Advertisement

M4D: A Malware Detection Method Using Multimodal Features

  • Yusheng DaiEmail author
  • Hui Li
  • Xing Rong
  • Yahong Li
  • Min Zheng
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 1105)

Abstract

With the increasing variants of malware, and it is of great significance to effectively detect malware and secure system. It is easy for malware to evade from the detection using existing dynamic detection method. To resolve the shortcomings of the existing dynamic detection method, we propose a multimodal malware detection method. By extracting the word vector of API call sequence conversion of malware, and extracting the image features converted from grayscale image memory dump of malware process, and inputting the multimodal features into the deep neural network is used to classify the malware samples. The effectiveness of this method is verified by the experiment through the captured malware samples in the wild. In addition, there is a performance comparison between our method and other recent experiments.

Keywords

Malware Dynamic analysis Memory dump Multi-modal analysis 

Notes

Acknowledgment

This work was supported by the National Natural Science Foundation of China under Grant 61571364, and Innovation Foundation for Doctoral Dissertation of Northwestern Polytechnical University under Grant CX201952.

References

  1. 1.
  2. 2.
    Openmalware. http://malwarebenchmark.org/. Last accessed 5 Apr. 2018
  3. 3.
  4. 4.
    Sequence intent classification using hierarchical attention networks (March 2018). https://www.microsoft.com/developerblog/2018/03/06/sequence-intent-classification/
  5. 5.
    Athiwaratkun, B., Stokes, J.W.: Malware classification with LSTM and GRU language models and a character-level CNN. In: 2017 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pp. 2482–2486. IEEE (2017)Google Scholar
  6. 6.
    Bulazel, A., Yener, B.: A survey on automated dynamic malware analysis evasion and counter-evasion: Pc, mobile, and web. In: Proceedings of the 1st Reversing and Offensive-oriented Trends Symposium, p. 2. ACM (2017)Google Scholar
  7. 7.
    Dai, Y., Li, H., Qian, Y., Lu, X.: A malware classification method based on memory dump grayscale image. Digital Invest. 27, 30–37 (2018)CrossRefGoogle Scholar
  8. 8.
    Demme, J., et al.: On the feasibility of online malware detection with performance counters. In: ACM SIGARCH Computer Architecture News. vol. 41, pp. 559–570. ACM (2013)Google Scholar
  9. 9.
    Ding, Y., Xia, X., Chen, S., Li, Y.: A malware detection method based on family behavior graph. Comput. Secur. 73, 73–86 (2018)CrossRefGoogle Scholar
  10. 10.
    Hansen, S.S., Larsen, T.M.T., Stevanovic, M., Pedersen, J.M.: An approach for detection and family classification of malware based on behavioral analysis. In: 2016 International Conference on Computing, Networking and Communications (ICNC), pp. 1–5. IEEE (2016)Google Scholar
  11. 11.
    Idika, N., Mathur, A.P.: A survey of malware detection techniques. PurdueUniversity 48 (2007)Google Scholar
  12. 12.
    Jordaney, R., et al.: Transcend: detecting concept drift in malware classification models. In: 26th \(\{\)USENIX\(\}\) Security Symposium (\(\{\)USENIX\(\}\) Security 17), pp. 625–642 (2017)Google Scholar
  13. 13.
    Khasawneh, K.N., Abu-Ghazaleh, N., Ponomarev, D., Yu, L.: Rhmd: evasion-resilient hardware malware detectors. In: Proceedings of the 50th Annual IEEE/ACM International Symposium on Microarchitecture, pp. 315–327. ACM (2017)Google Scholar
  14. 14.
    Khasawneh, K.N., Ozsoy, M., Donovick, C., Abu-Ghazaleh, N., Ponomarev, D.: Ensemble learning for low-level hardware-supported malware detection. In: Bos, H., Monrose, F., Blanc, G. (eds.) RAID 2015. LNCS, vol. 9404, pp. 3–25. Springer, Cham (2015).  https://doi.org/10.1007/978-3-319-26362-5_1CrossRefGoogle Scholar
  15. 15.
    Khasawneh, K.N., Ozsoy, M., Donovick, C., Ghazaleh, N.A., Ponomarev, D.V.: Ensemblehmd: accurate hardware malware detectors with specialized ensemble classifiers. In: IEEE Transactions on Dependable and Secure Computing (2018)Google Scholar
  16. 16.
    Laskov, P., et al.: Practical evasion of a learning-based classifier: a case study. In: 2014 IEEE Symposium on Security and Privacy, pp. 197–211. IEEE (2014)Google Scholar
  17. 17.
    Maiorca, D., Corona, I., Giacinto, G.: Looking at the bag is not enough to find the bomb: an evasion of structural methods for malicious pdf files detection. In: Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, pp. 119–130. ACM (2013)Google Scholar
  18. 18.
    Mikolov, T., Chen, K., Corrado, G., Dean, J.: Efficient estimation of word representations in vector space (2013). arXiv preprint arXiv:1301.3781
  19. 19.
    Ozsoy, M., Donovick, C., Gorelik, I., Abu-Ghazaleh, N., Ponomarev, D.: Malware-aware processors: a framework for efficient online malware detection. In: 2015 IEEE 21st International Symposium on High Performance Computer Architecture (HPCA), pp. 651–661. IEEE (2015)Google Scholar
  20. 20.
    Ozsoy, M., Khasawneh, K.N., Donovick, C., Gorelik, I., Abu-Ghazaleh, N., Ponomarev, D.: Hardware-based malware detection using low-level architectural features. IEEE Trans. Comput. 65(11), 3332–3344 (2016)MathSciNetCrossRefGoogle Scholar
  21. 21.
    Smutz, C., Stavrou, A.: When a tree falls: using diversity in ensemble classifiers to identify evasion in malware detectors. In: NDSS (2016)Google Scholar
  22. 22.
    Tang, A., Sethumadhavan, S., Stolfo, S.J.: Unsupervised anomaly-based malware detection using hardware features. In: Stavrou, A., Bos, H., Portokalidis, G. (eds.) RAID 2014. LNCS, vol. 8688, pp. 109–129. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-11379-1_6CrossRefGoogle Scholar
  23. 23.
    Tobiyama, S., Yamaguchi, Y., Shimada, H., Ikuse, T., Yagi, T.: Malware detection with deep neural network using process behavior. In: 2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC). vol. 2, pp. 577–582. IEEE (2016)Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  • Yusheng Dai
    • 1
    Email author
  • Hui Li
    • 1
  • Xing Rong
    • 2
  • Yahong Li
    • 3
  • Min Zheng
    • 4
  1. 1.School of Electronics and InformationNorthwestern Polytechnical UniversityXi’anChina
  2. 2.China Electric Engineering Design InstituteBeijingChina
  3. 3.School of Computer and Information EngineeringNan Yang Institute of TechnologyNanyangChina
  4. 4.Henan Institute of Information Security Co. LtdXuchangChina

Personalised recommendations