Browse > Article
http://dx.doi.org/10.3837/tiis.2021.09.010

Malware Detection with Directed Cyclic Graph and Weight Merging  

Li, Shanxi (School of Information Science and Engineering, Lanzhou University)
Zhou, Qingguo (School of Information Science and Engineering, Lanzhou University)
Wei, Wei (School of Computer Science and Engineering, Xi'an University of Technology)
Publication Information
KSII Transactions on Internet and Information Systems (TIIS) / v.15, no.9, 2021 , pp. 3258-3273 More about this Journal
Abstract
Malware is a severe threat to the computing system and there's a long history of the battle between malware detection and anti-detection. Most traditional detection methods are based on static analysis with signature matching and dynamic analysis methods that are focused on sensitive behaviors. However, the usual detections have only limited effect when meeting the development of malware, so that the manual update for feature sets is essential. Besides, most of these methods match target samples with the usual feature database, which ignored the characteristics of the sample itself. In this paper, we propose a new malware detection method that could combine the features of a single sample and the general features of malware. Firstly, a structure of Directed Cyclic Graph (DCG) is adopted to extract features from samples. Then the sensitivity of each API call is computed with Markov Chain. Afterward, the graph is merged with the chain to get the final features. Finally, the detectors based on machine learning or deep learning are devised for identification. To evaluate the effect and robustness of our approach, several experiments were adopted. The results showed that the proposed method had a good performance in most tests, and the approach also had stability with the development and growth of malware.
Keywords
malware detection; directed cyclic graph; Markov Chain; machine learning; neural network;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Alam, Saruar, Moonsoo Kang, Jae-Young Pyun, and Goo-Rak Kwon, "Performance of Classification Based on PCA, Linear SVM, and Multi-Kernel SVM," in Proc. of 2016 Eighth International Conference on Ubiquitous and Future Networks (ICUFN), Vienna, Austria, 987-989, 2016.
2 Ficco, Massimo, "Detecting IoT Malware by Markov Chain Behavioral Models," in Proc. of 2019 IEEE International Conference on Cloud Engineering (IC2E), Prague, Czech Republic, 229-234, 2019.
3 Ganesh, Meenu, Priyanka Pednekar, Pooja Prabhuswamy, Divyashri Sreedharan Nair, Younghee Park, and Hyeran Jeon, "CNN-Based Android Malware Detection," in Proc. of 2017 International Conference on Software Security and Assurance (ICSSA), Altoona, PA, 60-65, 2017.
4 Chen, Xiao, Chaoran Li, Derui Wang, Sheng Wen, Jun Zhang, Surya Nepal, Yang Xiang, and Kui Ren, "Android HIV: A Study of Repackaging Malware for Evading Machine-Learning Detection," IEEE Transactions on Information Forensics and Security, 15, 987-1001, 2019.   DOI
5 Xiao, Xi, Zhenlong Wang, Qing Li, Shutao Xia, and Yong Jiang, "Back-Propagation Neural Network on Markov Chains from System Call Sequences: A New Approach for Detecting Android Malware with System Call Sequences," IET Information Security, 11(1), 8-15, 2017.   DOI
6 Zang, Dong, Jinhai Liu, and Huaizhen Wang, "Markov Chain-Based Feature Extraction for Anomaly Detection in Time Series and Its Industrial Application," in Proc. of 2018 Chinese Control and Decision Conference (CCDC), Shenyang, 1059-1063, 2018.
7 Yong, B., Liu, X., Yu, Q., Huang, L., & Zhou, Q, "Malicious Web traffic detection for Internet of Things environments," Computers & Electrical Engineering, 77, 260-272, 2019.   DOI
8 Chereau, Jean P., Bruno Scalzo Dees, and Danilo P. Mandic, "Robust Principal Component Analysis Based on Maximum Correntropy Power Iterations," arXiv:1910.11374 [Cs, Eess, Math, Stat], October 2019.
9 Hadri, Amal, Khalid Chougdali, and Rajae Touahni, "Intrusion Detection System Using PCA and Fuzzy PCA Techniques," in Proc. of 2016 International Conference on Advanced Communication Systems and Information Security (ACOSIS), Marrakesh, Morocco, 1-7, 2016.
