Early-stage malware prediction using recurrent neural networks

Rhode, Matilda; Burnap, Pete; Jones, Kevin

doi:10.1016/j.cose.2018.05.010

Cited by 233 publications

(166 citation statements)

References 26 publications

Supporting

Mentioning

164

Contrasting

Unclassified

Order By: Relevance

“…However, dynamic analysis approaches are also imperfect. It is reported in [3,[5][6][7][8][9] that smart malware can detect whether it runs on a virtual or real environment. Moreover, smart malware can modify their behavior by hiding their malicious code to avoid detection.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

An Ensemble-Based Malware Detection Model Using Minimum Feature Set

Zelinka

Amer²

2019

mendel

View full text Add to dashboard Cite

Current commercial antivirus detection engines still rely on signature-based methods. However, with the huge increase in the number of new malware, current detection methods become not suitable. In this paper, we introduce a malware detection model based on ensemble learning. The model is trained using the minimum number of signification features that are extracted from the file header. Evaluations show that the ensemble models slightly outperform individual classification models. Experimental evaluations show that our model can predict unseen malware with an accuracy rate of 0.998 and with a false positive rate of 0.002. The paper also includes a comparison between the performance of the proposed model and with different machine learning techniques. We are emphasizing the use of machine learning based approaches to replace conventional signature-based methods.

show abstract

Section: Related Workmentioning

confidence: 99%

“…However, non-signature based approaches can be vulnerable to false positives or false negatives results. Technically, it identifies normal benign files as malware and incapable to detect malware in the latter case [5][6][7]. However, it totally avoids the attack window time.…”

Section: Introductionmentioning

confidence: 99%

An Ensemble-Based Malware Detection Model Using Minimum Feature Set

Zelinka

Amer²

2019

mendel

View full text Add to dashboard Cite

show abstract

“…Then, we use the method CG to solve the weighted least squares problem (20). The major work of the online algorithm KMCCG lies in the update of the Gram matrix G M and the coefficient vector η M .…”

Section: Kernel Mixture Correntropy Conjugate Gradient Algorithmmentioning

confidence: 99%

“…With the rapid advancement of Internet technology [19], the issue of network security imposes huge challenges to the Internet. Specifically, the demand for malware analysis has become increasingly urgent, and practitioners and researchers have been making progress in the field of malware prediction and detection [20]. Usually, malware is able to implement intention by calling the existing application programming interface (API) in the system.…”

Section: Introductionmentioning

confidence: 99%

Kernel Mixture Correntropy Conjugate Gradient Algorithm for Time Series Prediction

Xue

Luo

Gao

et al. 2019

Entropy

View full text Add to dashboard Cite

Kernel adaptive filtering (KAF) is an effective nonlinear learning algorithm, which has been widely used in time series prediction. The traditional KAF is based on the stochastic gradient descent (SGD) method, which has slow convergence speed and low filtering accuracy. Hence, a kernel conjugate gradient (KCG) algorithm has been proposed with low computational complexity, while achieving comparable performance to some KAF algorithms, e.g., the kernel recursive least squares (KRLS). However, the robust learning performance is unsatisfactory, when using KCG. Meanwhile, correntropy as a local similarity measure defined in kernel space, can address large outliers in robust signal processing. On the basis of correntropy, the mixture correntropy is developed, which uses the mixture of two Gaussian functions as a kernel function to further improve the learning performance. Accordingly, this article proposes a novel KCG algorithm, named the kernel mixture correntropy conjugate gradient (KMCCG), with the help of the mixture correntropy criterion (MCC). The proposed algorithm has less computational complexity and can achieve better performance in non-Gaussian noise environments. To further control the growing radial basis function (RBF) network in this algorithm, we also use a simple sparsification criterion based on the angle between elements in the reproducing kernel Hilbert space (RKHS). The prediction simulation results on a synthetic chaotic time series and a real benchmark dataset show that the proposed algorithm can achieve better computational performance. In addition, the proposed algorithm is also successfully applied to the practical tasks of malware prediction in the field of malware analysis. The results demonstrate that our proposed algorithm not only has a short training time, but also can achieve high prediction accuracy.

show abstract

“…Moreover, behavioral modeling with recurrent neural networks can be applied in various tasks, e.g. identifying behavior of malware files [23], and binding the approach to users' profiles is a restriction. As it was mentioned by Sommer and Paxson [1] understanding of the exact system and types of interactions is very critical in cybersecurity tasks.…”

Section: Related Workmentioning

confidence: 99%

System Misuse Detection Via Informed Behavior Clustering and Modeling

Adilova

Natious

Chen³

et al. 2019

2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W)

View full text Add to dashboard Cite

One of the main tasks of cybersecurity is recognizing malicious interactions with an arbitrary system. Currently, the logging information from each interaction can be collected in almost unrestricted amounts, but identification of attacks requires a lot of effort and time of security experts. We propose an approach for identifying fraud activity through modeling normal behavior in interactions with a system via machine learning methods, in particular LSTM neural networks. In order to enrich the modeling with system specific knowledge, we propose to use an interactive visual interface that allows security experts to identify semantically meaningful clusters of interactions. These clusters incorporate domain knowledge and lead to more precise behavior modeling via informed machine learning. We evaluate the proposed approach on a dataset containing logs of interactions with an administrative interface of login and security server. Our empirical results indicate that the informed modeling is capable of capturing normal behavior, which can then be used to detect abnormal behavior.

show abstract

Early-stage malware prediction using recurrent neural networks

Cited by 233 publications

References 26 publications

An Ensemble-Based Malware Detection Model Using Minimum Feature Set

An Ensemble-Based Malware Detection Model Using Minimum Feature Set

Kernel Mixture Correntropy Conjugate Gradient Algorithm for Time Series Prediction

System Misuse Detection Via Informed Behavior Clustering and Modeling

Contact Info

Product

Resources

About