Table of Contents Author Guidelines Submit a Manuscript
Security and Communication Networks
Volume 2018, Article ID 7247095, 16 pages
https://doi.org/10.1155/2018/7247095
Research Article

Detecting Malware with an Ensemble Method Based on Deep Neural Network

Department of Computer Science and Technology, Xi’an Jiaotong University, Xi’an, Shaanxi, China

Correspondence should be addressed to Yong Qi; nc.ude.utjx@yiq

Received 18 August 2017; Revised 3 December 2017; Accepted 6 February 2018; Published 12 March 2018

Academic Editor: Zonghua Zhang

Copyright © 2018 Jinpei Yan et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Linked References

  1. “Kaspersky Security Bulletin 2016. Overall statistics for 2016,” https://securelist.com/kaspersky-security-bulletin-2016-executive-summary/76858/. View at Publisher · View at Google Scholar
  2. “McAfee Labs Threats Report in June 2017,” https://www.mcafee.com/us/resources/reports/rp-quarterly-threats-jun-2017.pdf.
  3. D. K. S. Reddy and A. K. Pujari, “N-gram analysis for computer virus detection,” Journal of Computer Virology and Hacking Techniques, vol. 2, no. 3, pp. 231–239, 2006. View at Publisher · View at Google Scholar · View at Scopus
  4. M. Narouei, M. Ahmadi, G. Giacinto, H. Takabi, and A. Sami, “DLLMiner: Structural mining for malware detection,” Security and Communication Networks, vol. 8, no. 18, pp. 3311–3322, 2015. View at Publisher · View at Google Scholar · View at Scopus
  5. G. Willems, T. Holz, and F. Freiling, “Toward automated dynamic malware analysis using CWSandbox,” IEEE Security and Privacy, vol. 5, no. 2, pp. 32–39, 2007. View at Publisher · View at Google Scholar · View at Scopus
  6. K. Rieck, P. Trinius, C. Willems, and T. Holz, “Automatic analysis of malware behavior using machine learning,” Technical Report, University of Mannheim, 2009. View at Google Scholar
  7. M. Zakeri, F. Faraji Daneshgar, and M. Abbaspour, “A static heuristic approach to detecting malware targets,” Security and Communication Networks, vol. 8, no. 17, pp. 3015–3027, 2015. View at Publisher · View at Google Scholar · View at Scopus
  8. A. Moser, C. Kruegel, and E. Kirda, “Limits of static analysis for malware detection,” in Proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC '07), pp. 421–430, December 2007. View at Publisher · View at Google Scholar · View at Scopus
  9. C. Wressnegger, K. Freeman, F. Yamaguchi, and K. Rieck, “Automatically inferring malware signatures for anti-virus assisted attacks,” in Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security, (ASIA CCS '17), pp. 587–598, UAE, April 2017. View at Publisher · View at Google Scholar · View at Scopus
  10. L. Martignoni, E. Stinson, M. Fredrikson, S. Jha, and J. Mitchell, “A layered architecture for detecting malicious behaviors,” in Proceeding of the International Symposium on Recent Advances in Intrusion Detection (RAID '08), 2008.
  11. W. Lee and S. J. Stolfo, “A framework for constructing features and models for intrusion detection systems,” ACM Transactions on Information and System Security, vol. 3, no. 4, pp. 227–261, 2000. View at Publisher · View at Google Scholar
  12. P. Li, L. Liu, D. Gao, and M. K. Reiter, “On challenges in evaluating malware clustering,” in Proceedings of the International Symposium on Recent Advances in Intrusion Detection (RAID '10), vol. 6307, 2010.
  13. M. G. Schultz, E. Eskin, E. Zadok, and S. J. Stolfo, “Data mining methods for detection of new malicious executables,” in Proceedings of the IEEE Symposium on Security and Privacy (S & P), pp. 38–49, May 2001. View at Scopus
  14. W. Cohen, “Fast effective rule induction,” in Proceeding of the 12th International Conference on Machine Learning, 1995.