10 Tang, Mingdong, and Quan Qian, "Dynamic API Call Sequence Visualisation for Malware Classification," IET Information Security, 13(4), 367-377, 2019.   DOI
11 Xiaofeng, Lu, Jiang Fangshuo, Zhou Xiao, Yi Shengwei, Sha Jing, and Pietro Lio, "ASSCA: API Sequence and Statistics Features Combined Architecture for Malware Detection," Computer Networks, 157, 99-111, 2019.   DOI
12 Alqurashi, Saja, Omar Batarfi, Saudi Arabi, "A comparison between API call sequences and opcode sequences as reflectors of malware behavior," in Proc. of 2017 12th International Conference for Internet Technology and Secured Transactions (ICITST), IEEE, 2017.
13 Mira, Fahad, "A Review Paper of Malware Detection Using API Call Sequences," in Proc. of 2019 2nd International Conference on Computer Applications & Information Security (ICCAIS), Riyadh, Saudi Arabia, 1-6, 2019.
14 Spirtes, Peter L, "Directed Cyclic Graphical Representations of Feedback Models," arXiv:1302.4982 [Cs], February 2013.
15 Naval, Smita, Vijay Laxmi, Muttukrishnan Rajarajan, Manoj Singh Gaur, and Mauro Conti, "Employing Program Semantics for Malware Detection," IEEE Transactions on Information Forensics and Security, 10(12), 2591-2604, 2015.   DOI
16 Yong B, Shen J, Liu X, et al., "An intelligent blockchain-based system for safe vaccine supply and supervision," International Journal of Information Management, 52(2020), 102024, 2020.   DOI
17 A.Saeed, Imtithal, Ali Selamat, and Ali M. A. Abuagoub, "A Survey on Malware and Malware Detection Systems," International Journal of Computer Applications, 67(16), 25-31, 2013.   DOI
18 Bazrafshan, Zahra, Hashem Hashemi, Seyed Mehdi Hazrati Fard, and Ali Hamzeh, "A Survey on Heuristic Malware Detection Techniques," in Proc. of The 5th Conference on Information and Knowledge Technology, shiraz, Iran, 113-120, 2013.
19 Ye, Yanfang, Tao Li, Donald Adjeroh, and S. Sitharama Iyengar. 2017, "A Survey on Malware Detection Using Data Mining Techniques," ACM Computing Surveys, 50(3), 1-40, 2017.
20 Ma, Xin, Shize Guo, Wei Bai, Jun Chen, Shiming Xia, and Zhisong Pan, "An API Semantics-Aware Malware Detection Method Based on Deep Learning," Security and Communication Networks, 2019.
21 Onwuzurike, Lucky, Enrico Mariconti, Panagiotis Andriotis, Emiliano De Cristofaro, Gordon Ross, and Gianluca Stringhini, "MaMaDroid: Detecting Android Malware by Building Markov Chains of Behavioral Models (Extended Version)," ACM Transactions on Privacy and Security, 22(2), 1-34, 2019.
22 Shlens, Jonathon, "A Tutorial on Principal Component Analysis," arXiv:1404.1100 [Cs, Stat], April 2014.
23 Xiang, Yiyao, Lei Li, and Wanting Zhou, "Random Forest Classifier for Hardware Trojan Detection," in Proc. of 2019 12th International Symposium on Computational Intelligence and Design (ISCID), Hangzhou, China, 134-137, 2019.
24 Habi, Hai Victor, and Hagit Messer, "RNN Models for Rain Detection," in Proc. of 2019 IEEE International Workshop on Signal Processing Systems (SiPS), Nanjing, China, 184-88, 2019.
25 Liu, Liang, Jianchang Liu, Xia Yu, Honghai Wang, and Zhaoqiang Chen, "A multivariate monitoring method based on PCA and Dual Control Chart," in Proc. of 2019 Chinese Control And Decision Conference (CCDC), IEEE, 2019.
26 Patil, Siddalingeshwar, and Umakant Kulkarni, "Accuracy Prediction for Distributed Decision Tree Using Machine Learning Approach," in Proc. of 2019 3rd International Conference on Trends in Electronics and Informatics (ICOEI), Tirunelveli, India, 1365-1371, 2019.
27 Zhou, Q., Yong, B., Lv, Q., Shen, J., & Wang, X., "Deep Autoencoder for Mass Spectrometry Feature Learning and Cancer Detection," IEEE Access, 8, 45156-45166, 2020.   DOI
28 Bradley, Andrew P, "The Use of the Area Under the ROC Curve in the Evaluation of Machine Learning Algorithms," Pattern Recognition, 30 (7), 1145-1159, 1997.   DOI