Table of Contents Author Guidelines Submit a Manuscript
Mathematical Problems in Engineering
Volume 2019, Article ID 8195395, 10 pages
https://doi.org/10.1155/2019/8195395
Research Article

Malware Detection Based on Deep Learning of Behavior Graphs

Fei Xiao,1,2,3 Zhaowen Lin,1,2,3 Yi Sun,2,3,4 and Yan Ma1

1Network and Information Center, Institute of Network Technology, Beijing University of Posts and Telecommunications, Beijing, 100876, China
2Science and Technology on Information Transmission and Dissemination in Communication Networks Laboratory, Shijiazhuang, 050081, China
3National Engineering Laboratory for Mobile Network Security, Beijing University of Posts and Telecommunications, Beijing, 100876, China
4Network and Information Center, Institute of Network Technology/Institute of Sensing Technology and Business, Beijing University of Posts and Communications, Beijing, 100000, China

Correspondence should be addressed to Yi Sun; nc.ude.tpub@tpubys

Received 26 October 2018; Revised 15 January 2019; Accepted 21 January 2019; Published 11 February 2019

Academic Editor: Luis Martínez

Copyright © 2019 Fei Xiao et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Linked References

  1. “Internet Security Threat Report,” 2016, https://www.symantec.com/content/dam/symantec/docs/security-center/archives/istr-16-april-volume-21-en.pdf.
  2. H. Sun, X. Wang, R. Buyya, and J. Su, “CloudEyes: Cloud-based malware detection with reversible sketch for resource-constrained internet of things (IoT) devices,” Software: Practice and Experience, vol. 47, no. 3, pp. 421–441, 2017. View at Publisher · View at Google Scholar · View at Scopus
  3. M. Alhanahnah, Q. Lin, Q. Yan, N. Zhang, and Z. Chen, “Efficient signature generation for classifying cross-architecture IoT malware,” in Proceedings of the 6th IEEE Conference on Communications and Network Security, CNS 2018, Beijing, China, June 2018. View at Scopus
  4. S. Sharmeen, S. Huda, J. H. Abawajy, W. N. Ismail, and M. M. Hassan, “Malware threats and detection for industrial mobile-IoT networks,” IEEE Access, vol. 6, pp. 15941–15957, 2018. View at Publisher · View at Google Scholar · View at Scopus
  5. S. Cesare, Y. Xiang, and W. Zhou, “Control flow-based malware variant detection,” IEEE Transactions on Dependable and Secure Computing, vol. 11, no. 4, pp. 304–317, 2014. View at Publisher · View at Google Scholar · View at Scopus
  6. H. S. Galal, Y. B. Mahdy, and M. A. Atiea, “Behavior-based features model for malware detection,” Journal in Computer Virology and Hacking Techniques, vol. 12, no. 2, pp. 59–67, 2016. View at Publisher · View at Google Scholar
  7. A. Kharraz, A. Sajjad, C. Mulliner, W. Robertson, and K. Engin, “UNVEIL: a large-scale, automated approach to detecting ransomware,” in Proceedings of the USENIX Security Symposium, pp. 757–772, 2016.
  8. A. A. E. Elhadi, M. A. Maarof, and B. I. A. Barry, “Improving the detection of malware behaviour using simplified data dependent API call graph,” International Journal of Security and Its Applications, vol. 7, no. 5, pp. 29–42, 2013. View at Publisher · View at Google Scholar · View at Scopus
  9. B. S. Abhishek and B. A. Prakash, “Graphs for malware detection: the next frontier,” in Proceedings of the 13th International Workshop on Mining and Learning with Graphs (MLG), 2017.
  10. M. Fan, J. Liu, X. Luo et al., “Android malware familial classification and representative sample selection via frequent subgraph analysis,” IEEE Transactions on Information Forensics and Security, vol. 13, no. 8, pp. 1890–1905, 2018. View at Publisher · View at Google Scholar
  11. Z. Lin, X. Fei, S. Yi, Y. Ma, C.-C. Xing, and J. Huang, “A secure encryption-based malware detection system,” KSII Transactions on Internet and Information Systems, vol. 12, no. 4, pp. 1799–1818, 2018. View at Publisher · View at Google Scholar
  12. H. William, C. Lingwei, H. Shifu, Y. Yanfang, and L. Xin, “DL4MD: A deep learning framework for intelligent malware detection,” in Proceedings of the International Conference on Data Mining (DMIN), p. 61, The Steering Committee of the World Congress in Computer Science, Computer Engineering and Applied Computing (WorldComp), 2016.
  13. O. Ronneberger, P. Fischer, and T. Brox, “U-net: convolutional networks for biomedical image segmentation,” in Proceedings of the International Conference on Medical Image Computing and Computer-Assisted Intervention (MICCAI '15), vol. 9351 of Lecture Notes in Computer Science, pp. 234–241, Springer, Cham, Switzerland, November 2015. View at Publisher · View at Google Scholar · View at Scopus
