Analysis of ResNet and GoogleNet models for malware detection

Springer Science and Business Media LLC - Tập 15 - Trang 29-37 - 2018
Riaz Ullah Khan1, Xiaosong Zhang1, Rajesh Kumar1
1Center of Cyber Security, School of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu, China

Tóm tắt

We have utilized two distinct models to identify the obscure or new sort of malware in this paper. GoogleNet and ResNet models are researched and tried which belong to two different platforms i.e. ResNet belongs to Microsoft and GoogleNet is the intellectual property of Google. Two sorts of datasets are utilized for training and validation the models. One of the dataset was downloaded from Microsoft which is the combination of 10,868 records and these records are binary records. These records are additionally isolated in nine diverse classes. Second dataset is considerate dataset and it contains 3000 benign files. The said datasets were initially in the form of EXE files and were changed over into opcode, after that changed over into images. We got a testing accuracy of 74.5% on GoogleNet and 88.36% precision on ResNet.

Tài liệu tham khảo

Nataraj, L., Yegneswaran, V., Porras, P., Zhang, J.: A comparative assessment of malware classification using binary texture analysis and dynamic analysis. In: Proceedings of the 4th ACM Workshop on Security and Artificial Intelligence, pp. 21–30 (2011). https://doi.org/10.1145/2046684.2046689 Abadi, M., Agarwal, A., Barham, P., Brevdo, E., Chen, Z., Citro, C., Corrado, G.S., Davis, A., Dean, J., Devin, M. Ghemawat, S., Goodfellow, I., Harp, A., Irving, G., Isard, M., Jia, Y., Jozefowicz, R., Kaiser, L., Kudlur, M., Levenberg, J., Mane, D., Monga, R., Moore, S., Murray, D., Olah, C., Schuster, M., Shlens, J., Steiner, B., Sutskever, I., Talwar, K., Tucker, P., Vanhoucke, V., Vasudevan, V., Viegas, F., Vinyals, O., Warden, P., Wattenberg, M., Wicke, M., Yu, Y., Zheng, X.: TensorFlow: Large-Scale Machine Learning on Heterogeneous Distributed Systems (2016). arXiv:1603.04467 Dahl, G., Stokes, J., Deng, L.: Large-scale malware classification using random projections and neural networks. Acoust. Speech (2013). http://ieeexplore.ieee.org/abstract/document/6638293/ Adebayo, O.S., Aziz, N.A.: Static code analysis of permission based features for android malware classification using a priori algorithm with particle swarm optimization. J. Inf. Assur. Secur. 10(4), 152–163 (2015) Bennasar, H., Bendahmane, A., Essaaidi, M.: An Overview of the State-of-the-Art of Cloud Computing Cyber-Security, pp. 56–67. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-55589-8_4 Barrera, D., Kayacik, H.G., van Oorschot, P.C.: A methodology for empirical analysis of permission-based security models and its application to android. 17th Proceedings (2010). http://dl.acm.org/citation.cfm?id=1866317 Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: 16th ACM Conference on Computer (2009). http://dl.acm.org/citation.cfm?id=1653691 Felt, A.P., Greenwood, K., Wagner, D.: The effectiveness of application permissions. In: Conference on Web Application (2011) Afifi, F., Anuar, N.B., Shamshirband, S., Choo, K.K.R.: DyHAP: Dynamic Hybrid ANFIS-PSO Approach for Predicting Mobile Malware. PLoS ONE (2016). http://journals.plos.org/plosone/article?id=10.1371/journal.pone.0162627 Tong, F., Yan, Z.: A hybrid approach of mobile malware detection in Android. J. Parallel Distrib. Comput. (2017). http://www.sciencedirect.com/science/article/pii/S074373151630140X Hardy, W., Chen, L., Hou, S., Ye, Y., Li, X.: DL4MD: A Deep Learning Framework for Intelligent Malware Detection Saxe, J., Berlin, K.: Deep neural network based malware detection using two dimensional binary program