  15. J. Z. Kolter and M. A. Maloof, “Learning to detect and classify malicious executables in the wild,” Journal of Machine Learning Research, vol. 7, pp. 2721–2744, 2004. View at Google Scholar · View at MathSciNet
  16. J. Saxe and K. Berlin, “Deep neural network based malware detection using two dimensional binary program features,” in Proceedings of the 10th International Conference on Malicious and Unwanted Software, (MALWARE '15), pp. 11–20, USA, October 2015. View at Publisher · View at Google Scholar · View at Scopus
  17. L. Nataraj, S. Karthikeyan, G. Jacob, and B. S. Manjunath, “Malware images: Visualization and automatic classification,” in Proceedings of the 8th International Symposium on Visualization for Cyber Security, (VizSec '11), USA, July 2011. View at Publisher · View at Google Scholar · View at Scopus
  18. L. Nataraj, V. Yegneswaran, P. Porras, and J. Zhang, “A comparative assessment of malware classification using binary texture analysis and dynamic analysis,” in Proceedings of the 4th ACM Workshop on Security and Artificial Intelligence (AISec '11), pp. 21–30, 2011. View at Publisher · View at Google Scholar
  19. D. Kong and G. Yan, “Discriminant malware distance learning on structural information for automated malware classification,” in Proceedings of the 19th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, (KDD '13), pp. 1357–1365, USA, August 2013. View at Publisher · View at Google Scholar · View at Scopus
  20. I. Santos, Y. K. Penya, J. Devesa, and P. G. Bringas, “N-grams-based file signatures for malware detection,” in Proceedings of the ICEIS 2009 - 11th International Confeence on Enterprise Information Systems, pp. 317–320, May 2009. View at Scopus
  21. A. Shabtai, R. Moskovitch, C. Feher, and etal., “Detecting unknown malicious code by applying classification techniques on opcode patterns,” Security Informatics, vol. 1, no. 1, 2012. View at Google Scholar
  22. I. Santos, J. Devesa, F. Brezo, J. Nieves, and P. G. Bringas, “OPEM: A static-dynamic approach for machine-learning-based malware detection,” in Proceedings of the International Joint Conference CISIS’12-ICEUTE12-SOCO12 Special Sessions, 2013, vol. 189, pp. 271–280. View at Publisher · View at Google Scholar · View at Scopus
  23. IDA Pro., http://www.hexrays.com/products/ida/support/download_freeware.shtml.
  24. A. Graves and J. Schmidhuber, “Framewise phoneme classification with bidirectional LSTM and other neural network architectures,” Neural Networks, vol. 18, no. 5-6, pp. 602–610, 2005. View at Publisher · View at Google Scholar · View at Scopus
  25. S. Hochreiter and J. Schmidhuber, “Long short-term memory,” Neural Computation, vol. 9, no. 8, pp. 1735–1780, 1997. View at Publisher · View at Google Scholar · View at Scopus
  26. R. J. Williams and J. Peng, “An efficient gradient-based algorithm for on-line training of recurrent network trajectories,” Neural Computation, vol. 2, no. 4, pp. 490–501, 1990. View at Publisher · View at Google Scholar
  27. P. Malhotra, A. Ramakrishnan, and G. Anand, “LSTM-based encoder-decoder for multi-sensor anomaly detection,” https://arxiv.org/abs/1607.00148.
  28. Z.-H. Zhou, Ensemble methods foundations and algorithms. Machine Learning & Pattern Recognition, Taylor & Francis, London, UK, 2012. View at MathSciNet
  29. Microsoft Malware, https://www.kaggle.com/c/malware-classification.
  30. PC. Windows Software, http://download.cnet.com/windows/.
  31. Baidu Software Center, http://rj.baidu.com/.
  32. G. E. Hinton, N. Srivastava, A. Krizhevsky, I. Sutskever, and R. R. Salakhutdinov, “Improving neural networks by preventing co-adaptation of feature detectors,” https://arxiv.org/abs/1207.0580.
  33. K. Simonyan and A. Zisserman, “Very deep convolutional networks for large-scale image recognition,” in Proceedings of the 3rd International Conference for Learning Representations (ICLR '15), 2015.
