A new classification based model for malicious PE files detection
Автор: Imad Abdessadki, Saiida Lazaar
Журнал: International Journal of Computer Network and Information Security @ijcnis
Статья в выпуске: 6 vol.11, 2019 года.
Бесплатный доступ
Malware presents a major threat to the security of computer systems, smart devices, and applications. It can also endanger sensitive data by modifying or destroying them. Thus, electronic exchanges through different communicating entities can be compromised. However, currently used signature-based methods cannot provide accurate detection of zero-day attacks, polymorphic and metamorphic programs which have the ability to change their code during propagation. In order to solve this issue, static and dynamic malware analysis is being used along with machine learning algorithms for malware detection and classification. Machine learning methods play an important role in automated malware detection. Several approaches have been applied to classify and to detect malware. The most challenging task is selecting a rele-vant set of features from a large dataset so that the classification model can be built in less time with higher accuracy. The purpose of this work is firstly to make a general review on the existing classification and detection methods, and secondly to develop an automated system to detect malicious Portable Executable files based on their headers with low performance and more efficiency. Experimental results will be presented for the best classifier selected in this study, namely Random Forest; accuracy and time performance will be discussed.
Malware detection, Portable Executable, Malware classification, Machine learning, Random Forest, Unknown malware
Короткий адрес: https://sciup.org/15015690
IDR: 15015690 | DOI: 10.5815/ijcnis.2019.06.01
Список литературы A new classification based model for malicious PE files detection
- AV-TEST, https://www.av-test.org/en/statistics/malware/, Accessed: December, 2018.
- “Ransomware Attack Still Looms in Australia as Gov-ernment Warns Wannacry Threat not Over”, https://www.abc.net.au/news/2017-05-15/ransomware-attack-to-hit-victims-in-australia-government-says/8526346, 2017, Accessed: December, 2018.
- Gizmodo, “Today's Massive Ransomware Attack was Mostly Preventable; here's how to Avoid it”, https://gizmodo.com/ today-s-massive-ransomware-attack-was-mostly-preventabl-1795179984, 2017, Accessed: De-cember, 2018.
- G. Suarez-Tangil, J. E. Tapiador, P. Peris-Lopez, A. Ribagorda, “Evolution, Detection and Analysis of Malware For Smart Devices,” IEEE Communications Surveys & Tutorials, Vol. 16, No. 2, pp. 961-987, 2014, DOI:10.1109/SURV.2013.101613.00077.
- Reinsurancene, “Total Wannacry Losses Pegged at $4 Billion”, https://www.reinsurancene.ws/total-wannacry-losses-pegged-4-billion/, 2017, Accessed: December, 2018.
- D. Kushner, “The Real Story of Stuxnet,” IEEE Spectrum, Vol. 50, No. 3, pp. 48-53, 2013, DOI: 10.1109/MSPEC.2013.6471059.
- J. Fruhlinger, “What is Stuxnet, who Created it and how does it Work?”, csoonline , https://www.csoonline.com/article/ 3218104/what-is-stuxnet-who-created-it-and-how-does-it-work.html, 2017, Accessed: December, 2018.
- Statista , “Number of Smartphone Users Worldwide from 2014 to 2020”, https://www.statista.com/statistics/330695/number-of-smartphone-users-worldwide/, 2019, Accessed: January, 2019.
- A. Hellal, L. B. Romdhane, “Minimal Contrast Frequent Pattern Mining for Malware Detection,” Computers & Se-curity, Vol. 62, pp. 19-32, 2016, DOI: 10.1016/j.cose.2016.06.004.
- S. Jain and Y. K. Meena. “Byte Level N-Gram Analysis for Malware Detection,” Computer networks and intelligent computing, Springer, pages 51-59, 2011, DOI: 10.1007/978-3-642-22786-8_6.
- B. Kolosnjaji, A. Zarras, G. Webster,C. Eckert, "Deep Learning for Classification of Malware System Call Se-quences," AI 2016: Advances in Artificial Intelligence. Lecture Notes in Computer Science, Springer, Cham, vol 9992, pp 137-149, 2016, DOI: 10.1007/978-3-319-50127-7_11.
- A. Malhotra, K. Bajaj, “A Hybrid Pattern Based Text Min-ing Approach for Malware Detection Using DBscan,” CSI Transactions on ICT, Vol. 4, pp. 141–149, 2016, DOI: 10.1007/s40012-016-0095-y.
- A. Shabtai, U. Kanonov, Y. Elovici, C. Glezer, Y. Weiss, “"Andromaly": A Behavioral Malware Detection Frame-work for Android Devices,” Journal of Intelligent Infor-mation Systems, Vol. 38, pp. 161-190, 2012, DOI: 10.1007/s10844-010-0148-x.
- A. Souri, R. Hosseini, “A State-of-the-Art Survey of Malware Detection Approaches Using Data Mining Tech-niques,” Human-centric Computing and Information Sci-ences, Vol. 8, pp. 1-22, 2018, DOI: 10.1186/s13673-018-0125-x.
