Advertisement

A Detailed Investigation and Analysis of Deep Learning Architectures and Visualization Techniques for Malware Family Identification

  • S. AkarshEmail author
  • Prabaharan Poornachandran
  • Vijay Krishna Menon
  • K. P. Soman
Chapter
  • 632 Downloads
Part of the Advanced Sciences and Technologies for Security Applications book series (ASTSA)

Abstract

At present time, malware is one of the biggest threats to Internet service security. This chapter propose a novel file agnostic deep learning architecture for malware family identification which converts malware binaries into gray scale images and then identifies their families by a hybrid in-house model, Convolutional Neural Network and Long Short Term Memory (CNN-LSTM). The significance of the hybrid model enables the network to capture the spatial and temporal features which can be used effectively to distinguish among malwares. In this novel method, usual methods like disassembly, de-compiling, de-obfuscation or execution of the malware binary need not be done. Various experiments were run to identify an optimal deep learning network parameters and network structure on benchmark and well-known data set. All experiments were run at a learning rate 0.1 for 1,000 epochs. To select a model which is generalizable, various test-train splits were done during experimentation. Additionally. this facilitates to find how well the models perform on imbalanced data sets. Experimental results shows that the hybrid model is very effective for malware family classification in all the train-test splits. It indicates that the model can work in unevenly distributed samples too. The classification accuracy obtained by deep learning architectures on all train-test splits performed better than other compared classical machine learning algorithms and existing method based on deep learning. Finally, a scalable framework based on deep learning and visualization approach is proposed which can be used in real time for malware family identification.

Keywords

Cyber security Cyber crime Malware family identification Malware feature image Static analysis Visual analysis Machine learning Deep learning Image processing IoT Big data 

Notes

Acknowledgements

This research was supported in part by Paramount Computer Systems and Lakhshya Cyber Security Labs. We are grateful to NVIDIA India, for the GPU hardware support to research grant. We are also grateful to Computational Engineering and Networking (CEN) department for encouraging the research.

References

  1. 1.
    Elhoseny H, Elhoseny M, Abdelrazek S, Riad AM, Hassanien AE (2017) Ubiquitous smart learning system for smart cities. In: 2017 Eighth international conference on intelligent computing and information systems (ICICIS). IEEE, pp 329–334Google Scholar
  2. 2.
    Elhoseny H, Elhoseny M, Riad AM, Hassanien AE (2018) A framework for big data analysis in smart cities. In: International conference on advanced machine learning technologies and applications. Springer, Cham, pp 405–414CrossRefGoogle Scholar
  3. 3.
    Farahat IS, Tolba AS, Elhoseny M, Eladrosy W (2019) Data security and challenges in smart cities. In: Security in smart cities: models, applications, and challenges. Springer, Cham, pp 117–142Google Scholar
  4. 4.
    Ghandour AG, Elhoseny M, Hassanien AE (2019) Blockchains for smart cities: a survey. In: Security in smart cities: models, applications, and challenges. Springer, Cham, pp 193–210Google Scholar
  5. 5.
    Azmoodeh A, Dehghantanha A, Conti M, Choo KKR (2017) Detecting crypto-ransomware in IoT networks based on energy consumption footprint. J Ambient Intell Hum Comput 1–12Google Scholar
  6. 6.
    Azmoodeh A, Dehghantanha A, Choo KKR (2018) Robust malware detection for internet of (battlefield) things devices using deep eigenspace learning. IEEE Trans Sustain ComputGoogle Scholar
  7. 7.
    Gammons B (2017) 6 Must-know cybersecurity statistics for 2017—Barkly blog [Blog post]. Retrieved from https://blog.barkly.com/cyber-security-statistics-2017
  8. 8.
    Vinayakumar R, Soman KP, Poornachandran P (2017) Applying convolutional neural network for network intrusion detection. In: 2017 International conference on advances in computing, communications and informatics (ICACCI). IEEE, pp 1222–1228Google Scholar
  9. 9.
    Vinayakumar R, Soman KP, Poornachandran P (2018) Detecting malicious domain names using deep learning approaches at scale. J Int Fuzzy Syst 34(3):1355–1367Google Scholar
  10. 10.
    Nataraj L, Karthikeyan S, Jacob G, Manjunath BS (2011) Malware images: visualization and automatic classification. In: Proceedings of the 8th international symposium on visualization for cyber security. ACM, p 4Google Scholar
  11. 11.
    Kirat D, Nataraj L, Vigna G, Manjunath BS (2013) Sigmal: a static signal processing based malware triage. In: Proceedings of the 29th annual computer security applications conference. ACM, pp 89–98Google Scholar
  12. 12.
    Rao H, Shi X, Rodrigue AK, Feng J, Xia Y, Elhoseny M, Gu L (2019) Feature selection based on artificial bee colony and gradient boosting decision tree. Appl Soft Comput 74:634–642CrossRefGoogle Scholar
  13. 13.
    Vinayakumar R, Poornachandran P, Soman KP (2018) Scalable framework for cyber threat situational awareness based on domain name systems data analysis. In: Big data in engineering applications. Springer, Singapore, pp 113–142Google Scholar
  14. 14.
    Vinayakumar R, Soman KP, Poornachandran P (2018) Evaluating deep learning approaches to characterize and classify malicious URLs. J Intell Fuzzy Syst 34(3):1333–1343CrossRefGoogle Scholar
  15. 15.
    Vinayakumar R, Soman KP, Velan KS, Ganorkar S (2017). Evaluating shallow and deep networks for ransomware detection and classification. In: 2017 International conference on advances in computing, communications and informatics (ICACCI). IEEE, pp 259–265Google Scholar
  16. 16.
    Vinayakumar R, Soman KP, Poornachandran P (2017) Applying deep learning approaches for network traffic prediction. In: 2017 International conference on advances in computing, communications and informatics (ICACCI). IEEE, pp 2353–2358Google Scholar
  17. 17.
    Vinayakumar R, Soman KP, Poornachandran P (2017) Deep encrypted text categorization. In: 2017 International conference on advances in computing, communications and informatics (ICACCI). IEEE, pp 364–370Google Scholar
  18. 18.
    Vinayakumar R, Soman KP, Poornachandran P (2017) Deep android malware detection and classification. In: 2017 International conference on advances in computing, communications and informatics (ICACCI). IEEE, pp 1677–1683Google Scholar
  19. 19.
    Vinayakumar R, Soman KP, Poornachandran P (2017) Long short-term memory based operation log anomaly detection. In: 2017 International conference on advances in computing, communications and informatics (ICACCI). IEEE, pp 236–242Google Scholar
  20. 20.
    Vinayakumar R, Soman KP, Poornachandran P (2017). Evaluating effectiveness of shallow and deep networks to intrusion detection system. In: 2017 International conference on advances in computing, communications and informatics (ICACCI). IEEE, pp 1282–1289Google Scholar
  21. 21.
    Vinayakumar R, Soman KP, Poornachandran P (2017) Evaluation of recurrent neural network and its variants for intrusion detection system (IDS). Int J Inf Syst Model Des (IJISMD) 8(3):43–63CrossRefGoogle Scholar
  22. 22.
