Combining Restricted Boltzmann Machine and One Side Perceptron for Malware Detection

  • Răzvan Benchea
  • Dragoş Teodor Gavriluţ
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8577)


Due to the large increase of malware samples in the last 10 years, the demand of the antimalware industry for an automated classifier has increased. However, this classifier has to satisfy two restrictions in order to be used in real life situations: high detection rate and very low number of false positives. By modifying the perceptron algorithm and combining existing features, we were able to provide a good solution to the problem, called the one side perceptron. Since the power of the perceptron lies in its features, we will focus our study on improving the feature creation algorithm. This paper presents different methods, including simple mathematical operations and the usage of a restricted Boltzmann machine, for creating features designed for an increased detection rate of the one side perceptron. The analysis is carried out using a large dataset of approximately 3 million files.


Graphical Processing Unit Hide Unit Restricted Boltzmann Machine Boltzmann Machine Deep Belief Network 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
  2. 2.
    Gavrilut, D., Benchea, R., Vatamanu, C.: Optimized zero false positives perceptron training for malware detection. In: SYNASC, pp. 247–253. IEEE Computer Society (2012)Google Scholar
  3. 3.
    Chen, Y.W., Lin, C.-J.: Combining SVMs with various feature selection strategies. In: Guyon, I., Nikravesh, M., Gunn, S., Zadeh, L.A. (eds.) Feature Extraction. STUDFUZZ, vol. 207, pp. 315–324. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  4. 4.
    Paul, S.: Information processing in dynamical systems: Foundations of harmony theory. Parallel Distributed Processing: Explorations in the Microstructure of Cognition 1, 194–281 (1986)Google Scholar
  5. 5.
    Idika, N., Mathur, A.P.: A survey on malware detection techniques. PhD thesis. Purdue University (February 2007)Google Scholar
  6. 6.
    Schultz, M.G., Eskin, E., Zadok, E., Stolfo, S.J.: Data mining methods for detection of new malicious executables. In: IEEE Symposium on Security and Privacy, pp. 38–49. IEEE Computer Society (2001)Google Scholar
  7. 7.
    Abou-Assaleh, T., Cercone, N., Keselj, V., Sweidan, R.: N-gram-based detection of new malicious code. In: COMPSAC Workshops, pp. 41–42. IEEE Computer Society (2004)Google Scholar
  8. 8.
    Kolter, J.Z., Maloof, M.A.: Learning to detect and classify malicious executables in the wild. Journal of Machine Learning Research 6, 2721–2744 (2006)MathSciNetGoogle Scholar
  9. 9.
    Cai, D.M., Gokhale, M., Theiler, J.: Comparison of feature selection and classification algorithms in identifying malicious executables. Computational Statistics & Data Analysis 51(6), 3156–3172 (2007)CrossRefzbMATHMathSciNetGoogle Scholar
  10. 10.
    Siddiqui, M.A.: Data mining methods for malware detection (2008)Google Scholar
  11. 11.
    Shabtai, A., Moskovitch, R., Feher, C., Dolev, S., Elovici, Y.: Detecting unknown malicious code by applying classification techniques on opcode patterns. Security Informatics 1(1), 1–22 (2012)CrossRefGoogle Scholar
  12. 12.
    Hung, T.C., Lam, D.X.: A feature extraction method and recognition algorithm for detection unknown worm and variations based on static features (2011)Google Scholar
  13. 13.
    Zhang, B., Yin, J., Hao, J.: Using fuzzy pattern recognition to detect unknown malicious executables code. In: Wang, L., Jin, Y. (eds.) FSKD 2005, Part I. LNCS (LNAI), vol. 3613, pp. 629–634. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  14. 14.
    Ye, Y., Chen, L., Wang, D., Li, T., Jiang, Q., Zhao, M.: Sbmds: an interpretable string based malware detection system using svm ensemble with bagging. Journal in Computer Virology 5(4), 283–293 (2009)CrossRefGoogle Scholar
  15. 15.
    Dai, J., Guha, R.K., Lee, J.: Efficient virus detection using dynamic instruction sequences. JCP 4(5), 405–414 (2009)CrossRefGoogle Scholar
  16. 16.
    Baldangombo, U., Jambaljav, N., Horng, S.J.: A static malware detection system using data mining methods. CoRR abs/1308.2831 (2013)Google Scholar
  17. 17.
    Dahl, G.E., Stokes, J.W., Deng, L., Yu, D.: Large-scale malware classification using random projections and neural networks. In: ICASSP, pp. 3422–3426. IEEE (2013)Google Scholar
  18. 18.
    Lee, H., Grosse, R.B., Ranganath, R., Ng, A.Y.: Convolutional deep belief networks for scalable unsupervised learning of hierarchical representations. In: Danyluk, A.P., Bottou, L., Littman, M.L. (eds.) ICML. ACM International Conference Proceeding Series, vol. 382, p. 77. ACM (2009)Google Scholar
  19. 19.
    Taylor, G.W., Fergus, R., LeCun, Y., Bregler, C.: Convolutional learning of spatio-temporal features. In: Daniilidis, K., Maragos, P., Paragios, N. (eds.) ECCV 2010, Part VI. LNCS, vol. 6316, pp. 140–153. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  20. 20.
    Rahman Mohamed, A., Dahl, G.E., Hinton, G.E.: Acoustic modeling using deep belief networks. IEEE Transactions on Audio, Speech & Language Processing 20(1), 14–22 (2012)CrossRefGoogle Scholar
  21. 21.
    Cimpoesu, M., Gavrilut, D., Popescu, A.: The proactivity of perceptron derived algorithms in malware detection. Journal in Computer Virology 8(4), 133–140 (2012)CrossRefGoogle Scholar
  22. 22.
    Hinton, G.E.: Training products of experts by minimizing contrastive divergence. Neural Computation 14(8), 1771–1800 (2002)CrossRefzbMATHMathSciNetGoogle Scholar
  23. 23.
  24. 24.

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Răzvan Benchea
    • 1
    • 2
  • Dragoş Teodor Gavriluţ
    • 1
    • 2
  1. 1.Faculty of Computer Science“Alexandru Ioan Cuza” UniversityIaşiRomânia
  2. 2.Bitdefender LaboratoriesIaşiRomânia

Personalised recommendations