Long short-term memory-based Malware classification method for information security

Kang, Jieun; Jang, Sejun; Li, Shuyu; Jeong, Young‐Sik; Sung, Yunsick

doi:10.1016/j.compeleceng.2019.06.014

Cited by 62 publications

(27 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In addition, to verify that the numeric vectors from pre-trained Word2Vec model are capable to represent the malware feature sequences more precisely, the current popular one-hot encoding technique combined with TCN (OneHotTCN, for short) is compared in our experiments. Then, our proposed scheme (Word2VecTCN, for short) is compared with the state-of-the-art malware categorization model in [34] (Word2VecLSTM, for short). Finally, our scheme is compared with some other recent works on the same malware dataset.…”

Section: Methodsmentioning

confidence: 99%

“…• Unify the sequence length: Samples with various length are tricky for neural networks, and therefore unifying the sequence length is imperative for malware categorization. In this work, a sequence length L is pre-set to equalize the lengths [34]. The sequences with length longer than L retain the first L names, and those shorter than L are unified via zero-padding.…”

Section: Pre-processingmentioning

confidence: 99%

See 1 more Smart Citation

Categorizing Malware via A Word2Vec-based Temporal Convolutional Network Scheme

et al. 2020

View full text Add to dashboard Cite

As edge computing paradigm achieves great popularity in recent years, there remain some technical challenges that must be addressed to guarantee smart device security in Internet of Things (IoT) environment. Generally, smart devices transmit individual data across the IoT for various purposes nowadays, and it will cause losses and impose a huge threat to users since malware may steal and damage these data. To improve malware detection performance on IoT smart devices, we conduct a malware categorization analysis based on the Kaggle competition of Microsoft Malware Classification Challenge (BIG 2015) dataset in this article. Practically speaking, motivated by temporal convolutional network (TCN) structure, we propose a malware categorization scheme mainly using Word2Vec pre-trained model. Considering that the popular one-hot encoding converts input names from malicious files to high-dimensional vectors since each name is represented as one dimension in one-hot vector space, more compact vectors with fewer dimensions are obtained through the use of Word2Vec pre-training strategy, and then it can lead to fewer parameters and stronger malware feature representation. Moreover, compared with long short-term memory (LSTM), TCN demonstrates better performance with longer effective memory and faster training speed in sequence modeling tasks. The experimental comparisons on this malware dataset reveal better categorization performance with less memory usage and training time. Especially, through the performance comparison between our scheme and the state-of-the-art Word2Vec-based LSTM approach, our scheme shows approximately 1.3% higher predicted accuracy than the latter on this malware categorization task. Additionally, it also demonstrates that our scheme reduces about 90 thousand parameters and more than 1 hour on the model training time in this comparison.

show abstract

Section: Methodsmentioning

confidence: 99%

Section: Pre-processingmentioning

confidence: 99%

Categorizing Malware via A Word2Vec-based Temporal Convolutional Network Scheme

et al. 2020

View full text Add to dashboard Cite

show abstract

“…In addition, the authors evaluated a variety of machine-learning-based and deep-learning-based algorithms that utilize static analysis, dynamic and image processing methods for malware detection systems. Moreover, Kang et al [32] utilized opcodes and API function names to classify malicious files into families using a word2vec model and LSTM networks. In [33], Xiao et al proposed a detection method based on two LSTM models utilizing semantic information to classify the system call sequence.…”

Section: Intelligence-based Methodsmentioning

confidence: 99%

Identifying Malicious Software Using Deep Residual Long-Short Term Memory

Alotaibi

2019

IEEE Access

View full text Add to dashboard Cite

The use of smartphone applications based on the Android OS platform is rapidly growing among smartphone users. However, malicious apps for Android are being developed to perform attacks, such as destroying operating systems, stealing confidential data, gathering personal information, and hijacking or encrypting sensitive data. Several malware detection systems based on machine learning have been developed and deployed to extract a variety of features to prevent such attacks. However, new efficient detection methods are needed to extract complex features and hidden structures from malicious apps to detect malware. This paper proposes a novel framework, namely, MalResLSTM, based on deep residual long short-term memory to identify and classify malware variants. The framework imposes a set of constraints on the deep learning architecture to capture dependencies between the extracted features from the Android package kit (APK) file. These feature sets are mapped to a vector space to process the input sequence using a sequence model based on the residual LSTM network. To evaluate the performance of the proposed framework, several experiments are conducted on the Drebin dataset, which contains 129,013 applications. The results demonstrate that MalResLSTM can achieve a 99.32% detection accuracy and outperforms previous algorithms. An extensive experimental analysis was conducted, which included machine-learningbased algorithms and a variety of deep learning-based algorithms, to evaluate the efficiency and robustness of our proposed framework.

show abstract

“…MsM2015 The MsM2015 dataset has been extensively used in literature for malware classification tasks. For example, the work by Kang et al [19] uses word-to-vec approach with an LSTM network to classify the samples in each family. As many other studies on this subject, they do not consider the binary as is but rather generate an assembly file for each sample and collect opcodes and API functions that will then constitute the bulk of the features utilized.…”

Section: Related Workmentioning

confidence: 99%

Data augmentation and transfer learning to classify malware images in a deep learning context

Marastoni

Giacobazzi

Preda

2021

J Comput Virol Hack Tech

View full text Add to dashboard Cite

In the past few years, malware classification techniques have shifted from shallow traditional machine learning models to deeper neural network architectures. The main benefit of some of these is the ability to work with raw data, guaranteed by their automatic feature extraction capabilities. This results in less technical expertise needed while building the models, thus less initial pre-processing resources. Nevertheless, such advantage comes with its drawbacks, since deep learning models require huge quantities of data in order to generate a model that generalizes well. The amount of data required to train a deep network without overfitting is often unobtainable for malware analysts. We take inspiration from image-based data augmentation techniques and apply a sequence of semantics-preserving syntactic code transformations (obfuscations) to a small dataset of programs to generate a larger dataset. We then design two learning models, a convolutional neural network and a bi-directional long short-term memory, and we train them on images extracted from compiled binaries of the newly generated dataset. Through transfer learning we then take the features learned from the obfuscated binaries and train the models against two state of the art malware datasets, each containing around 10 000 samples. Our models easily achieve up to 98.5% accuracy on the test set, which is on par or better than the present state of the art approaches, thus validating the approach.

show abstract

Long short-term memory-based Malware classification method for information security

Cited by 62 publications

References 10 publications

Categorizing Malware via A Word2Vec-based Temporal Convolutional Network Scheme

Categorizing Malware via A Word2Vec-based Temporal Convolutional Network Scheme

Identifying Malicious Software Using Deep Residual Long-Short Term Memory

Data augmentation and transfer learning to classify malware images in a deep learning context

Contact Info

Product

Resources

About