 3, (1), pp. 2337.
    6. 6)
      • 11. Shabtai, A., Kanonov, U., Elovici, Y., et al: ‘‘Andromaly’: a behavioral malware detection framework for android devices’, J. Intell. Inf. Syst., 2012, 38, (1), pp. 161190.
    7. 7)
      • 2. Egele, M., Scholte, T., Kirda, E., et al: ‘A survey on automated dynamic malware-analysis techniques and tools’, ACM Comput. Surv (CSUR), 2012, 44, (2), p. 6.
    8. 8)
      • 1. Varsha, M.V., Vinod, P., Dhanya, K.A.: ‘Identification of malicious android app using manifest and opcode features’, J. Comput. Virol. Hacking Tech., 2017, 13, (2), pp. 125138.
    9. 9)
      • 6. Abou-Assaleh, T., Cercone, N., Keselj, V., et al: N-gram-based detection of new malicious code’. InProc. of the 28th Annual Int. Computer Software and Applications Conf., Hong Kong, 2004, vol. 2, pp. 4142.
    10. 10)
      • 19. Suykens, J.A., Vandewalle, J.: ‘Least squares support vector machine classifiers’, Neural Process. Lett., 1999, 9, (3), pp. 293300.
    11. 11)
      • 14. Huang, W., Song, G., Hong, H., et al: ‘Deep architecture for traffic flow prediction: deep belief networks with multitask learning’, IEEE Trans. Intell. Transp. Syst., 2014, 15, (5), pp. 21912201.
    12. 12)
      • 28. Arp, D., Spreitzenbarth, M., Hubner, M., et al: ‘Drebin: effective and explainable detection of android malware in your pocket’. InNdss, San Diego, CA, USA, 2014, vol. 14, pp. 2326.
    13. 13)
      • 30. Abadi, M.: ‘Tensorflow: learning functions at scale’. InACM Sigplan Notices, ACM, Nara, Japan, 2016, vol. 51, No. 9, pp. 11.
    14. 14)
      • 3. Bazrafshan, Z., Hashemi, H., Fard, S. M. H., et al: ‘A survey on heuristic malware detection techniques’. InThe 5th Conf. on Information and Knowledge Technology, Shiraz, Iran, 2013, pp. 113120.
    15. 15)
      • 23. Xiao, X., Zhang, S., Mercaldo, F., et al: ‘Android malware detection based on system call sequences and LSTM’, Multimedia Tools Appl., 2019, 78, (4), pp. 39793999.
    16. 16)
      • 18. Androguard/androguard’, GitHub, 2017. Available at: https://github.com/androguard/androguard, accessed 07-Mar-2017.
    17. 17)
      • 25. Cui, Z., Xue, F., Cai, X., et al: ‘Detection of malicious code variants based on deep learning’, IEEE Trans. Ind. Inf., 2018, 14, (7), pp. 31873196.
    18. 18)
      • 20. Li, P., Chen, Z., Cui, B.: ‘Detecting malware based on opcode N-gram and machine learning’. InInt. Conf. on P2P, Parallel, Grid, Cloud and Internet Computing, Springer, Cham, 2017, pp. 99110.
    19. 19)
      • 4. Filiol, E.: ‘Malware pattern scanning schemes secure against black-box analysis’, J. Comput. Virol., 2006, 2, (1), pp. 3550.
    20. 20)
      • 27. Mikolov, T., Sutskever, I., Chen, K., et al: ‘Distributed representations of words and phrases and their compositionality’, ‘Advances in neural information processing systems’, (Neural Information Processing Systems, USA, 2013), pp. 31113119.
    21. 21)
      • 21. Farrokhmanesh, M., Hamzeh, A.: ‘Music classification as a new approach for malware detection’, J. Comput. Virol. Hacking Tech., 2019, 15, (2), pp. 7796.
    22. 22)
      • 16. Santos, I., Brezo, F., Ugarte-Pedrero, X., et al: ‘Opcode sequences as representation of executables for data-mining-based unknown malware detection’, Inf. Sci., 2013, 231, pp. 6482.
    23. 23)
      • 8. Ye, Y., Li, T., Zhu, S., et al: ‘Combining file content and file relations for cloud based malware detection’. InProc. of the 17th ACM SIGKDD int. Conf. on Knowledge discovery and data mining, San Diego, CA, USA, ACM, 2011, pp. 222230.
    24. 24)
      • 24. Gibert, D., Mateu, C., Planes, J., et al: ‘Using convolutional neural networks for classification of malware represented as images’, J. Comput. Virol. Hacking Tech., 2019, 15, (1), pp. 1528.
    25. 25)
      • 17. Hashemi, H., Azmoodeh, A., Hamzeh, A., et al: ‘Graph embedding as a new approach for unknown malware detection’, J. Comput. Virol. Hacking Tech., 2017, 13, (3), pp. 153166.
    26. 26)
      • 7. Vinod, P., Jaipur, R., Laxmi, V., et al: ‘Survey on malware detection methods’. InProc. of the 3rd Hackers’ Workshop on computer and internet security, Kanpur, India, 2009, pp. 7479.
    27. 27)
      • 29. Michael, S., Florian, E., Thomas, S., et al: ‘Mobilesandbox: looking deeper into android applications’. InProc. of the 28th Int. ACM Symp. on Applied Computing (SAC), Coimbra, Portugal, 2013.
    28. 28)
      • 22. Hashemi, H., Hamzeh, A.: ‘Visual malware detection using local malicious pattern’, J. Comput. Virol. Hacking Tech., 2019, 15, (1), pp. 114.
    29. 29)
      • 9. Zolotukhin, M., Hämäläinen, T.: ‘Detection of zero-day malware based on the analysis of opcode sequences’. In2014 IEEE 11th Consumer Communications and Networking Conf. (CCNC), Las Vegas, NV, USA, 2014, pp. 386391.
    30. 30)
      • 31. Powers, D.M.: ‘Evaluation: from precision, recall and F-measure to ROC, informedness, markedness and correlation’, (Journal of Machine Learning Technologies, USA, 2011).
    31. 31)
      • 13. Bengio, Y.: ‘Learning deep architectures for AI’, Found. Trends Mach. Learn., 2009, 2, (1), pp. 1127.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs.2019.0159
Loading

Related content

content/journals/10.1049/iet-ifs.2019.0159
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading