Browse > Article
http://dx.doi.org/10.3837/tiis.2019.07.023

A Cross-Platform Malware Variant Classification based on Image Representation  

Naeem, Hamad (College of Computer Science, Sichuan University)
Guo, Bing (College of Computer Science, Sichuan University)
Ullah, Farhan (College of Computer Science, Sichuan University)
Naeem, Muhammad Rashid (College of Computer Science, Sichuan University)
Publication Information
KSII Transactions on Internet and Information Systems (TIIS) / v.13, no.7, 2019 , pp. 3756-3777 More about this Journal
Abstract
Recent internet development is helping malware researchers to generate malicious code variants through automated tools. Due to this reason, the number of malicious variants is increasing day by day. Consequently, the performance improvement in malware analysis is the critical requirement to stop the rapid expansion of malware. The existing research proved that the similarities among malware variants could be used for detection and family classification. In this paper, a Cross-Platform Malware Variant Classification System (CP-MVCS) proposed that converted malware binary into a grayscale image. Further, malicious features extracted from the grayscale image through Combined SIFT-GIST Malware (CSGM) description. Later, these features used to identify the relevant family of malware variant. CP-MVCS reduced computational time and improved classification accuracy by using CSGM feature description along machine learning classification. The experiment performed on four publically available datasets of Windows OS and Android OS. The experimental results showed that the computation time and malware classification accuracy of CP-MVCS was higher than traditional methods. The evaluation also showed that CP-MVCS was not only differentiated families of malware variants but also identified both malware and benign samples in mix fashion efficiently.
Keywords
CSGM; Internet security; Grayscale image; CP-MVCS; Malware Detection; Machine Learning;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 Thuy Yilin Ye, LifaWu, Zheng Hong and Kangyu Huang, "A Risk Classification Based Approach for Android Malware Detection," KSII TRANSACTIONS ON INTERNET AND INFORMATION SYSTEMS, vol. 11, no. 2, pp. 959-981, February 2017.   DOI
2 KyoungSoo Han, Jae Hyun Lim and Eul Gyu Im, "Malware Analysis Method using Visualization of Binary Files," in Proc. of 2013 ACM Conf. on Research in Adaptive and Convergent Systems, pp. 317-321, October 1-4, 2013.
3 Asaf Shabtai, Robert Moskovitch, Yuval Elovici and Chanan Glezer, "Detection of malicious code by applying machine learning classifiers on static features: A state-of-the-art survey," Information Security Technical Report, vol. 14, no. 1, pp. 16-29, February 2009.   DOI
4 S. Cesare,Y. Xiang and W. Zhou, "Control Flow-Based Malware Variant Detection," IEEE Transaction Dependable and Secure Computing, vol. 11, no. 4, pp. 307-317, July 2014.   DOI
5 Shanhu Shang, Ning Zheng and Jian Xu, "Detecting malware variants via function-call graph similarity," in Proc. of 2010 IEEE Conference on Malicious and Unwanted Software, pp. 113-120, October 19-20, 2010.
6 T. Abou-Assaleh, N. Cercone, V. Keselj and R. Sweidan, "N-gram based detection of new malicious code," in Proc. of 2004 IEEE Conference on Privacy, Security and Trust, pp. 193-196, October 18, 2004.
7 Igor Santos, Jaime Devesa, Felix Brezo, Javier Nieves and Pablo Garcia Bringas, "OPEEM: A Static-Dynamic Approach for Machine-Learning Based Malware Detection," in Proc. of 2012 Springer Joint Conference CISIS'12-ICEUTE'12-SOCO'12 Special Sessions, pp. 271-280, 2012.
8 Vinod P. Nair , Harshit Jain, Yashwant K. Golecha, Manoj Singh Gaur and Vijay Laxmi, "MEDUSA: Metamorphic malware dynamic analysis using signature from API," in Proc. of 2010 ACM Conf. on Security of Information and Networks, pp. 263-269, September 7-11, 2010.
9 Qi-Guang Miao, Yun-Wang and Ying-Cao, "API Capture - A tool for monitoring the behavior of malware," in Proc. of 2010 IEEE Conference on Advanced Computer Theory and Engineering, pp.390-394, September 20, 2010.
10 Matt Fredrikson, Somesh Jha and Mihai Christodorescu, "Synthesizing Near-Optimal Malware Specifications from Suspicious Behaviors," in Proc. of 2010 IEEE Conference on Security and Privacy, pp. 45-60, May 16-19,2010.
