Control Flow Graph Based Multiclass Malware Detection Using Bi-normal Separation

Kapoor, Akshay; Dhavale, Sunita Vikrant

doi:10.14429/dsj.66.9701

Cited by 26 publications

(14 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…e DREBIN [22] method proposed by Arp et al uses a linear support vector machine (SVM) to analyze high-dimensional binary features. Kapoor and Dhavale [23] used opcodes combined with control flow graphs generated by extracting source code to perform malware classification. Nataraj and Manjunath [24] cleverly used another method to detect malware by converting binary files into grayscale images.…”

Section: Related Workmentioning

confidence: 99%

Anticoncept Drift Method for Malware Detector Based on Generative Adversarial Network

Dai

Qian

et al. 2021

Security and Communication Networks

View full text Add to dashboard Cite

The number of new malware has been increasing year by year, and the construction of the malware sample space is also changing with time. The existing research studies on malware detection mainly focus on how to improve detection performance and how to effectively detect the evasion malware and improve the detection performance of adversarial samples, while ignoring the concept drift of malware samples over time. The concept drift of the sample will lead to the aging of the detector model, thus resulting in the reduction of the detection accuracy. Concerning this problem, we proposed a malware sample generator based on auxiliary classifier GAN, according to the malware samples generated, to train the detection model. In this paper, the API call sequence is used as a feature to train the improved generative adversarial network, and the trained generator model is used to generate samples that simulate concept drift for the purpose of training detection models. Meanwhile, using the detection results of the detector as the training set again, the generator is used to generate samples, so as to repeatedly train the detection model and improve the anticoncept drift performance of the monitoring model. In this paper, real malware samples and generated samples are used to train the detector model, and malware samples are segmented in a linear time sequence as test sets to verify the effectiveness of the proposed method. The results reveal that the framework can maintain good detection accuracy and effectively mitigate the aging of the detector in a longer time dimension.

show abstract

Section: Related Workmentioning

confidence: 99%

Anticoncept Drift Method for Malware Detector Based on Generative Adversarial Network

Dai

Qian

et al. 2021

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…Arp et al [24] used multiple vector combinations based on semantics and syntax to detect malware for Android and document files. Kapoor and Dhavale [25] disassemble executable files and generate control flow graphs, then extract features from n-grams and extract features grading, and finally used information gain to feature dimensionality reduction and using machine learning algorithms to detect malware. Nguyen et al [26] proposed an enhanced form of control flow graph, and converted the control flow graph into an image, then used deep learning to detect malware.…”

Section: Literature Reviewmentioning

confidence: 99%

SMASH: A Malware Detection Method Based on Multi-Feature Ensemble Learning

Dai

Qian

et al. 2019

IEEE Access

View full text Add to dashboard Cite

With the increasing variants of malware, it is of great significance to detect malware and ensure system security effectively. The existing malware dynamic detection methods are vulnerable to evasion attacks. For this situation, we propose a malware dynamic detection method based on mufti-feature ensemble learning. Firstly, the method adopts the combination of software features such as API call sequence with high detection precision and low-level hardware features such as resistance to evasion the memory dump grayscale and hardware performance counters. Secondly, we improve each feature based on the original research. We select a more advanced classifier model to improve the detection precision of a single feature. Finally, an ensemble learning algorithm composed of multiple classification algorithms detects malware, the multi-features can describe malware behavior from multi-dimensions to improve detection performance. We use a large number of malware sample dataset to experiment, and the results show that our detection method can obtain good detection precision rate, and is better than other recently proposed dynamic detection methods in anti-evasion performance.

show abstract

“…In conjunction with formal methods, these approaches achieve excellent accuracy, but the analysis is timeconsuming and requires domain-level expertise for the temporal logic formulae generation [7]. Instead, most machine learning approaches are adaptive, generally more efficient, and rely on static analysis features included in the graphs, such as opcodes frequencies [8] and control/data dependencies [9] In this paper, we propose a malware family classification method based solely on the CG topology. This way, it is possible to show that the approach is intrinsically robust to intra-procedural obfuscation techniques.…”

Section: Introductionmentioning

confidence: 99%

Robust Malware Classification via Deep Graph Networks on Call Graph Topologies

Errica¹,

Iadarola²,

Martinelli³

et al. 2021

ESANN 2021 Proceedings

View full text Add to dashboard Cite

We propose a malware classification system that is shown to be robust to some common intra-procedural obfuscation techniques. Indeed, by training the Contextual Graph Markov Model on the call graph representation of a program, we classify it using only topological information, which is unaffected by such obfuscations. In particular, we show that the structure of the call graph is sufficient to achieve good accuracy on a multi-class classification benchmark.

show abstract

Control Flow Graph Based Multiclass Malware Detection Using Bi-normal Separation

Cited by 26 publications

References 7 publications

Anticoncept Drift Method for Malware Detector Based on Generative Adversarial Network

Anticoncept Drift Method for Malware Detector Based on Generative Adversarial Network

SMASH: A Malware Detection Method Based on Multi-Feature Ensemble Learning

Robust Malware Classification via Deep Graph Networks on Call Graph Topologies

Contact Info

Product

Resources

About