Abstract
Recent malware developments have the ability to remain hidden during infection and operation. They prevent analysis and removal, using various techniques, namely: obscure filenames, modification of file attributes, or operation under the pretense of legitimate programs and services. Also, the malware might attempt to subvert modern detection software, by hiding running processes, network connections and strings with malicious URLs or registry keys. The malware can go a step further and obfuscate the entire file with a packer, which is special software that takes the original malware file and compresses it, thus making all the original code and data unreadable. This paper proposes a novel approach, which uses minimum computational power and resources, to indentify Packed Executable (PEX), so as to spot the existence of malware software. It is an Evolving Computational Intelligence System for Malware Detection (ECISMD) which performs classification by Evolving Spiking Neural Networks (eSNN), in order to properly label a packed executable. On the other hand, it uses an Evolving Classification Function (ECF) for the detection of malwares and applies Genetic Algorithms to achieve ECF Optimization.
Keywords
Download to read the full chapter text
Chapter PDF
References
Yan, W., Zhang, Z., Ansari, N.: Revealing Packed Malware. IEEE (2007)
Cesare, S., Xiang, Y.: Software Similarity and Classification. Springer (2012)
Babar, K., Khalid, F.: Generic unpacking techniques. In: Proceedings of the 2nd International Conference on Computer, Control and Communication (IC4), pp. 1–6. IEEE (2009)
Royal, P., Halpin, M., Dagon, D., Edmonds, R.: Polyunpack: Automating the hidden-code extraction of unpack-executing malware. In: ACSAC, pp. 289–300 (2006)
Kang, M., Poosankam, P., Yin, H.: Renovo: A hidden code extractor for packed executables. In: 2007 ACM Workshop on Recurring Malcode, pp. 46–53. ACM (2007)
Martignoni, L., Christodorescu, M., Jha, S.: Omniunpack: Fast, generic, and safe unpacking of malware. In: Proceedings of the ACSAC, pp. 431–441 (2007)
Yegneswaran, V., Saidi, H., Porras, P., Sharif, M.: Eureka: A framework for enabling static analysis on malware, Technical report, Technical Report SRI-CSL-08-01 (2008)
Danielescu, A.: Anti-debugging and anti-emulation techniques: Code-Breakers J. (2008)
Shafiq, M.Z., Tabish, S.M., Mirza, F., Farooq, M.: PE-Miner: Mining Structural Information to Detect Malicious Executables in Realtime. In: Kirda, E., Jha, S., Balzarotti, D. (eds.) RAID 2009. LNCS, vol. 5758, pp. 121–141. Springer, Heidelberg (2009)
Shaq, M., Tabish, S., Farooq, M.: PE-Probe: Leveraging Packer Detection and Structural Information to Detect Malicious Portable Executables. In: Virus Bulletin Conference (2009)
Perdisci, R., Lanzi, A., Lee, W.: McBoost: Boosting scalability in malware collection and analysis using statistical classiffication of executables. In: Proceedings of the 2008 Annual Computer Security Applications Conference, pp. 301–310 (2008) ISSN 1063-9527
Kolter, J.Z., Maloof, M.A.: Learning to detect and classify malicious executables in the wild. Journal of Machine Learning Research 7, 2721–2744 (2006)
Ugarte-Pedrero, X., Santos, I., Bringas, P.G., Gastesi, M., Esparza, J.M.: Semi-supervised Learning for Packed Executable Detection. IEEE (2011) 978-1-4577-0460-4/11
Ugarte-Pedrero, X., Santos, I., Laorden, C., Sanz, B., Bringas, G.P.: Collective Classification for Packed Executable Identification. In: ACM CEAS, pp. 23–30 (2011)
Gavrilut, D., Cimpoes, M., Anton, D., Ciortuz, L.: Malware Detection Using Machine Learning. In: Proceedings of the International Multiconference on Computer Science and Information Technology, pp. 735–741 (2009) ISBN 978-83-60810-22-4
Ye, Y., Wang, D., Li, T., Ye, D.: Imds: intelligent malware detection system. ACM (2007)
