Skip to main content
SpringerLink
Log in

M4D: A Malware Detection Method Using Multimodal Features

  • Conference paper
  • First Online:
Book cover Frontiers in Cyber Security (FCS 2019)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1105))

Included in the following conference series:

Abstract

With the increasing variants of malware, and it is of great significance to effectively detect malware and secure system. It is easy for malware to evade from the detection using existing dynamic detection method. To resolve the shortcomings of the existing dynamic detection method, we propose a multimodal malware detection method. By extracting the word vector of API call sequence conversion of malware, and extracting the image features converted from grayscale image memory dump of malware process, and inputting the multimodal features into the deep neural network is used to classify the malware samples. The effectiveness of this method is verified by the experiment through the captured malware samples in the wild. In addition, there is a performance comparison between our method and other recent experiments.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Cuckoo sandbox. https://cuckoosandbox.org/

  2. Openmalware. http://malwarebenchmark.org/. Last accessed 5 Apr. 2018

  3. Virustotal. https://www.virustotal.com/

  4. Sequence intent classification using hierarchical attention networks (March 2018). https://www.microsoft.com/developerblog/2018/03/06/sequence-intent-classification/

  5. Athiwaratkun, B., Stokes, J.W.: Malware classification with LSTM and GRU language models and a character-level CNN. In: 2017 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pp. 2482–2486. IEEE (2017)

    Google Scholar 

  6. Bulazel, A., Yener, B.: A survey on automated dynamic malware analysis evasion and counter-evasion: Pc, mobile, and web. In: Proceedings of the 1st Reversing and Offensive-oriented Trends Symposium, p. 2. ACM (2017)

    Google Scholar 

  7. Dai, Y., Li, H., Qian, Y., Lu, X.: A malware classification method based on memory dump grayscale image. Digital Invest. 27, 30–37 (2018)

    Article  Google Scholar 

  8. Demme, J., et al.: On the feasibility of online malware detection with performance counters. In: ACM SIGARCH Computer Architecture News. vol. 41, pp. 559–570. ACM (2013)

    Google Scholar 

  9. Ding, Y., Xia, X., Chen, S., Li, Y.: A malware detection method based on family behavior graph. Comput. Secur. 73, 73–86 (2018)

    Article  Google Scholar 

  10. Hansen, S.S., Larsen, T.M.T., Stevanovic, M., Pedersen, J.M.: An approach for detection and family classification of malware based on behavioral analysis. In: 2016 International Conference on Computing, Networking and Communications (ICNC), pp. 1–5. IEEE (2016)

    Google Scholar 

  11. Idika, N., Mathur, A.P.: A survey of malware detection techniques. PurdueUniversity 48 (2007)

    Google Scholar 

  12. Jordaney, R., et al.: Transcend: detecting concept drift in malware classification models. In: 26th \(\{\)USENIX\(\}\) Security Symposium (\(\{\)USENIX\(\}\) Security 17), pp. 625–642 (2017)

    Google Scholar 

  13. Khasawneh, K.N., Abu-Ghazaleh, N., Ponomarev, D., Yu, L.: Rhmd: evasion-resilient hardware malware detectors. In: Proceedings of the 50th Annual IEEE/ACM International Symposium on Microarchitecture, pp. 315–327. ACM (2017)

    Google Scholar 

  14. Khasawneh, K.N., Ozsoy, M., Donovick, C., Abu-Ghazaleh, N., Ponomarev, D.: Ensemble learning for low-level hardware-supported malware detection. In: Bos, H., Monrose, F., Blanc, G. (eds.) RAID 2015. LNCS, vol. 9404, pp. 3–25. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-26362-5_1

    Chapter  Google Scholar 

  15. Khasawneh, K.N., Ozsoy, M., Donovick, C., Ghazaleh, N.A., Ponomarev, D.V.: Ensemblehmd: accurate hardware malware detectors with specialized ensemble classifiers. In: IEEE Transactions on Dependable and Secure Computing (2018)

    Google Scholar 

  16. Laskov, P., et al.: Practical evasion of a learning-based classifier: a case study. In: 2014 IEEE Symposium on Security and Privacy, pp. 197–211. IEEE (2014)

    Google Scholar 

  17. Maiorca, D., Corona, I., Giacinto, G.: Looking at the bag is not enough to find the bomb: an evasion of structural methods for malicious pdf files detection. In: Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, pp. 119–130. ACM (2013)

    Google Scholar 

  18. Mikolov, T., Chen, K., Corrado, G., Dean, J.: Efficient estimation of word representations in vector space (2013). arXiv preprint arXiv:1301.3781

  19. Ozsoy, M., Donovick, C., Gorelik, I., Abu-Ghazaleh, N., Ponomarev, D.: Malware-aware processors: a framework for efficient online malware detection. In: 2015 IEEE 21st International Symposium on High Performance Computer Architecture (HPCA), pp. 651–661. IEEE (2015)

    Google Scholar 

  20. Ozsoy, M., Khasawneh, K.N., Donovick, C., Gorelik, I., Abu-Ghazaleh, N., Ponomarev, D.: Hardware-based malware detection using low-level architectural features. IEEE Trans. Comput. 65(11), 3332–3344 (2016)

    Article  MathSciNet  Google Scholar 

  21. Smutz, C., Stavrou, A.: When a tree falls: using diversity in ensemble classifiers to identify evasion in malware detectors. In: NDSS (2016)

    Google Scholar 

  22. Tang, A., Sethumadhavan, S., Stolfo, S.J.: Unsupervised anomaly-based malware detection using hardware features. In: Stavrou, A., Bos, H., Portokalidis, G. (eds.) RAID 2014. LNCS, vol. 8688, pp. 109–129. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11379-1_6

    Chapter  Google Scholar 

  23. Tobiyama, S., Yamaguchi, Y., Shimada, H., Ikuse, T., Yagi, T.: Malware detection with deep neural network using process behavior. In: 2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC). vol. 2, pp. 577–582. IEEE (2016)

    Google Scholar 

Download references

Acknowledgment

This work was supported by the National Natural Science Foundation of China under Grant 61571364, and Innovation Foundation for Doctoral Dissertation of Northwestern Polytechnical University under Grant CX201952.

Author information

Authors and Affiliations

  1. School of Electronics and Information, Northwestern Polytechnical University, Xi’an, China

    Yusheng Dai & Hui Li

  2. China Electric Engineering Design Institute, Beijing, China

    Xing Rong

  3. School of Computer and Information Engineering, Nan Yang Institute of Technology, Nanyang, China

    Yahong Li

  4. Henan Institute of Information Security Co. Ltd, Xuchang, China

    Min Zheng

Authors
  1. Yusheng Dai
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hui Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xing Rong
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yahong Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Min Zheng
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yusheng Dai .

Editor information

Editors and Affiliations

  1. Xidian University, Xi’an, China

    Bazhong Shen

  2. Xidian University, Xi’an, China

    Baocang Wang

  3. Queen's University Belfast, Belfast, UK

    Jinguang Han

  4. Shaanxi Normal University, Xi'an, China

    Yong Yu

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Dai, Y., Li, H., Rong, X., Li, Y., Zheng, M. (2019). M4D: A Malware Detection Method Using Multimodal Features. In: Shen, B., Wang, B., Han, J., Yu, Y. (eds) Frontiers in Cyber Security. FCS 2019. Communications in Computer and Information Science, vol 1105. Springer, Singapore. https://doi.org/10.1007/978-981-15-0818-9_15

Download citation

  • DOI: https://doi.org/10.1007/978-981-15-0818-9_15

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-15-0817-2

  • Online ISBN: 978-981-15-0818-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation