Empowering convolutional networks for malware classification and analysis

Kolosnjaji, Bojan; Eraisha, Ghadir; Webster, George D.; Zarras, Apostolis; Eckert, Claudia

doi:10.1109/ijcnn.2017.7966340

Cited by 57 publications

(28 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…From a close look at the very recent applications using Deep Learning for solving malware classification challenges, we observed the followings: Observation 7.1: Features selected in malware classification were grouped into three categories: static features, dynamic features, and hybrid features. Typical static features include metadata, PE import Features, Byte/Entorpy, String, and Assembly Opcode Features derived from the PE files (Kolosnjaji et al 2017;McLaughlin et al 2017; Saxe and Berlin 2015). De La Rosa et al (2018) took three kinds of static features: byte-level, basic-level ( strings in the file, the metadata table, and the import table of the PE header), and assembly features-level.…”

Section: Key Findings From a Closer Lookmentioning

confidence: 99%

“…Observation 7.2: In most works, Phase II was inevitable because extracted features needed to be vertorized for Deep Learning models. One-hot encoding approach was frequently used to vectorize features (Kolosnjaji et al 2017;McLaughlin et al 2017;Rosenberg et al 2018;Tobiyama et al 2016;Nix and Zhang 2017). Bag-of-words (BoW) and n-gram were also considered to represent features (Nix and Zhang 2017).…”

Section: Key Findings From a Closer Lookmentioning

confidence: 99%

“…Some works investigated LSTM models for sequential features (Nix and Zhang 2017;Rosenberg et al 2018). Two networks with different features as inputs were used for malware classification by combining their outputs with a dropout layer and an output layer (Kolosnjaji et al 2017). In (Kolosnjaji et al 2017), one network transformed PE Metadata and import features using feedforward neurons, another one leveraged convolutional network layers with opcode sequences.…”

Section: Key Findings From a Closer Lookmentioning

confidence: 99%

See 2 more Smart Citations

Using deep learning to solve computer security challenges: a survey

et al. 2020

View full text Add to dashboard Cite

Although using machine learning techniques to solve computer security challenges is not a new idea, the rapidly emerging Deep Learning technology has recently triggered a substantial amount of interests in the computer security community. This paper seeks to provide a dedicated review of the very recent research works on using Deep Learning techniques to solve computer security challenges. In particular, the review covers eight computer security problems being solved by applications of Deep Learning: security-oriented program analysis, defending return-oriented programming (ROP) attacks, achieving control-flow integrity (CFI), defending network attacks, malware classification, system-event-based anomaly detection, memory forensics, and fuzzing for software security.

show abstract

Section: Key Findings From a Closer Lookmentioning

confidence: 99%

Section: Key Findings From a Closer Lookmentioning

confidence: 99%

Section: Key Findings From a Closer Lookmentioning

confidence: 99%

See 1 more Smart Citation

Using deep learning to solve computer security challenges: a survey

et al. 2020

View full text Add to dashboard Cite

show abstract

“…One model has been pretrained on word embedding whereas the other one is not pretrained. A convolutional FFN which employs hierarchical feature extraction mechanism to detect and classify malwares [264]. This approach is based on data from static analysis and uses meta data of portable executable files.…”

Section: ) Deep Neural Network (Dnn)mentioning

confidence: 99%

A Comprehensive Tutorial and Survey of Applications of Deep Learning for Cyber Security

Ravi¹,

Alazab²,

Sriram³

et al. 2020

Preprint

View full text Add to dashboard Cite

show abstract

“…Jiang et al [14] proposed LSTM-RNN multi-channel voting algorithm, which improved the adaptability of neural network in different environments and expanded the application scenarios of detection algorithm. Kolosnjaji et al [15] proposed a traffic intrusion detection method based on convolution and feed-forward neural structure, which realized the extraction of hierarchical features of data sets. Zhou et al [16] summarized the collaborative intrusion detection systems to expand the deficiency of traditional IDS in detecting coordinated attacks.…”

Section: Related Workmentioning

confidence: 99%

An Intrusion Detection System Based on a Quantitative Model of Interaction Mode Between Ports

Liu

Sun

2019

IEEE Access

View full text Add to dashboard Cite

Considering the characteristics of network traffic on the data link layer, such as massive highspeed data flow, information camouflaged easily, and the phenomenon that abnormal traffic is much smaller than the normal one, an intrusion detection system (IDS) based on the quantitative model of interaction mode between ports is proposed. The model gives the quantitative expression of Port Interaction Mode in Data Link Layer (PIMDL), focusing on improving the accuracy and efficiency of the intrusion detection by taking the arrival time distribution of traffic. The feasibility of the model proposed is proved by the phase space reconstruction and visualization method. According to the characteristics of long and short sessions, a neural network based on CNN and LSTM is designed to mine the differences between normal and abnormal models. On this basis, an improved Intrusion Detection algorithm based on a multi-model scoring mechanism is designed to classify sessions in model space. And the experiments show that the quantitative model and the improved algorithm proposed can not only effectively avoid camouflage identity information, but also improve computational efficiency, as well as increase the accuracy of small sample anomaly detection. INDEX TERMS Anomaly detection, interaction mode between ports, intrusion detection, neural network, phase space reconstruction.

show abstract

Empowering convolutional networks for malware classification and analysis

Cited by 57 publications

References 13 publications

Using deep learning to solve computer security challenges: a survey

Using deep learning to solve computer security challenges: a survey

A Comprehensive Tutorial and Survey of Applications of Deep Learning for Cyber Security

An Intrusion Detection System Based on a Quantitative Model of Interaction Mode Between Ports

Contact Info

Product

Resources

About