Malware Detection Based on Deep Learning of Behavior Graphs

The Internet of Things (IoT) provides various benefits, which makes smart device even closer. With more and more smart devices in IoT, security is not a one-device affair. Many attacks targeted at traditional computers in IoT environment may also aim at other IoT devices. In this paper, we consider an approach to protect IoT devices from being attacked by local computers. In response to this issue, we propose a novel behavior-based deep learning framework (BDLF) which is built in cloud platform for detecting malware in IoT environment. In the proposed BDLF, we first construct behavior graphs to provide efficient information of malware behaviors using extracted API calls. We then use a neural network-Stacked AutoEncoders (SAEs) for extracting high-level features from behavior graphs. The layers of SAEs are inserted one after another and the last layer is connected to some added classifiers. The architecture of the SAEs is 6,000-2,000-500. The experiment results demonstrate that the proposed BDLF can learn the semantics of higher-level malicious behaviors from behavior graphs and further increase the average detection precision by 1.5%.

[1]  Lionel C. Briand,et al.  A scalable approach for malware detection through bounded feature space behavior modeling , 2013, 2013 28th IEEE/ACM International Conference on Automated Software Engineering (ASE).

[2]  Christopher Krügel,et al.  A quantitative study of accuracy in system call-based malware detection , 2012, ISSTA 2012.

[3]  Qinghua Zheng,et al.  Android Malware Familial Classification and Representative Sample Selection via Frequent Subgraph Analysis , 2018, IEEE Transactions on Information Forensics and Security.

[4]  Wei Zhang,et al.  Semantics-Based Online Malware Detection: Towards Efficient Real-Time Protection Against Malware , 2016, IEEE Transactions on Information Forensics and Security.

[5]  Qing Liu,et al.  Down image recognition based on deep convolutional neural network , 2018, Information Processing in Agriculture.

[6]  Jin Kwak,et al.  Automatic malware mutant detection and group classification based on the n-gram and clustering coefficient , 2015, The Journal of Supercomputing.

[7]  Razvan Pascanu,et al.  Malware classification with recurrent networks , 2015, 2015 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[8]  Nikolaos Doulamis,et al.  Stacked Autoencoders for Outlier Detection in Over-the-Horizon Radar Signals , 2017, Comput. Intell. Neurosci..

[9]  Rajkumar Buyya,et al.  CloudEyes: Cloud‐based malware detection with reversible sketch for resource‐constrained internet of things (IoT) devices , 2017, Softw. Pract. Exp..

[10]  Lwin Khin Shar,et al.  Scalable malware clustering through coarse-grained behavior modeling , 2012, SIGSOFT FSE.

[11]  B. Aditya Prakash,et al.  Graphs for Malware Detection : The Next Frontier , 2017 .

[12]  Deepti Vidyarthi,et al.  Malware Detection Using API Function Frequency with Ensemble Based Classifier , 2013, SSCC.

[13]  Bazara I. A. Barry,et al.  Improving the Detection of Malware Behaviour Using Simplified Data Dependent API Call Graph , 2013 .

[14]  Claudia Eckert,et al.  Deep Learning for Classification of Malware System Call Sequences , 2016, Australasian Conference on Artificial Intelligence.

[15]  Engin Kirda,et al.  UNVEIL: A large-scale, automated approach to detecting ransomware (keynote) , 2016, SANER.

[16]  Yudong Zhang,et al.  Binary PSO with mutation operator for feature selection using decision tree applied to spam detection , 2014, Knowl. Based Syst..

[17]  Christopher Krügel,et al.  Scalable, Behavior-Based Malware Clustering , 2009, NDSS.

[18]  Lida Xu,et al.  The internet of things: a survey , 2014, Information Systems Frontiers.

[19]  Kaiming He,et al.  Faster R-CNN: Towards Real-Time Object Detection with Region Proposal Networks , 2015, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[20]  Jemal H. Abawajy,et al.  Malware Threats and Detection for Industrial Mobile-IoT Networks , 2018, IEEE Access.

[21]  Luigi Alfredo Grieco,et al.  Security, privacy and trust in Internet of Things: The road ahead , 2015, Comput. Networks.

[22]  Wanlei Zhou,et al.  Control Flow-Based Malware VariantDetection , 2014, IEEE Transactions on Dependable and Secure Computing.

[23]  Sachchidanand Singh,et al.  Internet of Things (IoT): Security challenges, business opportunities & reference architecture for E-commerce , 2015, 2015 International Conference on Green Computing and Internet of Things (ICGCIoT).

[24]  Youssef B. Mahdy,et al.  Behavior-based features model for malware detection , 2016, Journal of Computer Virology and Hacking Techniques.

[25]  Zhenlong Yuan,et al.  DroidDetector: Android Malware Characterization and Detection Using Deep Learning , 2016 .

[26]  Yanfang Ye,et al.  DL 4 MD : A Deep Learning Framework for Intelligent Malware Detection , 2016 .

[27]  Lukáš Vařeka,et al.  Stacked Autoencoders for the P300 Component Detection , 2017, Front. Neurosci..

[28]  Nathan S. Netanyahu,et al.  DeepSign: Deep learning for automatic malware signature generation and classification , 2015, 2015 International Joint Conference on Neural Networks (IJCNN).

[29]  Wenyi Huang,et al.  MtNet: A Multi-Task Neural Network for Dynamic Malware Classification , 2016, DIMVA.

[30]  Antonio Iera,et al.  The Internet of Things: A survey , 2010, Comput. Networks.

[31]  Jun Yu,et al.  Coupled Deep Autoencoder for Single Image Super-Resolution , 2017, IEEE Transactions on Cybernetics.

[32]  Kouichi Sakurai,et al.  Lightweight Classification of IoT Malware Based on Image Recognition , 2018, 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC).

[33]  Thomas Brox,et al.  U-Net: Convolutional Networks for Biomedical Image Segmentation , 2015, MICCAI.

[34]  Nikolaos Doulamis,et al.  Deep Learning for Computer Vision: A Brief Review , 2018, Comput. Intell. Neurosci..

[35]  Wu Liu,et al.  Behavior-Based Malware Analysis and Detection , 2011, 2011 First International Workshop on Complexity and Data Mining.

[36]  Ning Zhang,et al.  Efficient Signature Generation for Classifying Cross-Architecture IoT Malware , 2018, 2018 IEEE Conference on Communications and Network Security (CNS).

[37]  Dong Xiang,et al.  Information-theoretic measures for anomaly detection , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[38]  Christopher Krügel,et al.  Effective and Efficient Malware Detection at the End Host , 2009, USENIX Security Symposium.

[39]  Bazara I. A. Barry,et al.  Enhancing the Detection of Metamorphic Malware using Call Graphs , 2015 .

[40]  Eunjin Kim,et al.  A Novel Approach to Detect Malware Based on API Call Sequence Analysis , 2015, Int. J. Distributed Sens. Networks.

[41]  Jun Yu,et al.  Multitask Autoencoder Model for Recovering Human Poses , 2018, IEEE Transactions on Industrial Electronics.