features. In: 2015 10th International Conference on Malicious and Unwanted Software (MALWARE), pp. 11–20. IEEE (2015). http://ieeexplore.ieee.org/document/7413680/ Yuan, Z., Lu, Y., Xue, Y.: Droiddetector: Android Malware Characterization and Detection Using Deep Learning. Tsinghua Science and Technology (2016). http://ieeexplore.ieee.org/abstract/document/7399288/ Abou-Assaleh, T., Cercone, N., Keselj, V.: N-Gram-based Detection of New Malicious Code. ieeexplore.ieee.org (2004). http://ieeexplore.ieee.org/abstract/document/1342667/ Reddy, D., Pujari, A.: N-gram analysis for computer virus detection. J. Comput. Virol. (2006). http://www.springerlink.com/index/9H321858271V2720.pdf Moskovitch, R., Feher, C., Tzachar, N., Berger, E.: Unknown Malcode Detection Using Opcode Representation. Springer, Berlin (2008). http://www.springerlink.com/index/B6H4KR787186P460.pdf Nataraj, L., Karthikeyan, S., Jacob, G., Manjunath, B.S.: Malware images. Proceedings of the 8th International Symposium on Visualization for Cyber Security—VizSec’11, pp. 1–7 (2011). http://dl.acm.org/citation.cfm?id=2016904.2016908 Zhang, X., Zhao, J., LeCun, Y.: Character-Level Convolutional Networks for Text Classification. papers.nips.cc. http://papers.nips.cc/paper/5782-character-level-convolutional-networks-fo Damshenas, M., Dehghantanha, A., Choo, K.-K.R., Mahmud, R.: M0Droid: An android behavioral-based malware detection model. J. Inf. Privacy Secur. 11(3), 141–157 (2015). https://doi.org/10.1080/15536548.2015.1073510 Milosevic, N., Dehghantanha, A., Choo, K.K.R.: Machine learning aided Android malware classification. Comput. Electr. (2017). http://www.sciencedirect.com/science/article/pii/S0045790617303087 Siddiqui, M., Wang, M.C., Lee, J.: Detecting internet worms using data mining techniques. J. Syst. Cybern. (2009). http://www.iiisci.org/Journal/CV%7B$%7D/sci/pdfs/QI505RM.pdf Egele, M., Scholte, T., Kirda, E., Kruegel, C.: A survey on automated dynamic malware-analysis techniques and tools. ACM Comput. Surv. (CSUR) (2012). http://dl.acm.org/citation.cfm?id=2089126 Kong, D., Yan, G.: Discriminant malware distance learning on structural information for automated malware classification. In: Proceedings of the 19th ACM SIGKDD International (2013). http://dl.acm.org/citation.cfm?id=2488219 Tian, R., Batten, L.M., Versteeg, S.C.: Function length as a tool for malware classification. In: 3rd International Conference on Malicious and Unwanted Software (MALWARE 2008), pp. 69–76 (2008). http://ieeexplore.ieee.org/abstract/document/4690860/ Tian, R., Batten, L., Islam, R., Versteeg, S.: An automated classification system based on the strings of trojan and virus families. In: 2009 4th International Conference on Malicious and Unwanted Software (MALWARE 2009), pp. 23–30 (2009). http://ieeexplore.ieee.org/abstract/document/5403021/ Hall, M., Holmes, F.E., Holmes, G., Pfahringer, B., Reutemann, P., Witten, I.A.: The WEKA data mining software: an update. SIGKDD Explor. 11(1) (2009). http://dl.acm.org/citation.cfm?id=1656278 Santos, I., Laorden, C., Bringas, P.G.: Collective classification for unknown malware detection. The International Conference (2011). http://ieeexplore.ieee.org/abstract/document/6732395/ Santos, I. Devesa, J., Brezo, F., Nieves, J.: Opem: a static-dynamic approach for machine-learning-based malware detection. Joint Conference CISIS (2013). https://doi.org/10.1007/978-3-642-33018-6_28 Zolkipli, M.F., Jantan, A.: An approach for malware behavior identification and classification. Comput. Res. Dev. (2011). http://ieeexplore.ieee.org/abstract/document/5764001/ Willems, C., Holz, T., Freiling, F.: Toward automated dynamic malware analysis using cwsandbox. IEEE Secur. Privacy 5(2), 32–39 (2007)