Browse > Article
http://dx.doi.org/10.3745/JIPS.03.0145

A Study on Variant Malware Detection Techniques Using Static and Dynamic Features  

Kang, Jinsu (Dept. of Computer Science Engineering, Chungnam National University)
Won, Yoojae (Dept. of Computer Science Engineering, Chungnam National University)
Publication Information
Journal of Information Processing Systems / v.16, no.4, 2020 , pp. 882-895 More about this Journal
Abstract
The amount of malware increases exponentially every day and poses a threat to networks and operating systems. Most new malware is a variant of existing malware. It is difficult to deal with numerous malware variants since they bypass the existing signature-based malware detection method. Thus, research on automated methods of detecting and processing variant malware has been continuously conducted. This report proposes a method of extracting feature data from files and detecting malware using machine learning. Feature data were extracted from 7,000 malware and 3,000 benign files using static and dynamic malware analysis tools. A malware classification model was constructed using multiple DNN, XGBoost, and RandomForest layers and the performance was analyzed. The proposed method achieved up to 96.3% accuracy.
Keywords
Computer Security; Dynamic Analysis Machine Learning; Metamorphic; Polymorphic; Static Analysis; Windows Malware;
Citations & Related Records
연도 인용수 순위
  • Reference
1 AV-TEST, "AV-TEST Annual Report," 2018 [Online]. Available: https://www.av-test.org/en/about-theinstitute/publications/.
2 H. Rathore, S. Agarwal, S. K. Sahay, and M. Sewak, "Malware detection using machine learning and deep learning," in Big Data Analytics. Cham: Springer, 2018, pp. 402-411.
3 R. Zak, E. Raff, and C. Nicholas, "What can N-grams learn for malware detection?," in Proceedings of 2017 12th International Conference on Malicious and Unwanted Software (MALWARE), Fajardo, Puerto Rico, 2017, pp. 109-118.
4 I. Santos, F. Brezo, X. Ugarte-Pedrero, and P. G. Bringas, "Opcode sequences as representation of executables for data-mining-based unknown malware detection," Information Sciences, vol. 231, pp. 64-82, 2013.   DOI
5 R. Moskovitch, C. Feher, N. Tzachar, E. Berger, M. Gitelman, S. Dolev, and Y. Elovici, "Unknown malcode detection using opcode representation," Intelligence and Security Informatics. Heidelberg: Springer, 2018, pp. 204-215.
6 A. Yewale and M. Singh, "Malware detection based on opcode frequency," in Proceedings of 2016 International Conference on Advanced Communication Control and Computing Technologies (ICACCCT), Ramanathapuram, India, 2016, pp. 646-649.
7 Y. Ki, E. Kim, and H. K. Kim, "A novel approach to detect malware based on API call sequence analysis," International Journal of Distributed Sensor Networks, vol. 11, no. 6, article no. 659101, 2015.
8 M. A. Jerlin and K. Marimuthu, "A new malware detection system using machine learning techniques for API call sequences," Journal of Applied Security Research, vol. 13, no. 1, pp. 45-62, 2018.   DOI
9 K. Rieck, T. Holz, C. Willems, P. Dussel, and P. Laskov, "Learning and classification of malware behavior," in Detection of Intrusions and Malware, and Vulnerability Assessment. Heidelberg: Springer, 2008, pp. 108-125.
10 M. Ahmadi, D. Ulyanov, S. Semenov, M. Trofimov, and G. Giacinto, "Novel feature extraction, selection and fusion for effective malware family classification," in Proceedings of the 6th ACM Conference on Data and Application Security and Privacy, New Orleans, LA, 2016, pp. 183-194.
11 A. Mohaisen, O. Alrawi, and M. Mohaisen, "AMAL: high-fidelity, behavior-based automated malware analysis and classification," Computers & Security, vol. 52, pp. 251-266, 2015.   DOI
12 S. Nari and A. A. Ghorbani, "Automated malware classification based on network behavior," in Proceedings of 2013 International Conference on Computing, Networking and Communications (ICNC), San Diego, CA, 2013, pp. 642-647.
13 L. Chen, "Deep transfer learning for static malware classification," 2018 [Online]. Available: https://arxiv.org/abs/1812.07606.
14 J. Saxe and K. Berlin, "Deep neural network based malware detection using two dimensional binary program features," in Proceedings of 2015 10th International Conference on Malicious and Unwanted Software (MALWARE), Fajardo, Puerto Rico, 2015, pp. 11-20.
15 X. Ma, S. Guo, H. Li, Z. Pan, J. Qiu, Y. Ding, and F. Chen, "How to make attention mechanisms more practical in malware classification," IEEE Access, vol. 7, pp. 155270-155280, 2019.   DOI
16 Z. Cui, F. Xue, X. Cai, Y. Cao, G. G. Wang, and J. Chen, "Detection of malicious code variants based on deep learning," IEEE Transactions on Industrial Informatics, vol. 14, no. 7, pp. 3187-3196, 2018.   DOI
17 D. Gibert, C. Mateu, J. Planes, and R. Vicens, "Using convolutional neural networks for classification of malware represented as images," Journal of Computer Virology and Hacking Techniques, vol. 15, no. 1, pp. 15-28, 2019.   DOI
18 L. Nataraj, S. Karthikeyan, G. Jacob, and B. S. Manjunath, "Malware images: visualization and automatic classification," in Proceedings of the 8th international Symposium on Visualization for Cyber Security, Pittsburgh, PA, 2011, pp. 1-7.
19 S. Gupta, H. Sharma, and S. Kaur, "Malware characterization using windows API call sequences," in Security, Privacy, and Applied Cryptography Engineering. Cham: Springer, 2016, pp. 271-280.
20 Korea Information Security Industry Service, "Large malware dataset," 2018 [Online]. Available:https://www.kisis.or.kr/kisis/subIndex/376.do.