Abstract
With the increasing variants of malware, and it is of great significance to effectively detect malware and secure system. It is easy for malware to evade from the detection using existing dynamic detection method. To resolve the shortcomings of the existing dynamic detection method, we propose a multimodal malware detection method. By extracting the word vector of API call sequence conversion of malware, and extracting the image features converted from grayscale image memory dump of malware process, and inputting the multimodal features into the deep neural network is used to classify the malware samples. The effectiveness of this method is verified by the experiment through the captured malware samples in the wild. In addition, there is a performance comparison between our method and other recent experiments.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Cuckoo sandbox. https://cuckoosandbox.org/
Openmalware. http://malwarebenchmark.org/. Last accessed 5 Apr. 2018
Virustotal. https://www.virustotal.com/
Sequence intent classification using hierarchical attention networks (March 2018). https://www.microsoft.com/developerblog/2018/03/06/sequence-intent-classification/
Athiwaratkun, B., Stokes, J.W.: Malware classification with LSTM and GRU language models and a character-level CNN. In: 2017 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pp. 2482–2486. IEEE (2017)
Bulazel, A., Yener, B.: A survey on automated dynamic malware analysis evasion and counter-evasion: Pc, mobile, and web. In: Proceedings of the 1st Reversing and Offensive-oriented Trends Symposium, p. 2. ACM (2017)
Dai, Y., Li, H., Qian, Y., Lu, X.: A malware classification method based on memory dump grayscale image. Digital Invest. 27, 30–37 (2018)
Demme, J., et al.: On the feasibility of online malware detection with performance counters. In: ACM SIGARCH Computer Architecture News. vol. 41, pp. 559–570. ACM (2013)
Ding, Y., Xia, X., Chen, S., Li, Y.: A malware detection method based on family behavior graph. Comput. Secur. 73, 73–86 (2018)
Hansen, S.S., Larsen, T.M.T., Stevanovic, M., Pedersen, J.M.: An approach for detection and family classification of malware based on behavioral analysis. In: 2016 International Conference on Computing, Networking and Communications (ICNC), pp. 1–5. IEEE (2016)
Idika, N., Mathur, A.P.: A survey of malware detection techniques. PurdueUniversity 48 (2007)
Jordaney, R., et al.: Transcend: detecting concept drift in malware classification models. In: 26th \(\{\)USENIX\(\}\) Security Symposium (\(\{\)USENIX\(\}\) Security 17), pp. 625–642 (2017)
Khasawneh, K.N., Abu-Ghazaleh, N., Ponomarev, D., Yu, L.: Rhmd: evasion-resilient hardware malware detectors. In: Proceedings of the 50th Annual IEEE/ACM International Symposium on Microarchitecture, pp. 315–327. ACM (2017)
Khasawneh, K.N., Ozsoy, M., Donovick, C., Abu-Ghazaleh, N., Ponomarev, D.: Ensemble learning for low-level hardware-supported malware detection. In: Bos, H., Monrose, F., Blanc, G. (eds.) RAID 2015. LNCS, vol. 9404, pp. 3–25. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-26362-5_1
Khasawneh, K.N., Ozsoy, M., Donovick, C., Ghazaleh, N.A., Ponomarev, D.V.: Ensemblehmd: accurate hardware malware detectors with specialized ensemble classifiers. In: IEEE Transactions on Dependable and Secure Computing (2018)
Laskov, P., et al.: Practical evasion of a learning-based classifier: a case study. In: 2014 IEEE Symposium on Security and Privacy, pp. 197–211. IEEE (2014)
Maiorca, D., Corona, I., Giacinto, G.: Looking at the bag is not enough to find the bomb: an evasion of structural methods for malicious pdf files detection. In: Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, pp. 119–130. ACM (2013)
Mikolov, T., Chen, K., Corrado, G., Dean, J.: Efficient estimation of word representations in vector space (2013). arXiv preprint arXiv:1301.3781
Ozsoy, M., Donovick, C., Gorelik, I., Abu-Ghazaleh, N., Ponomarev, D.: Malware-aware processors: a framework for efficient online malware detection. In: 2015 IEEE 21st International Symposium on High Performance Computer Architecture (HPCA), pp. 651–661. IEEE (2015)
Ozsoy, M., Khasawneh, K.N., Donovick, C., Gorelik, I., Abu-Ghazaleh, N., Ponomarev, D.: Hardware-based malware detection using low-level architectural features. IEEE Trans. Comput. 65(11), 3332–3344 (2016)
Smutz, C., Stavrou, A.: When a tree falls: using diversity in ensemble classifiers to identify evasion in malware detectors. In: NDSS (2016)
Tang, A., Sethumadhavan, S., Stolfo, S.J.: Unsupervised anomaly-based malware detection using hardware features. In: Stavrou, A., Bos, H., Portokalidis, G. (eds.) RAID 2014. LNCS, vol. 8688, pp. 109–129. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11379-1_6
Tobiyama, S., Yamaguchi, Y., Shimada, H., Ikuse, T., Yagi, T.: Malware detection with deep neural network using process behavior. In: 2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC). vol. 2, pp. 577–582. IEEE (2016)
Acknowledgment
This work was supported by the National Natural Science Foundation of China under Grant 61571364, and Innovation Foundation for Doctoral Dissertation of Northwestern Polytechnical University under Grant CX201952.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Dai, Y., Li, H., Rong, X., Li, Y., Zheng, M. (2019). M4D: A Malware Detection Method Using Multimodal Features. In: Shen, B., Wang, B., Han, J., Yu, Y. (eds) Frontiers in Cyber Security. FCS 2019. Communications in Computer and Information Science, vol 1105. Springer, Singapore. https://doi.org/10.1007/978-981-15-0818-9_15
Download citation
DOI: https://doi.org/10.1007/978-981-15-0818-9_15
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-0817-2
Online ISBN: 978-981-15-0818-9
eBook Packages: Computer ScienceComputer Science (R0)