Static malware clustering using enhanced deep embedding method

Ng, C. K.; Jiang, Frank; Zhang, Leo Yu; Zhou, Wanlei

doi:10.1002/cpe.5234

Cited by 13 publications

(5 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, the performance of clustering techniques highly relies on the orthogonality of the features, which is often not trivial for the malware analysis. Ng et al propose an enhanced deep‐embedded clustering method to facilitate an effective and efficient malware clustering process. That is, Ng et al train a deep learning model consisting of an autoencoder and an autodecoder along with the soft assignment to obtain orthogonal malware features.…”

Section: System Securitymentioning

confidence: 99%

“…Ng et al propose an enhanced deep‐embedded clustering method to facilitate an effective and efficient malware clustering process. That is, Ng et al train a deep learning model consisting of an autoencoder and an autodecoder along with the soft assignment to obtain orthogonal malware features. The associated experiments in the paper report a solid performance and indicate a promising future of this technique.…”

Section: System Securitymentioning

confidence: 99%

“…However, the performance of clustering techniques highly relies on the orthogonality of the features, which is often not trivial for the malware analysis. Ng et al4 propose an enhanced deep-embedded clustering method to facilitate an effective and efficient…”

mentioning

confidence: 99%

See 2 more Smart Citations

Editorial: Recent advances in machine learning for cybersecurity

Pan

Zhang

Oliver³

2019

Concurrency and Computation

View full text Add to dashboard Cite

Section: System Securitymentioning

confidence: 99%

Section: System Securitymentioning

confidence: 99%

See 1 more Smart Citation

Editorial: Recent advances in machine learning for cybersecurity

Pan

Zhang

Oliver³

2019

Concurrency and Computation

View full text Add to dashboard Cite

“…To date, various multi-label feature selection (MFS) methods have been proposed. 12,[19][20][21] Roughly, these methods can be divided into three categories: wrapper, 22,23 embedded, 24,25 and filter. 26,27 The wrapper approach relies on a predefined learning method to perform a heuristic search across all possible feature subsets.…”

Section: Introductionmentioning

confidence: 99%

Neighborhood rough set based multi‐label feature selection with label correlation

Liu

et al. 2022

Concurrency and Computation

View full text Add to dashboard Cite

Summary Neighborhood rough set (NRS) is considered as an effective tool for feature selection and has been widely used in processing high‐dimensional data. However, most of the existing methods are difficult to deal with multi‐label data and are lack of considering label correlation (LC), which is an important issue in multi‐label learning. Therefore, in this article, we introduce a new NRS model with considering LC. First, we explore LC by calculating the similarity relation between labels and divide the related labels into several label subsets. Then, a new neighborhood relation is proposed, which can solve the problem of neighborhood granularity selection by using the nearest neighbor information distribution of instances under the related labels. On this basis, the NRS model is reconstructed by embedding LC information, and the related properties of the model are discussed. Moreover, we design a new feature significance function to evaluate the quality of features, which can well capture the specific relationship between features and labels. Finally, a greedy forward feature selection algorithm is designed. Extensive experiments which are conducted on different types of datasets verify the effectiveness of the proposed algorithm.

show abstract

“…The latter form of analysis requires execution of the malicious code [35] in a controlled setup, i.e., sandbox and is often slow, resource intensive and not suitable for the deployment in the production environment which are also discussed in by [22]. Moreover, due to geometric rise in zero-day malware, existing approaches have become less efficient for detection of zero-day attacks and there is a dire need of automated malware detection and classification system equipped with the machine learning techniques [9].The machine learning can be either supervised or unsupervised, i.e., supervised learning or discriminative deep architectures conducts the training over labelled data, i.e., classification, regression or predictive analytics whereas unsupervised learning or so called generative architectures draws inferences from datasets consisting of input data without labels [43].…”

Section: Introductionmentioning

confidence: 99%

PROUD-MAL: static analysis-based progressive framework for deep unsupervised malware classification of windows portable executable

Rizvi

Aslam

Shahzad

et al. 2021

Complex Intell. Syst.

View full text Add to dashboard Cite

Enterprises are striving to remain protected against malware-based cyber-attacks on their infrastructure, facilities, networks and systems. Static analysis is an effective approach to detect the malware, i.e., malicious Portable Executable (PE). It performs an in-depth analysis of PE files without executing, which is highly useful to minimize the risk of malicious PE contaminating the system. Yet, instant detection using static analysis has become very difficult due to the exponential rise in volume and variety of malware. The compelling need of early stage detection of malware-based attacks significantly motivates research inclination towards automated malware detection. The recent machine learning aided malware detection approaches using static analysis are mostly supervised. Supervised malware detection using static analysis requires manual labelling and human feedback; therefore, it is less effective in rapidly evolutionary and dynamic threat space. To this end, we propose a progressive deep unsupervised framework with feature attention block for static analysis-based malware detection (PROUD-MAL). The framework is based on cascading blocks of unsupervised clustering and features attention-based deep neural network. The proposed deep neural network embedded with feature attention block is trained on the pseudo labels. To evaluate the proposed unsupervised framework, we collected a real-time malware dataset by deploying low and high interaction honeypots on an enterprise organizational network. Moreover, endpoint security solution is also deployed on an enterprise organizational network to collect malware samples. After post processing and cleaning, the novel dataset consists of 15,457 PE samples comprising 8775 malicious and 6681 benign ones. The proposed PROUD-MAL framework achieved an accuracy of more than 98.09% with better quantitative performance in standard evaluation parameters on collected dataset and outperformed other conventional machine learning algorithms. The implementation and dataset are available at https://bit.ly/35Sne3a.

show abstract

Static malware clustering using enhanced deep embedding method

Cited by 13 publications

References 30 publications

Editorial: Recent advances in machine learning for cybersecurity

Editorial: Recent advances in machine learning for cybersecurity

Neighborhood rough set based multi‐label feature selection with label correlation

PROUD-MAL: static analysis-based progressive framework for deep unsupervised malware classification of windows portable executable

Contact Info

Product

Resources

About