SMASH: A Malware Detection Method Based on Multi-Feature Ensemble Learning

Dai, Yusheng; Li, Hui; Qian, Yekui; Yang, Ruipeng; Zheng, Min

doi:10.1109/access.2019.2934012

Cited by 32 publications

(14 citation statements)

References 36 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Smutz and Stavrou [7] proposed using the method of ensemble learning to detect malware through mutual agreement analysis. Dai et al [11,28] also used a variety of features combined with the ensemble learning methods to achieve good detection rates in terms of detection performance and anti-evasion.…”

Section: Related Workmentioning

confidence: 99%

“…In addition, research on preventing concept drift focuses on the method of ensemble learning because the diversity of internal detectors in ensemble learning can well summarize the conceptual diversity of samples and improves the generalization ability of models [15]. But, in the field of malware detection, although these researches also use ensemble learning methods [7,11], their focus is on the behavioral deviation of malware and does not consider the impact of time deviation [10].…”

Section: Related Workmentioning

confidence: 99%

“…e deviation of the sample usually caused the aging of the detector model, which was an unavoidable problem in machine learning. e purpose of most researches in malware was to improve the precision of detecting malware and the detection of evasion problems that occurred in the malware itself [7,11,12]. In spite of the continuous improvement of malware technology, new malware of the same type or in the same family emerged one after another (sample concept drift), which was an evasion problem in itself [8], and most researches failed to deal with it.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Anticoncept Drift Method for Malware Detector Based on Generative Adversarial Network

Dai

Qian

et al. 2021

Security and Communication Networks

Self Cite

View full text Add to dashboard Cite

The number of new malware has been increasing year by year, and the construction of the malware sample space is also changing with time. The existing research studies on malware detection mainly focus on how to improve detection performance and how to effectively detect the evasion malware and improve the detection performance of adversarial samples, while ignoring the concept drift of malware samples over time. The concept drift of the sample will lead to the aging of the detector model, thus resulting in the reduction of the detection accuracy. Concerning this problem, we proposed a malware sample generator based on auxiliary classifier GAN, according to the malware samples generated, to train the detection model. In this paper, the API call sequence is used as a feature to train the improved generative adversarial network, and the trained generator model is used to generate samples that simulate concept drift for the purpose of training detection models. Meanwhile, using the detection results of the detector as the training set again, the generator is used to generate samples, so as to repeatedly train the detection model and improve the anticoncept drift performance of the monitoring model. In this paper, real malware samples and generated samples are used to train the detector model, and malware samples are segmented in a linear time sequence as test sets to verify the effectiveness of the proposed method. The results reveal that the framework can maintain good detection accuracy and effectively mitigate the aging of the detector in a longer time dimension.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Anticoncept Drift Method for Malware Detector Based on Generative Adversarial Network

Dai

Qian

et al. 2021

Security and Communication Networks

Self Cite

View full text Add to dashboard Cite

show abstract

“…More generic and stable approaches are therefore required to solve these problems. Researchers are developing ensemble classifiers [33][34][35][36][37] that are less vulnerable to the limitations of malware datasets. Ensemble methods [38,39] combine multiple machine learning algorithms to improve final prediction accuracy while minimizing the risk of overfitting in the training outcomes so that the training dataset can be used more efficiently and, as a consequence, higher generalization can be attained.…”

Section: Related Workmentioning

confidence: 99%

Windows PE Malware Detection Using Ensemble Learning

et al. 2021

View full text Add to dashboard Cite

In this Internet age, there are increasingly many threats to the security and safety of users daily. One of such threats is malicious software otherwise known as malware (ransomware, Trojans, viruses, etc.). The effect of this threat can lead to loss or malicious replacement of important information (such as bank account details, etc.). Malware creators have been able to bypass traditional methods of malware detection, which can be time-consuming and unreliable for unknown malware. This motivates the need for intelligent ways to detect malware, especially new malware which have not been evaluated or studied before. Machine learning provides an intelligent way to detect malware and comprises two stages: feature extraction and classification. This study suggests an ensemble learning-based method for malware detection. The base stage classification is done by a stacked ensemble of fully-connected and one-dimensional convolutional neural networks (CNNs), whereas the end-stage classification is done by a machine learning algorithm. For a meta-learner, we analyzed and compared 15 machine learning classifiers. For comparison, five machine learning algorithms were used: naïve Bayes, decision tree, random forest, gradient boosting, and AdaBoosting. The results of experiments made on the Windows Portable Executable (PE) malware dataset are presented. The best results were obtained by an ensemble of seven neural networks and the ExtraTrees classifier as a final-stage classifier.

show abstract

“…It is more robust to obfuscation techniques. Dai et al [16] extracted the API sequence, file operations and underlying hardware characteristics, etc., to classify malware based on the ensemble learning algorithm. Mohaisen et al [17] obtained file operations, CPU register operations, and network communication by executing the malware in a virtual machine, and classify malware based on machine learning algorithms.…”

Section: Malware Detection Based On Dynamic Featuresmentioning

confidence: 99%

File Entropy Signal Analysis Combined With Wavelet Decomposition for Malware Classification

Guo

Huang

et al. 2020

IEEE Access

View full text Add to dashboard Cite

With the rapid development of the Internet, malware variants have increased exponentially, which poses a key threat to cyber security. Persistent efforts have been made to classify malware variants, but there are still many challenges, including the incapacity to deal with various malware variants belonging to similar families, the problem of time and resource consuming, etc. This paper proposes a novel method, called Malware Entropy Sequences Reflect the Family (MESRF), to improve the classification of malware based on the entropy sequences features. In prior research, entropy demonstrated good performance in many areas. First, the global features of the signals were extracted from the entropy sequences by some statistical methods. Next, some local features (i.e. structural entropy features) are extracted based on the discrete wavelet decomposition algorithm and vectorized by the Bag-of-words model, endowing it the high accuracy of malware classification. To evaluate our method, we conducted numerous experiments on the malware datasets with more than 20,000 samples. Through experiments, MESRF showed superiority comparing with other malware classification models, and the accuracy and ROC of the method even could reach 99.83% and 99.98% respectively on the malimg dataset.

show abstract

SMASH: A Malware Detection Method Based on Multi-Feature Ensemble Learning

Cited by 32 publications

References 36 publications

Anticoncept Drift Method for Malware Detector Based on Generative Adversarial Network

Anticoncept Drift Method for Malware Detector Based on Generative Adversarial Network

Windows PE Malware Detection Using Ensemble Learning

File Entropy Signal Analysis Combined With Wavelet Decomposition for Malware Classification

Contact Info

Product

Resources

About