Evolving Computational Intelligence System for Malware Detection

  • Konstantinos Demertzis
  • Lazaros Iliadis
Part of the Lecture Notes in Business Information Processing book series (LNBIP, volume 178)

Abstract

Recent malware developments have the ability to remain hidden during infection and operation. They prevent analysis and removal, using various techniques, namely: obscure filenames, modification of file attributes, or operation under the pretense of legitimate programs and services. Also, the malware might attempt to subvert modern detection software, by hiding running processes, network connections and strings with malicious URLs or registry keys. The malware can go a step further and obfuscate the entire file with a packer, which is special software that takes the original malware file and compresses it, thus making all the original code and data unreadable. This paper proposes a novel approach, which uses minimum computational power and resources, to indentify Packed Executable (PEX), so as to spot the existence of malware software. It is an Evolving Computational Intelligence System for Malware Detection (ECISMD) which performs classification by Evolving Spiking Neural Networks (eSNN), in order to properly label a packed executable. On the other hand, it uses an Evolving Classification Function (ECF) for the detection of malwares and applies Genetic Algorithms to achieve ECF Optimization.

Keywords

Security Packed Executable Malware Evolving Spiking Neural Networks Evolving Classification Function Genetic Algorithm for Offline ECF Optimization 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Yan, W., Zhang, Z., Ansari, N.: Revealing Packed Malware. IEEE (2007)Google Scholar
  2. 2.
    Cesare, S., Xiang, Y.: Software Similarity and Classification. Springer (2012)Google Scholar
  3. 3.
    Babar, K., Khalid, F.: Generic unpacking techniques. In: Proceedings of the 2nd International Conference on Computer, Control and Communication (IC4), pp. 1–6. IEEE (2009)Google Scholar
  4. 4.
    Royal, P., Halpin, M., Dagon, D., Edmonds, R.: Polyunpack: Automating the hidden-code extraction of unpack-executing malware. In: ACSAC, pp. 289–300 (2006)Google Scholar
  5. 5.
    Kang, M., Poosankam, P., Yin, H.: Renovo: A hidden code extractor for packed executables. In: 2007 ACM Workshop on Recurring Malcode, pp. 46–53. ACM (2007)Google Scholar
  6. 6.
    Martignoni, L., Christodorescu, M., Jha, S.: Omniunpack: Fast, generic, and safe unpacking of malware. In: Proceedings of the ACSAC, pp. 431–441 (2007)Google Scholar
  7. 7.
    Yegneswaran, V., Saidi, H., Porras, P., Sharif, M.: Eureka: A framework for enabling static analysis on malware, Technical report, Technical Report SRI-CSL-08-01 (2008)Google Scholar
  8. 8.
    Danielescu, A.: Anti-debugging and anti-emulation techniques: Code-Breakers J. (2008)Google Scholar
  9. 9.
    Shafiq, M.Z., Tabish, S.M., Mirza, F., Farooq, M.: PE-Miner: Mining Structural Information to Detect Malicious Executables in Realtime. In: Kirda, E., Jha, S., Balzarotti, D. (eds.) RAID 2009. LNCS, vol. 5758, pp. 121–141. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  10. 10.
    Shaq, M., Tabish, S., Farooq, M.: PE-Probe: Leveraging Packer Detection and Structural Information to Detect Malicious Portable Executables. In: Virus Bulletin Conference (2009)Google Scholar
  11. 11.
    Perdisci, R., Lanzi, A., Lee, W.: McBoost: Boosting scalability in malware collection and analysis using statistical classiffication of executables. In: Proceedings of the 2008 Annual Computer Security Applications Conference, pp. 301–310 (2008) ISSN 1063-9527Google Scholar
  12. 12.
    Kolter, J.Z., Maloof, M.A.: Learning to detect and classify malicious executables in the wild. Journal of Machine Learning Research 7, 2721–2744 (2006)MATHMathSciNetGoogle Scholar
  13. 13.
    Ugarte-Pedrero, X., Santos, I., Bringas, P.G., Gastesi, M., Esparza, J.M.: Semi-supervised Learning for Packed Executable Detection. IEEE (2011) 978-1-4577-0460-4/11Google Scholar
  14. 14.
    Ugarte-Pedrero, X., Santos, I., Laorden, C., Sanz, B., Bringas, G.P.: Collective Classification for Packed Executable Identification. In: ACM CEAS, pp. 23–30 (2011)Google Scholar
  15. 15.