  34. A. L. Maas, A. Y. Hannun, and A. Y. Ng, “Rectifier nonlinearities, improve neural network acoustic models,” in In Proceeding of the 30th International Conference on Machine Learning (ICML '13), 2013.
  35. S. Ioffe and C. Szegedy, “Batch normalization: Accelerating deep network training by reducing internal covariate shift,” in Proceedings of the 32nd International Conference on Machine Learning (ICML '15), pp. 448–456, July 2015. View at Scopus
  36. D. Kingma and J. B. Adam, “A method for stochastic optimization,” in Proceedings of the 3rd International Conference for Learning Representations (ICLR '2015), 2015.
  37. L. Wang, “Microsoft Malware Classification Challenge (BIG 2015) First Place Team: Say No To Overfitting,” https://github.com/xiaozhouwang/kaggle_Microsoft_Malware/blob/master/Saynotooverfitting.pdf.
  38. M. Ahmadi, D. Ulyanov, S. Semenov, M. Trofimov, and G. Giacinto, “Novel feature extraction, selection and fusion for effective malware family classification,” in Proceedings of the 6th ACM Conference on Data and Application Security and Privacy, (CODASPY '16), pp. 183–194, USA, March 2016. View at Publisher · View at Google Scholar · View at Scopus
  39. B. N. Narayanan, O. Djaneye-Boundjou, and T. M. Kebede, “Performance analysis of machine learning and pattern recognition algorithms for Malware classification,” in Proceedings of the 2016 IEEE National Aerospace and Electronics Conference and Ohio Innovation Summit, (NAECON-OIS '16), pp. 338–342, USA, July 2016. View at Publisher · View at Google Scholar · View at Scopus
  40. F. C. Garcia and F. P. Muga, “Random forest for malware classification,” https://arxiv.org/abs/1609.07770.
  41. E. Burnaev and D. Smolyakov, “One-class SVM with privileged information and its application to malware detection,” https://arxiv.org/abs/1609.08039. View at Publisher · View at Google Scholar · View at Scopus
  42. J. Kim, S. Bu, and S. Cho, “Malware detection using deep transferred generative adversarial networks,” in Proceedings of the International Conference on Neural Information Processing (ICONIP), 2017.
  43. J. Drew, M. Hahsler, and T. Moore, “Polymorphic malware detection using sequence classification methods and ensembles: BioSTAR 2016 Recommended Submission - EURASIP Journal on Information Security,” EURASIP Journal on Information Security, vol. 2017, no. 1, article no. 2, 2017. View at Publisher · View at Google Scholar · View at Scopus
  44. K. Grosse, N. Papernot, P. Manoharan, M. Backes, and P. McDaniel, “Adversarial perturbations against deep neural networks for malware classification,” https://arxiv.org/abs/1606.04435.
  45. B. Biggio, I. Corona, D. Maiorca et al., “Evasion attacks against machine learning at test time,” in Proceedings of the Joint European Conference on Machine Learning and Knowledge Discovery in Databases (ECML PKDD), 2013.
  46. A. Nguyen, J. Yosinski, and J. Clune, “Deep neural networks are easily fooled: High confidence predictions for unrecognizable images,” https://arxiv.org/abs/1412.1897. View at Scopus
  47. N. Papernot, P. McDaniel, I. Goodfellow, S. Jha, Z. B. Celik, and A. Swami, “Practical black-box attacks against machine learning,” in Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security, (ASIA CCS '17), pp. 506–519, April 2017. View at Publisher · View at Google Scholar · View at Scopus
  48. N. Carlini and D. Wagner, “Defensive distillation is not robust to adversarial examples,” https://arxiv.org/abs/1607.04311.
  49. N. Carlini and D. Wagner, “Adversarial examples are not easily detected: Bypassing ten detection methods,” https://arxiv.org/abs/1705.07263.
  50. F. Liao, M. Liang, and Y. Dong, “Defense against adversarial attacks using high-level representation guided denoiser,” https://arxiv.org/abs/1712.02976.