Investigation of Dual-Flow Deep Learning Models LSTM-FCN and GRU-FCN Efficiency against Single-Flow CNN Models for the Host-Based Intrusion and Malware Detection Task on Univariate Times Series Data

Čeponis, Dainius; Goranin, Nikolaj

doi:10.3390/app10072373

Cited by 16 publications

(17 citation statements)

References 67 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Deep learning is generally time-consuming, but it has proven to be more efficient in malware detection. Known malware analysis methods based on deep learning include CNN [27], deep belief network (DBN) [28], graph convolutional network (GCN) [29], long short-term memory (LSTM), gated recurrent unit (GRU) [30], and VGG16 [31]. For example, Lee et al [24] discussed how to use deep learning to analyze malware.…”

Section: Related Workmentioning

confidence: 99%

“…Pei et al [29] proposed a deep learning framework to learn embedding representations for Android malware detection, which included graph convolutional networks (GCNs) to learn semantic and sequential patterns, and an independently recurrent neural network (In-dRNN) to learn deep semantic information and extract context-dependent features for malware recognition. Čeponis and Goranin [30] suggested using dual-flow deep learning methods-such as a long short-term memory fully convolutional network (LSTM-FCN) and a gated recurrent unit (GRU)-FCN for malware recognition-and performed experiments on the Windows OS calls traces dataset (AWSCTD) but achieved best results with conventional one-dimension single flow CNN.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Windows PE Malware Detection Using Ensemble Learning

et al. 2021

View full text Add to dashboard Cite

In this Internet age, there are increasingly many threats to the security and safety of users daily. One of such threats is malicious software otherwise known as malware (ransomware, Trojans, viruses, etc.). The effect of this threat can lead to loss or malicious replacement of important information (such as bank account details, etc.). Malware creators have been able to bypass traditional methods of malware detection, which can be time-consuming and unreliable for unknown malware. This motivates the need for intelligent ways to detect malware, especially new malware which have not been evaluated or studied before. Machine learning provides an intelligent way to detect malware and comprises two stages: feature extraction and classification. This study suggests an ensemble learning-based method for malware detection. The base stage classification is done by a stacked ensemble of fully-connected and one-dimensional convolutional neural networks (CNNs), whereas the end-stage classification is done by a machine learning algorithm. For a meta-learner, we analyzed and compared 15 machine learning classifiers. For comparison, five machine learning algorithms were used: naïve Bayes, decision tree, random forest, gradient boosting, and AdaBoosting. The results of experiments made on the Windows Portable Executable (PE) malware dataset are presented. The best results were obtained by an ensemble of seven neural networks and the ExtraTrees classifier as a final-stage classifier.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Windows PE Malware Detection Using Ensemble Learning

et al. 2021

View full text Add to dashboard Cite

show abstract

“…The applicability of some more complex, dual-flow Deep Learning models, such as long short-term memory fully convolutional network (LSTM-FCN) 31 and GRU-FCN 32 is investigated by Ceponis and Goranin. 33 Compared to more simple models, which are more efficient in training and testing times, they are not producing better results. A relatively simple CNN solution with a static value of kernels parameter performed the best among the models considered, while a CNN-GRU model had the best False Positive Rate.…”

Section: Recent Developmentsmentioning

confidence: 99%

Host-based Intrusion Detection Using Signature-based and AI-driven Anomaly Detection Methods

Panagiotou¹,

Mengidis²,

Tsikrika³

et al. 2021

ISIJ

View full text Add to dashboard Cite

Cyberattacks are becoming more sophisticated, posing even greater challenges to traditional intrusion detections methods. Failure to prevent the intrusions could jeopardise security services' credibility, including data confidentiality, integrity, and availability. Anomaly-based Intrusion Detection Systems and Signature-based Intrusion Detection Systems are two types of systems that have been proposed in the literature to detect security threats. In the current work, a taxonomy of current IDSs is presented, a review of recent works is performed, and we discuss some of the most common datasets used for evaluation. Finally, the survey concludes with a discussion of future IDS research directions and broader observations.

show abstract

“…DBNs are used as an auto encoder for feature extraction to detect malware. Vasan et al [33] used handcrafted features as well as those of VGG16 and ResNet-50 CNNs to perform image-based malware classification.Čeponis and Goranin [34] analyzed the use of dual-flow deep learning methods, such as gated recurrent unit fully convolutional network (GRU-FCN) vs single-flow convolutional neural network (CNN) models for detection of malware signatures.…”

Section: Related Workmentioning

confidence: 99%

Hybrid Malware Classification Method Using Segmentation-Based Fractal Texture Analysis and Deep Convolution Neural Network Features

et al. 2020

View full text Add to dashboard Cite

As the number of internet users increases so does the number of malicious attacks using malware. The detection of malicious code is becoming critical, and the existing approaches need to be improved. Here, we propose a feature fusion method to combine the features extracted from pre-trained AlexNet and Inception-v3 deep neural networks with features attained using segmentation-based fractal texture analysis (SFTA) of images representing the malware code. In this work, we use distinctive pre-trained models (AlexNet and Inception-V3) for feature extraction. The purpose of deep convolutional neural network (CNN) feature extraction from two models is to improve the malware classifier accuracy, because both models have characteristics and qualities to extract different features. This technique produces a fusion of features to build a multimodal representation of malicious code that can be used to classify the grayscale images, separating the malware into 25 malware classes. The features that are extracted from malware images are then classified using different variants of support vector machine (SVM), k-nearest neighbor (KNN), decision tree (DT), and other classifiers. To improve the classification results, we also adopted data augmentation based on affine image transforms. The presented method is evaluated on a Malimg malware image dataset, achieving an accuracy of 99.3%, which makes it the best among the competing approaches.

show abstract

Investigation of Dual-Flow Deep Learning Models LSTM-FCN and GRU-FCN Efficiency against Single-Flow CNN Models for the Host-Based Intrusion and Malware Detection Task on Univariate Times Series Data

Cited by 16 publications

References 67 publications

Windows PE Malware Detection Using Ensemble Learning

Windows PE Malware Detection Using Ensemble Learning

Host-based Intrusion Detection Using Signature-based and AI-driven Anomaly Detection Methods

Hybrid Malware Classification Method Using Segmentation-Based Fractal Texture Analysis and Deep Convolution Neural Network Features

Contact Info

Product

Resources

About