- K. Rieck, T. Holz, C. Willems, P. Düssel, P. Laskov, “Learning and Classification of Malware Behavior,” Pro-ceedings of the 5th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA), Paris, France Vol 5137. Springer, Berlin, Hei-delberg, 2008, DOI: 10.1007/978-3-540-70542-0_6.
- S. Jain, Y. K. Meena, “Byte Level n–Gram Analysis for Malware Detection,” Venugopal K.R., Patnaik L.M. (eds) Computer Networks and Intelligent Computing. ICIP 2011. Communications in Computer and Information Science, Springer, Berlin, Heidelberg, Vol 157, pp. 51-59, 2011, DOI: 10.1007/978-3-642-22786-8_6.
- J. Bai, J. Wang, G. Zou, “A Malware Detection Scheme Based on Mining Format Information,” The Scientific World Journal, Vol. 2014, Article ID 260905, pp. 1-11, 2014, DOI: 10.1155/2014/260905.
- Y. Liao, “Pe-Header-Based Malware Study and Detection,” Retrieved from the University of Georgia, 2012,
- A. Makandar, A. Patrot, “Malware Class Recognition Using Image Processing Techniques,” International Con-ference on Data Management, Analytics and Innovation (ICDMAI), Pune, pp. 76-80, 2017, DOI: 10.1109/ICDMAI.2017.8073489.
- L. Nataraj, S. Karthikeyan, G.Jacob, B. S. Manjunath, “Malware images: visualization and automatic classifica-tion,” Proceedings of the 8th International Symposium on Visualization for Cyber Security (VizSec '11). ACM, New York, NY, USA, Article 4, pp. 1-7, 2011, DOI: 10.1145/2016904.2016908.
- M. Bailey, J. Oberheide, J. Andersen, Z.M. Mao, F. Jaha-nian, J. Nazario, “Automated Classification and Analysis of Internet Malware,” 12th International Symposium on Recent Advances in Intrusion Detection, Springer, Berlin, Heidelberg, Vol 4637, pp. 178-197, 2007, DOI: 10.1007/978-3-540-74320-0_10.
- M. S. Gadelrab, M. ElSheikh, M. A. Ghoneim, M. Rashwan, "BotCap: Machine Learning Approach for Bot-net Detection Based on Statistical Features," International Journal of Computer Network and Information Security (IJCNIS), Vol.10, No.3, pp. 563-579, 2018
- C. Kolbitsch, P. M. Comparetti, C. Kruegel, E. Kirda, X. Y. Zhou, X. Wang, “Effective and Efficient Malware De-tection at the End Host,” USENIX security symposium, Vol 4, pages 351-366, 2009.
- M. Norouzi, A. Souri, M. S. Zamini, “A Data Mining Classification Approach for Behavioral Malware Detec-tion,” Journal of Computer Networks and Communications, Vol. 2016, Article ID 8069672, pp. 1-9, 2016, DOI: 10.1155/2016/8069672.
- I. Firdausi, C. lim, A. Erwin, A. S. Nugroho, “Analysis of Machine learning Techniques Used in Behavior-Based Malware Detection,” 2010 Second International Conference on Advances in Computing, Control, and Telecom-munication Technologies, Jakarta, pp. 201-203, 2010, DOI: 10.1109/ACT.2010.33.
- M. Alazab, S. Venkatraman, P. Watters, M. Alazab, “Zero-day Malware Detection Based on Supervised Learning Algorithms of API Call Signatures,” Proceedings of the Ninth Australasian Data Mining Conference, Vol. 121, pp. 171-182, 2011.
- J-Michael Robert, “Virusshare”, https://virusshare.com, 2018
- E. Carrera, “Pefile 2018.8.8”, https://pypi.org/project/pefile/, 2018.
- T. Wüchner, A. Cisłak, M. Ochoa and A. Pretschner, "Leveraging Compression-Based Graph Mining for Be-havior-Based Malware Detection," IEEE Transactions on Dependable and Secure Computing, vol. 16, no. 1, pp. 99-112, 2017, DOI: 10.1109/TDSC.2017.2675881.
- M. Chowdhury, A. Rahman, R. Islam, "Malware Analysis and Detection Using Data Mining and Machine Learning Classification," International Conference on Applications and Techniques in Cyber Security and Intelligence, Vol 580, pp. 266-274, 2018, DOI: 10.1007/978-3-319-67071-3_33.
- Bat-Erdene, Munkhbayar and Park, Hyundo and Li, Hongzhe and Lee, Heejo and Choi, Mahn-Soo, “Entropy Analysis to Classify Unknown Packing Algorithms for Malware Detection,” International Journal of Information Security, Vol. 16, pp. 227—248, 2017, DOI: 10.1007/s10207-016-0330-4.
- B. R. Babak, S. Maryam, K. H. N. Mohammad, "Malware classification and detection using artificial neural network," Journal of Engineering Science and Technology, Vol. 13, pp. 14-23, 2018.
- R. Vinayakumar, M. Alazab, K. P. Soman, P. Poorna-chandran and S. Venkatraman, "Robust Intelligent Malware Detection Using Deep Learning," IEEE Access, vol. 7, pp. 46717-46738, 2019. DOI: 10.1109/ACCESS.2019.2906934