Chandrasekaran, M., Vidyaraman, V., Upadhyaya, S.J.: Spycon: Emulating user activities to detect evasive spyware, IPCCC. IEEE Computer Society, 502–550 (2007)
Chouchane, M.R., Walenstein, A., Lakhotia, A.: Using Markov Chains to filter machine-morphed variants of malicious programs. In: 3rd International Conference on Malicious and Unwanted Software, MALWARE 2008, pp. 77–84 (2008)
Stamp, M., Attaluri, S.: McGhee S.: Profile hidden markov models and metamorphic virus detection. Journal in Computer Virology (2008)
Santamarta, R.: Generic detection and classification of polymorphic malware using neural pattern recognition (2006)
Yoo, I.: Visualizing Windows executable viruses using self-organizing maps. In: VizSEC/DMSEC 2004: ACM Workshop (2004)
Schliebs, S., Kasabov, N.: Evolving spiking neural network—a survey. Evolving Systems 4(2), 87–98 (2013)
Thorpe, S.J., Delorme, A.: Rufin van Rullen: Spike-based strategies for rapid processing. Neural Networks 14(6-7), 715–725 (2001)
Delorme, A., Perrinet, L., Thorpe, S.J.: Networks of Integrate-and-Fire Neurons using Rank Order Coding B: Spike Timing Dependant Plasticity and Emergence of Orientation Selectivity. Published in Neurocomputing 38-40(1-4), 539–545 (2000)
Thorpe, S.J., Gautrais, J.: Rank order coding. In: CNS 1997: Proceedings of the 6th Annual Conference on Computational Neuroscience: Trends in Research, New York, NY, USA, pp. 113–118. Plenum Press (1998)
Kasabov, N.: Evolving connectionist systems: Methods and Applications in Bioinformatics. In: Yu, P.X., Kacprzyk, P.J. (eds.) Brain Study and Intelligent Machines. Springer, NY (2002)
Wysoski, S.G., Benuskova, L., Kasabov, N.: Adaptive learning procedure for a network of spiking neurons and visual pattern recognition. In: Blanc-Talon, J., Philips, W., Popescu, D., Scheunders, P. (eds.) ACIVS 2006. LNCS, vol. 4179, pp. 1133–1142. Springer, Heidelberg (2006)
Schliebs, S., Defoin-Platel, M., Kasabov, N.: Integrated feature and parameter optimization for an evolving spiking neural network. In: Köppen, M., Kasabov, N., Coghill, G. (eds.) ICONIP 2008, Part I. LNCS, vol. 5506, pp. 1229–1236. Springer, Heidelberg (2009)
Song Q., Kasabov N.: Weighted Data Normalization and Feature Selection. In: Proc. of the 8th Intelligence Information Systems Conference (2003)
Huang, L., Song, Q., Kasabov, N.: Evolving Connectionist System Based Role Allocation for Robotic Soccer. International Journal of Advanced Robotic Systems 5(1), 59–62 (2008) ISSN 1729-8806
Kasabov, N.: Evolving fuzzy neural networks for online supervised/ unsupervised, knowledge–based learning. IEEE Trans. Cybernetics 31(6), 902–918 (2001)
Kasabov, N., Song, Q.: DENFIS: Dynamic, evolving neural-fuzzy inference systems and its application for time-series prediction. IEEE Trans. 10(2), 144–154 (2002)
Goh, L., Song, Q., Kasabov, N.: A Novel Feature Selection Method to Improve Classification of Gene Expression Data. In: 2nd Asia-Pacific IT Conf. vol. 29 (2004)
Kasabov, N., Song, Q.: GA-parameter optimization of evolving connectionist systems for classification and a case study from bioinformatics. In: Neural Information ICONIP 2002 Proceedings of the 9th International Conference on, IEEE ICONIP, 1198128 (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Demertzis, K., Iliadis, L. (2014). Evolving Computational Intelligence System for Malware Detection. In: Iliadis, L., Papazoglou, M., Pohl, K. (eds) Advanced Information Systems Engineering Workshops. CAiSE 2014. Lecture Notes in Business Information Processing, vol 178. Springer, Cham. https://doi.org/10.1007/978-3-319-07869-4_30
Download citation
DOI: https://doi.org/10.1007/978-3-319-07869-4_30
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-07868-7
Online ISBN: 978-3-319-07869-4
eBook Packages: Computer ScienceComputer Science (R0)