    Vinayakumar R, Soman KP, Poornachandran P, Mohan VS, Kumar AD (2019) ScaleNet: scalable and hybrid framework for cyber threat situational awareness based on DNS, URL, and email data analysis. J Cyber Secur Mob 8(2):189–240CrossRefGoogle Scholar
  23. 23.
    Vinayakumar R, Soman KP (2018) DeepMalNet: evaluating shallow and deep networks for static PE malware detection. ICT Express 4(4):255–258CrossRefGoogle Scholar
  24. 24.
    Mohan VS, Vinayakumar R, Soman KP, Poornachandran P (2018) Spoof net: syntactic patterns for identification of ominous online factors. In: 2018 IEEE security and privacy workshops (SPW). IEEE, pp 258–263Google Scholar
  25. 25.
    Kim CH, Kabanga EK, Kang SJ (2018) Classifying malware using convolutional gated neural network. In 2018 20th International conference on advanced communication technology (ICACT). IEEE, pp 40–44Google Scholar
  26. 26.
    Agarap AF, Pepito FJH (2017) Towards building an intelligent anti-malware system: a deep learning approach using support vector machine (SVM) for malware classification. arXiv preprint arXiv:1801.00318
  27. 27.
    Gibert D, Mateu C, Planes J, Vicens R (2018) Using convolutional neural networks for classification of malware represented as images. J Comput Virol Hacking Tech 1–14Google Scholar
  28. 28.
    Nataraj L, Yegneswaran V, Porras P, Zhang J (2011) A comparative assessment of malware classification using binary texture analysis and dynamic analysis. In: Proceedings of the 4th ACM workshop on security and artificial intelligence. ACM, pp 21–30Google Scholar
  29. 29.
    Han KS, Lim JH, Kang B, Im EG (2015) Malware analysis using visualized images and entropy graphs. Int J Inf Secur 14(1):1–14CrossRefGoogle Scholar
  30. 30.
    Ahmadi M, Ulyanov D, Semenov S, Trofimov M, Giacinto G (2016). Novel feature extraction, selection and fusion for effective malware family classification. In: Proceedings of the sixth ACM conference on data and application security and privacy. ACM, pp 183–194Google Scholar
  31. 31.
    Nataraj L, Karthikeyan S, Manjunath BS (2015) SATTVA: SpArsiTy inspired classificaTion of malware VAriants. In: Proceedings of the 3rd ACM workshop on information hiding and multimedia security. ACM, pp 135–140Google Scholar
  32. 32.
    Garcia FCC, Muga II, Felix P (2016) Random forest for malware classification. arXiv preprint arXiv:1609.07770
  33. 33.
    Yue S (2017) Imbalanced malware images classification: a CNN based approach. arXiv preprint arXiv:1708.08042
  34. 34.
    Luo JS, Lo DCT (2017) Binary malware image classification using machine learning with local binary pattern. In: 2017 IEEE international conference on big data (big data). IEEE, pp 4664–4667Google Scholar
  35. 35.
    Makandar A, Patrot A (2017) Malware class recognition using image processing techniques. In: 2017 International conference on data management, analytics and innovation (ICDMAI). IEEE, pp 76–80Google Scholar
  36. 36.
    Yajamanam S, Selvin VRS, Di Troia F, Stamp M (2018) Deep learning versus gist descriptors for image-based malware classification. In: ICISSP, pp 553–561Google Scholar
  37. 37.
    Kabanga EK, Kim CH (2017) Malware images classification using convolutional neural network. J Comput Commun 6(01):153CrossRefGoogle Scholar
  38. 38.
    Zhou X, Pang J, Liang G (2017) Image classification for malware detection using extremely randomized trees. In: 2017 11th IEEE international conference on anti-counterfeiting, security, and identification (ASID). IEEE, pp 54–59Google Scholar
  39. 39.
    Yan J, Qi Y, Rao Q (2018) Detecting malware with an ensemble method based on deep neural network. Hindawi Secur Communi Netw 2018:7247095Google Scholar
  40. 40.
    Kalash M, Rochan M, Mohammed N, Bruce ND, Wang Y, Iqbal F (2018) Malware classification with deep convolutional neural networks. In: 2018 9th IFIP international conference on new technologies, mobility and security (NTMS). IEEE, pp 1–5Google Scholar
  41. 41.
    Su J, Vargas DV, Prasad S, Sgandurra D, Feng Y, Sakurai K (2018) Lightweight classification of IoT malware based on image recognition. arXiv preprint arXiv:1802.03714
  42. 42.
    Dai Y, Li H, Qian Y, Lu X (2018) A malware classification method based on memory dump grayscale image. Digital Invest 27:30–37CrossRefGoogle Scholar
  43. 43.
    Ni S, Qian Q, Zhang R (2018) Malware identification using visualization images and deep learning. Comput SecurGoogle Scholar
  44. 44.
    Sun G, Qian Q (2018) Deep learning and visualization for identifying malware families. IEEE Trans Dependable Secure ComputGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • S. Akarsh
    • 1
    Email author
  • Prabaharan Poornachandran
    • 2
  • Vijay Krishna Menon
    • 1
  • K. P. Soman
    • 1
  1. 1.Center for Computational Engineering and Networking (CEN), Amrita School of EngineeringAmrita Vishwa VidyapeethamCoimbatoreIndia
  2. 2.Centre for Cyber Security Systems and Networks, Amrita School of EngineeringAmrita Vishwa VidyapeethamAmritapuriIndia

Personalised recommendations