  14. W. Yang, Q. Liu, S. Wang et al., “Down image recognition based on deep convolutional neural network,” Information Processing in Agriculture, vol. 5, no. 2, pp. 246–252, 2018. View at Publisher · View at Google Scholar · View at Scopus
  15. J. Donahue, L. A. Hendricks, S. Guadarrama et al., “Long-term recurrent convolutional networks for visual recognition and description,” in Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, CVPR 2015, pp. 2625–2634, USA, June 2015. View at Scopus
  16. A. Voulodimos, N. Doulamis, A. Doulamis, and E. Protopapadakis, “Deep learning for computer vision: a brief review,” Computational Intelligence and Neuroscience, vol. 2018, Article ID 7068349, 13 pages, 2018. View at Publisher · View at Google Scholar · View at Scopus
  17. S. Ren, K. He, R. Girshick, and J. Sun, “Faster R-CNN: towards real-time object detection with region proposal networks,” in Advances in Neural Information Processing Systems, pp. 91–99, 2015. View at Google Scholar · View at Scopus
  18. E. Protopapadakis, A. Voulodimos, A. Doulamis, N. Doulamis, D. Dres, and M. Bimpas, “Stacked autoencoders for outlier detection in over-the-horizon radar signals,” Computational Intelligence and Neuroscience, vol. 2017, Article ID 5891417, 11 pages, 2017. View at Publisher · View at Google Scholar · View at Scopus
  19. L. Vareka and P. Mautner, “Stacked autoencoders for the P300 component detection,” Frontiers in Neuroscience, vol. 11, p. 302, 2017. View at Google Scholar · View at Scopus
  20. S. Sicari, A. Rizzardi, L. A. Grieco, and A. Coen-Porisini, “Security, privacy and trust in Internet of Things: the road ahead,” Computer Networks, vol. 76, pp. 146–164, 2015. View at Publisher · View at Google Scholar · View at Scopus
  21. S. Singh and N. Singh, “Internet of Things (IoT): Security challenges, business opportunities & reference architecture for E-commerce,” in Proceedings of the 1st International Conference on Green Computing and Internet of Things, ICGCIoT 2015, pp. 1577–1581, IEEE, Noida, India, October 2015. View at Publisher · View at Google Scholar · View at Scopus
  22. L. Atzori, A. Iera, and G. Morabito, “The internet of things: a survey,” Computer Networks, vol. 54, no. 15, pp. 2787–2805, 2010. View at Publisher · View at Google Scholar · View at Scopus
  23. J. Su, V. D. Vasconcellos, S. Prasad, S. Daniele, Y. Feng, and K. Sakurai, “Lightweight classification of IoT malware based on image recognition,” in Proceedings of the 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC), pp. 664–669, Tokyo, Japan, July 2018. View at Publisher · View at Google Scholar
  24. M. Chandramohan, H. B. K. Tan, and L. K. Shar, “Scalable malware clustering through coarse-grained behavior modeling,” in Proceedings of the 20th ACM SIGSOFT International Symposium on the Foundations of Software Engineering, FSE 2012, p. 27, ACM, New York, NY, USA, November 2012. View at Publisher · View at Google Scholar · View at Scopus
  25. S. Das, Y. Liu, W. Zhang, and M. Chandramohan, “Semantics-based online malware detection: Towards efficient real-time protection against malware,” IEEE Transactions on Information Forensics and Security, vol. 11, no. 2, pp. 289–302, 2016. View at Publisher · View at Google Scholar · View at Scopus
  26. Y. Ki, E. Kim, and H. K. Kim, “A novel approach to detect malware based on API call sequence analysis,” International Journal of Distributed Sensor Networks, vol. 2015, no. 6, Article ID 659101, 9 pages, 2015. View at Publisher · View at Google Scholar · View at Scopus
  27. W. Liu, P. Ren, K. Liu, and H.-X. Duan, “Behavior-based malware analysis and detection,” in Proceedings of the 1st International Workshop on Complexity and Data Mining (IWCDM '11), pp. 39–42, IEEE, September 2011. View at Publisher · View at Google Scholar · View at Scopus
  28. T. Lee, B. Choi, Y. Shin, and J. Kwak, “Automatic malware mutant detection and group classification based on the n-gram and clustering coefficient,” The Journal of Supercomputing, pp. 1–15, 2015. View at Google Scholar
  29. P. Natani and D. Vidyarthi, “Malware detection using API function frequency with ensemble based classifier,” in Proceedings of the International Symposium on Security in Computing and Communication, vol. 377, pp. 378–388, Springer, Berlin, Germany, 2013. View at Publisher · View at Google Scholar · View at Scopus
