KSII Transactions on Internet and Information Systems (TIIS)

Korean Society for Internet Information (한국인터넷정보학회)
권호 표지
DOI QR코드

DOI QR Code

A Secure Encryption-Based Malware Detection System

  • Lin, Zhaowen (Network and Information Center, Institute of Network Technology, Beijing University of Posts and Telecommunications) ;
  • Xiao, Fei (Network and Information Center, Institute of Network Technology, Beijing University of Posts and Telecommunications) ;
  • Sun, Yi (Science and Technology on Information Transmission and Dissemination in Communication Networks Laboratory) ;
  • Ma, Yan (Network and Information Center, Institute of Network Technology, Beijing University of Posts and Telecommunications) ;
  • Xing, Cong-Cong (Deptatrment of Mathematics/Computer Science, Nicholls State University) ;
  • Huang, Jun (School of CIE, Chongqing University of Posts and Telecommunications)
  • Received : 2017.06.28
  • Accepted : 2017.10.30
  • Published : 2018.04.30
Download PDF
⟨ Previous Next ⟩

Abstract

Malware detections continue to be a challenging task as attackers may be aware of the rules used in malware detection mechanisms and constantly generate new breeds of malware to evade the current malware detection mechanisms. Consequently, novel and innovated malware detection techniques need to be investigated to deal with this circumstance. In this paper, we propose a new secure malware detection system in which API call fragments are used to recognize potential malware instances, and these API call fragments together with the homomorphic encryption technique are used to construct a privacy-preserving Naive Bayes classifier (PP-NBC). Experimental results demonstrate that the proposed PP-NBC can successfully classify instances of malware with a hit-rate as high as 94.93%.

