Malware Classification Using Probability Scoring and Machine Learning

Xue, Di; Li, Jingmei; Lv, Tu; Wu, Weifei; Wang, Jiaxiang

doi:10.1109/access.2019.2927552

Cited by 47 publications

(20 citation statements)

References 46 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In our previous study [7], it has been demonstrated that the opcode sequences captured by variable-length n-grams (n � 2, 3, 4) are more meaningful than fixed-length n-grams.…”

Section: Opcode Sequence Feature Extraction and Selectionmentioning

confidence: 99%

See 1 more Smart Citation

Incremental Learning for Malware Classification in Small Datasets

Xue

et al. 2020

Security and Communication Networks

Self Cite

View full text Add to dashboard Cite

Information security is an important research area. As a very special yet important case, malware classification plays an important role in information security. In the real world, the malware datasets are open-ended and dynamic, and new malware samples belonging to old classes and new classes are increasing continuously. This requires the malware classification method to enable incremental learning, which can efficiently learn the new knowledge. However, existing works mainly focus on feature engineering with machine learning as a tool. To solve the problem, we present an incremental malware classification framework, named “IMC,” which consists of opcode sequence extraction, selection, and incremental learning method. We develop an incremental learning method based on multiclass support vector machine (SVM) as the core component of IMC, named “IMCSVM,” which can incrementally improve its classification ability by learning new malware samples. In IMC, IMCSVM adds the new classification planes (if new samples belong to a new class) and updates all old classification planes for new malware samples. As a result, IMC can improve the classification quality of known malware classes by minimizing the prediction error and transfer the old model with known knowledge to classify unknown malware classes. We apply the incremental learning method into malware classification, and the experimental results demonstrate the advantages and effectiveness of IMC.

show abstract

“…In our previous study [7], it has been demonstrated that the opcode sequences captured by variable-length n-grams (n � 2, 3, 4) are more meaningful than fixed-length n-grams.…”

Section: Opcode Sequence Feature Extraction and Selectionmentioning

confidence: 99%

“…So far, malware classification methods mainly focus on feature engineering, which need to extract features from malware or visualization images, for example, API calls [6,7], system calls [8,9], and opcode sequences [10,11]. e malware classification framework in our work is closely related to opcode sequences and SVM.…”

Section: Malware Classificationmentioning

confidence: 99%

Incremental Learning for Malware Classification in Small Datasets

Xue

et al. 2020

Security and Communication Networks

Self Cite

View full text Add to dashboard Cite

show abstract

“…To overcome the drawbacks of code obfuscation and high computational costs of analysing malware, Xue et al [137] recently proposed Malscore, which is based on the probability scoring and machine learning. The purpose of probability scoring is to decide if static analysis needs to concatenate with dynamic analysis.…”

Section: Neural Network-based Methodsmentioning

confidence: 99%

A Review of Computer Vision Methods in Network Security

Zhao

Masood

Seneviratne

2021

IEEE Commun. Surv. Tutorials

View full text Add to dashboard Cite

Network security has become an area of significant importance more than ever as highlighted by the eye-opening numbers of data breaches, attacks on critical infrastructure, and malware/ransomware/cryptojacker attacks that are reported almost every day. Increasingly, we are relying on networked infrastructure and with the advent of IoT, billions of devices will be connected to the internet, providing attackers with more opportunities to exploit. Traditional machine learning methods have been frequently used in the context of network security. However, such methods are more based on statistical features extracted from sources such as binaries, emails, and packet flows.On the other hand, recent years witnessed a phenomenal growth in computer vision mainly driven by the advances in the area of convolutional neural networks. At a glance, it is not trivial to see how computer vision methods are related to network security. Nonetheless, there is a significant amount of work that highlighted how methods from computer vision can be applied in network security for detecting attacks or building security solutions. In this paper, we provide a comprehensive survey of such work under three topics; i) phishing attempt detection, ii) malware detection, and iii) traffic anomaly detection. Next, we review a set of such commercial products for which public information is available and explore how computer vision methods are effectively used in those products. Finally, we discuss existing research gaps and future research directions, especially focusing on how network security research community and the industry can leverage the exponential growth of computer vision methods to build much secure networked systems.

show abstract

“…The study utilizes the convolutional neural networks (CNN) for classification and achieved 99.97% and 98.52% accuracy on Microsoft and Malimg datasets, respectively. A malware classification system called 'Malscore' was proposed in [10] which is based on machine learning models and probability scoring. The proposed system works in two phases, where, CNN is utilized with spatial pyramid pooling to examine grayscale images in phase 1, and several n-grams and ML models have been integrated to examine the dynamic features in phase 2.…”

Section: Literature Reviewmentioning

confidence: 99%

Malicious Traffic Detection in IoT and Local Networks Using Stacked Ensemble Classifier

Petinrin¹,

Saeed²,

Li³

et al. 2022

Computers, Materials &Amp; Continua

View full text Add to dashboard Cite

Malicious traffic detection over the internet is one of the challenging areas for researchers to protect network infrastructures from any malicious activity. Several shortcomings of a network system can be leveraged by an attacker to get unauthorized access through malicious traffic. Safeguard from such attacks requires an efficient automatic system that can detect malicious traffic timely and avoid system damage. Currently, many automated systems can detect malicious activity, however, the efficacy and accuracy need further improvement to detect malicious traffic from multi-domain systems. The present study focuses on the detection of malicious traffic with high accuracy using machine learning techniques. The proposed approach used two datasets UNSW-NB15 and IoTID20 which contain the data for IoT-based traffic and local network traffic, respectively. Both datasets were combined to increase the capability of the proposed approach in detecting malicious traffic from local and IoT networks, with high accuracy. Horizontally merging both datasets requires an equal number of features which was achieved by reducing feature count to 30 for each dataset by leveraging principal component analysis (PCA). The proposed model incorporates stacked ensemble model extra boosting forest (EBF) which is a combination of tree-based models such as extra tree classifier, gradient boosting classifier, and random forest using a stacked ensemble approach. Empirical results show that EBF performed significantly better and achieved the highest accuracy score of 0.985 and 0.984 on the multi-domain dataset for two and four classes, respectively.

show abstract

Malware Classification Using Probability Scoring and Machine Learning

Cited by 47 publications

References 46 publications

Incremental Learning for Malware Classification in Small Datasets

Incremental Learning for Malware Classification in Small Datasets

A Review of Computer Vision Methods in Network Security

Malicious Traffic Detection in IoT and Local Networks Using Stacked Ensemble Classifier

Contact Info

Product

Resources

About