    Gavrilut, D., Cimpoes, M., Anton, D., Ciortuz, L.: Malware Detection Using Machine Learning. In: Proceedings of the International Multiconference on Computer Science and Information Technology, pp. 735–741 (2009) ISBN 978-83-60810-22-4Google Scholar
  16. 16.
    Ye, Y., Wang, D., Li, T., Ye, D.: Imds: intelligent malware detection system. ACM (2007)Google Scholar
  17. 17.
    Chandrasekaran, M., Vidyaraman, V., Upadhyaya, S.J.: Spycon: Emulating user activities to detect evasive spyware, IPCCC. IEEE Computer Society, 502–550 (2007)Google Scholar
  18. 18.
    Chouchane, M.R., Walenstein, A., Lakhotia, A.: Using Markov Chains to filter machine-morphed variants of malicious programs. In: 3rd International Conference on Malicious and Unwanted Software, MALWARE 2008, pp. 77–84 (2008)Google Scholar
  19. 19.
    Stamp, M., Attaluri, S.: McGhee S.: Profile hidden markov models and metamorphic virus detection. Journal in Computer Virology (2008)Google Scholar
  20. 20.
    Santamarta, R.: Generic detection and classification of polymorphic malware using neural pattern recognition (2006)Google Scholar
  21. 21.
    Yoo, I.: Visualizing Windows executable viruses using self-organizing maps. In: VizSEC/DMSEC 2004: ACM Workshop (2004)Google Scholar
  22. 22.
    Schliebs, S., Kasabov, N.: Evolving spiking neural network—a survey. Evolving Systems 4(2), 87–98 (2013)CrossRefGoogle Scholar
  23. 23.
    Thorpe, S.J., Delorme, A.: Rufin van Rullen: Spike-based strategies for rapid processing. Neural Networks 14(6-7), 715–725 (2001)CrossRefGoogle Scholar
  24. 24.
    Delorme, A., Perrinet, L., Thorpe, S.J.: Networks of Integrate-and-Fire Neurons using Rank Order Coding B: Spike Timing Dependant Plasticity and Emergence of Orientation Selectivity. Published in Neurocomputing 38-40(1-4), 539–545 (2000)Google Scholar
  25. 25.
    Thorpe, S.J., Gautrais, J.: Rank order coding. In: CNS 1997: Proceedings of the 6th Annual Conference on Computational Neuroscience: Trends in Research, New York, NY, USA, pp. 113–118. Plenum Press (1998)Google Scholar
  26. 26.
    Kasabov, N.: Evolving connectionist systems: Methods and Applications in Bioinformatics. In: Yu, P.X., Kacprzyk, P.J. (eds.) Brain Study and Intelligent Machines. Springer, NY (2002)Google Scholar
  27. 27.
    Wysoski, S.G., Benuskova, L., Kasabov, N.: Adaptive learning procedure for a network of spiking neurons and visual pattern recognition. In: Blanc-Talon, J., Philips, W., Popescu, D., Scheunders, P. (eds.) ACIVS 2006. LNCS, vol. 4179, pp. 1133–1142. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  28. 28.
    Schliebs, S., Defoin-Platel, M., Kasabov, N.: Integrated feature and parameter optimization for an evolving spiking neural network. In: Köppen, M., Kasabov, N., Coghill, G. (eds.) ICONIP 2008, Part I. LNCS, vol. 5506, pp. 1229–1236. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  29. 29.
    Song Q., Kasabov N.: Weighted Data Normalization and Feature Selection. In: Proc. of the 8th Intelligence Information Systems Conference (2003)Google Scholar
  30. 30.
    Huang, L., Song, Q., Kasabov, N.: Evolving Connectionist System Based Role Allocation for Robotic Soccer. International Journal of Advanced Robotic Systems 5(1), 59–62 (2008) ISSN 1729-8806Google Scholar
  31. 31.
    Kasabov, N.: Evolving fuzzy neural networks for online supervised/ unsupervised, knowledge–based learning. IEEE Trans. Cybernetics 31(6), 902–918 (2001)CrossRefGoogle Scholar
  32. 32.
    Kasabov, N., Song, Q.: DENFIS: Dynamic, evolving neural-fuzzy inference systems and its application for time-series prediction. IEEE Trans. 10(2), 144–154 (2002)Google Scholar
  33. 33.
    Goh, L., Song, Q., Kasabov, N.: A Novel Feature Selection Method to Improve Classification of Gene Expression Data. In: 2nd Asia-Pacific IT Conf. vol. 29 (2004)Google Scholar
  34. 34.
    Kasabov, N., Song, Q.: GA-parameter optimization of evolving connectionist systems for classification and a case study from bioinformatics. In: Neural Information ICONIP 2002 Proceedings of the 9th International Conference on, IEEE ICONIP, 1198128 (2002)Google Scholar
  35. 35.
  36. 36.
  37. 37.
  38. 38.

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Konstantinos Demertzis
    • 1
  • Lazaros Iliadis
    • 1
  1. 1.Department of Forestry & Management of the Environment & Natural ResourcesDemocritus University of ThraceN OrestiadaGreece

Personalised recommendations