Keywords

References

  1. Grimes, R. Malicious mobile code: Virus protection for Windows. " O'Reilly Media, Inc.", 2001.
  2. Biggio, B., Nelson, B., Laskov, P., "Poisoning attacks against support vector machines," in Proc. of Langford, J., Pineau, J., editors, 29th International Conference on Machine Learning (ICML), pp. 1467-1474, June 26-July 01, 2012.
  3. Elhadi, E., Maarof, M. A., Barry, B., "Improving the detection of malware behaviour using simplified data dependent api call graph," International Journal of Security and Its Applications, Vol. 7, No. 5, pp. 29-42, October, 2013. https://doi.org/10.14257/ijsia.2013.7.5.03
  4. Saxe, J., Berlin, K., "Deep neural network based malware detection using two dimensional binary program features," in Proc. of 2015 10th International Conference on Malicious and Unwanted Software (MALWARE), pp. 11-20, October, 2015.
  5. Fan, C. I., Hsiao, H. W., Chou, C. H., Tseng, Y. F., "Malware detection systems based on API log data mining," in Proc. of 2015 IEEE 39th Annual Computer Software and Applications Conference (COMPSAC), Vol. 3, pp. 255-260, July, 2015.
  6. Maiorca, D., "Design and implementation of robust systems for secure malware detection (Doctoral dissertation, Universita'degli Studi di Cagliari)," 2016.
  7. Ye, Y., Wu, L., Hong, Z., and Huang, K., "A Risk Classification Based Approach for Android Malware Detection," KSII Transactions on Internet and Information Systems, vol. 11, no. 2, pp. 959-981, February, 2017. https://doi.org/10.3837/tiis.2017.02.018
  8. Abdulla, S. and Altaher, A., "Intelligent Approach for Android Malware Detection," KSII Transactions on Internet and Information Systems, vol. 9, no. 8, pp. 2964-2983, August, 2015. https://doi.org/10.3837/tiis.2015.08.012
  9. Xiao, X., Wang, Z., Li, Q., Li, Q., and Jiang, Y., "ANNs on Co-occurrence Matrices for Mobile Malware Detection," KSII Transactions on Internet and Information Systems, vol. 9, no. 7, pp. 2736-2754, July, 2015. https://doi.org/10.3837/tiis.2015.07.023
  10. Schultz, M. G., Eskin, E., Zadok, F., Stolfo, S. J., "Data mining methods for detection of new malicious executables," in Proc. of Proceedings of the 2001 IEEE Symposium on Security and Privacy, pp. 38-49, May, 2001.
  11. Frederick, R., "Core concept: homomorphic encryption," in Proc. of Proceedings of the National Academy of Sciences, Vol.112, no. 28, pp. 8515-8516, July, 2015. https://doi.org/10.1073/pnas.1507452112
  12. Sun, Y., Wen, Q., Zhang, Y., Zhang, H., Jin, Z., "Efficient secure multiparty computation protocol for sequencing problem over insecure channel," Mathematical Problems in Engineering 2013, Article ID 172718, September, 2013.
  13. Eskandari, M., Khorshidpur, Z., Hashemi, S., "To incorporate sequential dynamic features in malware detection engines," in Proc. of Intelligence and Security Informatics Conference (EISIC), pp. 46-52, August, 2012.
  14. Ye, Y., Wang, D., Li, T., Ye, D., "IMDS: Intelligent malware detection system," in Proc. of Proceedings of the 13th ACM SIGKDD international conference on Knowledge discovery and data mining, pp. 1043-1047, August, 2007.
  15. Canfora, G., Di Sorbo, A., Mercaldo, F., Visaggio, C. A., "Obfuscation techniques against signature-based detection: a case study," in Proc. of Proceedings of 1st Workshop on Mobile System Technologies (MST), pp. 21-26, May, 2015.
  16. Kim, M., Lauter, K., "Private genome analysis through homomorphic encryption," BMC medical informatics and decision making, Vol. 15, no. 5, S3, 2015.
  17. Elhadi, A. A. E., Maarof, M. A., Barry, B. I., Hamza, H., "Enhancing the detection of metamorphic malware using call graphs," Computers & Security, Vol. 46, pp. 62-78, October, 2014. https://doi.org/10.1016/j.cose.2014.07.004
  18. Kocabas, O., Soyata, T., "Utilizing homomorphic encryption to implement secure and private medical cloud computing," in Proc. of Cloud Computing (CLOUD), 2015 IEEE 8th International Conference, pp. 540-547, June, 2015.
  19. Sun, Y., Wen, Q., Zhang, Y., Li, W., "Privacy-preserving self-helped medical diagnosis scheme based on secure two-party computation in wireless sensor networks," Computational and mathematical methods in medicine, vol. 2014, pp. 9, July, 2014.
  20. Kim, M., Lauter, K., "Private genome analysis through homomorphic encryption," BMC Med Inform Decis Making, 15(Suppl 5):3, December, 2015. https://doi.org/10.1186/s12911-014-0124-4
  21. Yi, X., Okamoto, E., "Practical internet voting system," Journal of Network and Computer Applications, Vol. 36, no. 1, pp. 378-387, January, 2013. https://doi.org/10.1016/j.jnca.2012.05.005
  22. Bunn, P., Ostrovsky, R., "Secure two-party k-means clustering," in Proc. of Proceedings of the 14th ACM conference on Computer and communications security, pp. 486-497, October, 2007.
  23. Fun, T. S. and Samsudin, A., "A Survey of Homomorphic Encryption for Outsourced Big Data Computation," KSII Transactions on Internet and Information Systems, vol. 10, no. 8, pp. 3826-3851, August, 2016. https://doi.org/10.3837/tiis.2016.08.022
  24. Kissner, L., Song, D., "Privacy-preserving set operations," in Proc. of Annual International Cryptology Conference, Springer Berlin Heidelberg, pp. 241-257, August, 2005.
  25. Xuezhen, H., Jiqiang, L., Zhen, H., Jun, Y., "A new anonymity model for privacy-preserving data publishing," China Communications, Vol. 11, no. 9, pp. 47-59, November, 2014. https://doi.org/10.1109/CC.2014.6969710
  26. Barni, M., Failla, P., Kolesnikov, V., Lazzeretti, R., Sadeghi, A. R., Schneider, T., "Secure evaluation of private linear branching programs with medical applications," in Proc. of European Symposium on Research in Computer Security, pp. 424-439, September, 2009.
  27. Barni, M., Failla, P., Lazzeretti, R., Paus, A., Sadeghi, A. R., Schneider, T., Kolesnikov, V., "Efficient privacy-preserving classification of ECG signals," in Proc. of First IEEE International Workshop on #Information Forensics and Security, pp. 91-95, December, 2009.
  28. Bos, J. W., Lauter, K., Naehrig, M., "Private predictive analysis on encrypted medical data," Journal of biomedical informatics, Vol. 50, pp. 234-243, August, 2014. https://doi.org/10.1016/j.jbi.2014.04.003
  29. Bost, R., Popa, R. A., Tu, S., Goldwasser, S., "Machine Learning Classification over Encrypted Data," in Proc. of The 22nd Internet Society Annual Network and Distributed System Security Symposium, pp. 8-11, February, 2015.
  30. Paillier, P., "Public-key cryptosystems based on composite degree residuosity classes," in Proc. of International Conference on the Theory and Applications of Cryptographic Techniques, pp. 223-238, May, 1999.
  31. Lee, T., Choi, B., Shin, Y., Kwak, J., "Automatic malware mutant detection and group classification based on the n-gram and clustering coefficient," The Journal of Supercomputing, pp. 1-15, December, 2015.
  32. Tschiatschek, S., Pernkopf, F., "On Bayesian network classifiers with reduced precision parameters," IEEE transactions on pattern analysis and machine intelligence, Vol. 37, no. 4, pp. 774-785, August, 2015. https://doi.org/10.1109/TPAMI.2014.2353620
  33. X. Yi, R. Paulet, E., "Bertino. homomorphic Encryption and Applications," Springer International Publishing, 2014.
  34. Zhang, Y., Wang, S., Phillips, P., Ji, G., "Binary PSO with mutation operator for feature selection using decision tree applied to spam detection," Knowledge-Based Systems, Vol. 64, pp. 22-31, July, 2014.

Cited by

  1. Malware Detection Based on Deep Learning of Behavior Graphs vol.2019, pp.None, 2018, https://doi.org/10.1155/2019/8195395
  2. A Novel Malware Classification Method Based on Crucial Behavior vol.2020, pp.None, 2018, https://doi.org/10.1155/2020/6804290