11 Naqqash Aman, Naqqash Amanan, Fahim H. Abbasi and Farrukh Shahzad, "A Hybrid Approach for Malware Family Classification," in Proc. of 2017 Springer Conference on Applications and Techniques in Information Security, pp. 169-180, 2017.
12 KyoungSoo Han, Jae Hyun Lim, Boojoong Kang and Eul Gyu Im, "Malware analysis using visualized images and entropy graphs," International Journal of Information Security, vol. 14, no. 1, pp. 1-14, April 29, 2014.   DOI
13 L. Nataraj,S. Karthikeyan,G. Jacob and B. S. Manjunath, "Malware images: visualization and automatic classification," in Proc. of 2011 ACM Conf. on Visualization for Cyber Security, pp. 1-4, July 20, 2011.
14 Kesav Kancherla and Srinivas Mukkamala, "Image Visualization based Malware Detection," in Proc. of 2013 IEEE Conference on Computational Intelligence in Cyber Security, pp. 40-44, April 16-19,2013.
15 Aziz Makandar and Anita Patrot, "Malware Class Recognition Using Image Processing Techniques," in Proc. of 2017 IEEE Conference on Data Management, Analytics and Innovation, pp. 76-80, February 24-26, 2017.
16 Konstantinos Kosmidis, "Machine Learning and Images for Malware Detection and Classification," 2017.
17 Ban Xiaofang, Chen Li, Hu Weihua and Wu Qu, "Malware Variant Detection Using Similarity Search over Content Fingerprint," in Proc. of 2014 IEEE Conference on Control and Decision, pp. 5334-5339, May 31-June 2, 2014.
18 Ultimate Packer for Executables UPX. http://upx.sourceforge.net/
19 Yan Ke, R. Sukthankar, "PCA-SIFT: A more distinctive representation for local image descriptors", in Proc. of 2004 IEEE Conference on Computer Vision and Pattern Recognition, pp. 506-513, 27 June-2 July, 2004.
20 Francesco Ciompi, Colin Jacobs, Ernst Th. Scholten, "Bag-of-frequencies: a descriptor of pulmonary nodules incomputed tomography images," IEEE Transaction on Medical Imaging, vol. 34, no. 4, pp. 962-973, November, 2014.   DOI
21 Aude OlivaAntonio Torralba, "Modeling the Shape of the Scene: A Holistic Representation of the Spatial Envelope," International Journal of Computer Vision, vol. 42, no. 3, pp. 145-175, May, 2001.   DOI
22 Hamad Naeem, Bing Guo, Muhammad Rashid Naeem,Muhammad Aamir,Muhammad Sufyan Javed, "A new approach for image detection based on refined Bag of Words algorithm," Optik - International Journal for Light and Electron Optics, vol. 140, pp. 823-832, July, 2017.   DOI
23 Weka. http://www.cs.waikato.ac.nz/ml/weka
24 Matlab. https://www.mathworks.com/products/matlab.html
25 Malimg Dataset. https://vision.ece.ucsb.edu/
26 Malheur Dataset. https://www.sec.cs.tu-bs.de/data/malheur/
27 Virus Share. http://www.virusshare.com/
28 IKMLaboratory. https://sites.google.com/site/nckuikm/home/
29 S. Nari, A. Ghorba.ni. "Automated malware classification based on network behavior," in Proc. of international conference on computing, networking and communications (ICNC), pp. 642-647, 2013.
30 Md. Enamul Karim, Andrew Wallenstein, Arun Lakhotia and Laxmi Parida, "Malware phylogeny generation using permutations of code," Journal of Computer Virology, vol. 1, no. 1, pp. 13-23, December 20, 2005.   DOI
31 Symantec, "Internet security threat report," 2017.
32 Kaspersky Lab, "Cyber financial threat report," 2017.
33 T. Ban, R. Isawa, S. Guo, D. Inoue, K. Nakao, "Efficient Malware Packer Identification Using Support Vector Machines with Spectrum Kernel," in Proc. of Eighth Asia Joint Conference on Information Security, pp. 69-76, 2013.
34 Virus Total. https://www.virustotal.com/en/statistics/
35 FUPX Packer. https://portableapps.com/apps/utilities/free_upx_portable
36 Zhihua C, Fei X, Xingjuan C, Yang C, Gai-ge W, Jinjun C, "Detection of Malicious Code Variants Based on Deep Learning," IEEE Transactions on Industrial Informatics, vol. 14, no. 7, pp. 3187-3196, 2018.   DOI