Enhance deep learning model for malware detection with a new image representation method
DOI:
https://doi.org/10.54654/isj.v1i21.1000Keywords:
malware representation, malware detection, deep learning, convolutional neural networkTóm tắt
In recent years, there has been an explosion in the number of new malware created by hackers worldwide. The large number of malware families causes certain difficulties for traditional malware detection methods. One of the recent research directions of interest is the application of artificial intelligence to solve problems. In this paper, we proposed a new method of representing malicious code as an image by arranging highly correlated bytes in close pixels on the image. Deep learning models are trained on self-built datasets and compare the performance of different image representation methods. Experimental results show that the proposed "serpentine" pixel arrangement method provides better results than other methods.
Downloads
References
Anh Tran Ngoc, Linh Vo Khuong, (2021), “Malware detection based on Machine Learning and PE header information”, Information Security Journal, Vietnam.
Alex Krizhevsky, Ilya Sutskever, Geoffrey E. Hinton, (2012), “ImageNet Classification with Deep Convolutional Neural Networks”, International Conference on Neural Information Processing Systems (NIPS).
Edward Raff, Jared Sylvester, Charles Nicholas, (2017), “Learning the PE Header, Malware Detection with Minimal Domain Knowledge”, ACM Workshop on Artificial Intelligence and Security.
Gibert, D, (2016), “Convolutional neural networks for malware classification”, University Rovira i Virgili, Tarragona, Spain.
Hironobu Fujiyoshi, Tsubasa Hirakawa, Takayoshi Yamashita, (2019), “Deep learning-based image recognition for autonomous driving”, IATSS Research, vol 43, issue 4, pages 244-252.
Hung Nguyen Viet, Ngoc Quach Danh, Dung Pham Ngoc, (2019), “Research on techniques of representing malware files and deep learning models in malware detection”, XXII National Conference: Some selected issues of Information and Communication Technology, Thai Binh, Vietnam.
Huu Danh Pham, Tuan Dinh Le, Thanh Nguyen Vu, (2018), “Static PE Malware Detection Using Gradient Boosting Decision Trees Algorithm”, International Conference on Future Data and Security Engineering, pp 228-236.
Kephart J.O. Tesauro, G.J., Gregory B Sorkin, (1996), “Neural networks for computer virus recognition”, IEEE International Conference on Intelligence and Security Informatics.
L. Nataraj, S. Karthikeyan, G. Jacob, and B. S. Manjunath, (2011), “Malware images: Visualization and automatic classification”, Proceedings of the 8th International Symposium on Visualization for Cyber Security.
Li Deng, George E. Dahl, Jack W. Stokes and Dong Yu (2013), “Large-scale malware classification using random projections and neural network”, ICASSP.
Moreira, C. C., Moreira, D. C., & de Sales Jr, C. D. S. (2023), “Improving ransomware detection based on portable executable header using xception convolutional neural network”, Computers & Security, 130, 103265.
Nitish Srivastava, Geoffrey Hinton, Alex Krizhevsky, Ilya Sutskever, and Ruslan Salakhutdinov, (2013), “Dropout: A simple way to prevent neural networks from overfitting J. Mach. Learn. Res.”. 15(1):1929–1958.
N. Idika, A.P. Mathur, (2007), “A Survey of Malware Detection Techniques”, Purdue University.
Rabia Tahir, (2018), “A Study on Malware and Malware Detection Techniques”, International Journal of Education and Management, MECS.
Rahul Chauhan, Karmal K. Ghanshala, R.C Joshi, (2018), “Convolutional Neural Network (CNN) for Image Detection and Recognition”, First International Conference on Secure Cyber Computing and Communication.
Razvan Pascanu, Jack W. Stokes, Li Deng, Dong Yu, Mady Marinescu, Anil Thomas, (2015), “Malware Classification with Recurrent Networks”, IEEE ICASSP.
Ren, Z., Chen, G., & Lu, W. (2020), “Malware visualization methods based on deep convolution neural networks”, Multimedia Tools and Applications, 79, 10975-10993.
Sunoh Choi, Sungwook Jang, Youngsoo Kim, Jonghyun Kim, (2017), “Malware Detection using Malware Image and Deep Learning”, International Conference on Information and Communication Technology Convergence, Jeju, Korea (South).
P. V. Dinh, N. Shone, P. H. Dung, Q. Shi, N. V. Hung and T. Nguyen Ngoc, "Behaviour-aware Malware Classification: Dynamic Feature Selection," 2019 11th International Conference on Knowledge and Systems Engineering (KSE), Da Nang, Vietnam, 2019, pp. 1-5, doi: 10.1109/KSE.2019.8919491.
Tu Nguyen Minh, Hung Nguyen Viet, Anh Phan Viet, Loi Cao Van, Nathan Shone, “Detecting Malware Based on Dynamic Analysis Techniques Using Deep Graph Learning”, Lecture Notes in Computer Science, vol. 12466, 2020.
Nguyen, M.T., Nguyen, V.H. & Shone, N. Using deep graph learning to improve dynamic analysis-based malware detection in PE files. J Comput Virol Hack Tech 20, 153–172 (2024). https://doi.org/10.1007/s11416-023-00505-x.
Seonhee Seok, Howon Kim, (2016), “Visualized Malware Classification Based on Convolutional Network”, Journal of The Korea Institute of Information Security and Cryptology.
N. V. Hung, P. Ngoc Dung, T. N. Ngoc, V. Dinh Phai and Q. Shi, "Malware detection based on directed multi-edge dataflow graph representation and convolutional neural network," 2019 11th International Conference on Knowledge and Systems Engineering (KSE), Da Nang, Vietnam, 2019, pp. 1-5, doi: 10.1109/KSE.2019.8919284.
VirusShare.com, https://virusshare.com/.
VirusTotal.com, https://www.virustotal.com/.
Wenyi Huang, Jack W.Stokes, (2016), “MtNet: A Multi-Task Neural Network for Dynamic Malware Classification”, DIMVA.
Noi, N. H., & Ngoc, T. N. (2023). Learning Latent Representation with Limited Labels for IoT Anomaly Detection. Journal of Science and Technology on Information Security, 3(20), 14-22. https://doi.org/10.54654/isj.v3i20.986.
Downloads
Published
How to Cite
Issue
Section
License
Proposed Policy for Journals That Offer Open Access
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
Proposed Policy for Journals That Offer Delayed Open Access
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication, with the work [SPECIFY PERIOD OF TIME] after publication simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).