  30. W. Huang and J. W. Stokes, “MtNet: a multi-task neural network for dynamic malware classification,” in Proceedings of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, vol. 9721 of Lecture Notes in Computer Science, pp. 399–418, Springer International Publishing, Cham, Switzerland, 2016. View at Publisher · View at Google Scholar
  31. B. Kolosnjaji, A. Zarras, G. Webster, and C. Eckert, “Deep learning for classification of malware system call sequences,” in Proceedings of the Australasian Joint Conference on Artificial Intelligence, Lecture Notes in Comput. Sci., pp. 137–149, Springer, Cham, Switzerland, 2016. View at Publisher · View at Google Scholar · View at MathSciNet
  32. R. Pascanu, J. W. Stokes, H. Sanossian, M. Marinescu, and A. Thomas, “Malware classification with recurrent networks,” in Proceedings of the International Conference on Acoustics, Speech and Signal Processing (ICASSP), pp. 1916–1920, IEEE, Australia, April 2014. View at Publisher · View at Google Scholar · View at Scopus
  33. O. E. David and N. S. Netanyahu, “DeepSign: deep learning for automatic malware signature generation and classification,” in Proceedings of the International Joint Conference on Neural Networks (IJCNN '15), pp. 1–8, July 2015. View at Scopus
  34. J. Wookhyun, K. Sangwon, and C. Sangyong, “Poster: deep learning for zero-day flash malware detection,” in Proceedings of the 36th IEEE Symposium on Security and Privacy, 2015.
  35. A. A. E. Elhadi, M. A. Maarof, B. I. A. Barry, and H. Hamza, “Enhancing the detection of metamorphic malware using call graphs,” Computers & Security, vol. 46, pp. 62–78, 2014. View at Publisher · View at Google Scholar · View at Scopus
  36. P. M. Comparetti, G. Salvaneschi, E. Kirda, C. Kolbitsch, C. Kruegel, and S. Zanero, “Effective and efficient malware detection at the end host,” in Proceedings of the USENIX Security Symposium, vol. 4, pp. 351–366, 2009. View at Publisher · View at Google Scholar
  37. M. Chandramohan, H. B. K. Tan, L. C. Briand, L. K. Shar, and B. M. Padmanabhuni, “A scalable approach for malware detection through bounded feature space behavior modeling,” in Proceedings of the Automated Software Engineering (ASE), 2013 IEEE/ACM 28th International Conference, pp. 312–322, November 2013. View at Scopus
  38. B. Ulrich, P. M. Comparetti, C. Hlauschek, K. Christopher, and E. Kirda, “Scalable, behavior-based malware clustering,” in NDSS, vol. 9, pp. 8–11, 2009. View at Google Scholar
  39. D. Canali, A. Lanzi, D. Balzarotti, C. Kruegel, M. Christodorescu, and E. Kirda, “A quantitative study of accuracy in system call-based malware detection,” in Proceedings of the 21st International Symposium on Software Testing and Analysis, ISSTA 2012, pp. 122–132, ACM, New York, NY, USA, July 2012. View at Publisher · View at Google Scholar · View at Scopus
  40. J. Yu, C. Hong, Y. Rui, and D. Tao, “Multitask autoencoder model for recovering human poses,” IEEE Transactions on Industrial Electronics, vol. 65, no. 6, pp. 5060–5068, 2018. View at Publisher · View at Google Scholar · View at Scopus
  41. K. Zeng, J. Yu, R. Wang, C. Li, and D. Tao, “Coupled deep autoencoder for single image super-resolution,” IEEE Transactions on Cybernetics, vol. 47, no. 1, pp. 27–37, 2017. View at Google Scholar · View at Scopus
  42. Y. Zhang, S. Wang, P. Phillips, and G. Ji, “Binary PSO with mutation operator for feature selection using decision tree applied to spam detection,” Knowledge-Based Systems, vol. 64, pp. 22–31, 2014. View at Publisher · View at Google Scholar
  43. L. Wenke and D. Xiang, “Information-theoretic measures for anomaly detection,” in Proceedings of the Security and Privacy 2001 IEEE Symposium, pp. 130–143, 2001.
  44. Z. Yuan, Y. Lu, and Y. Xue, “Droiddetector: android malware characterization and detection using deep learning,” Tsinghua Science and Technology, vol. 21, no. 1, Article ID 7399288, pp. 114–123, 2016. View at Publisher · View at Google Scholar · View at Scopus
  45. T. Shibahara, T. Yagi, M. Akiyama, D. Chiba, and T. Yada, “Efficient dynamic malware analysis based on network behavior using deep learning,” in Proceedings of the GLOBECOM 2016 - 2016 IEEE Global Communications Conference, pp. 1–7, Washington, DC, USA, December 2016. View at Publisher · View at Google Scholar