Machine learning has largely applied to malware detection and classification, due to the ineffectiveness of signature-based method toward rapid malware proliferation. Although state-of-the-art machine learning models ...
详细信息
Machine learning has largely applied to malware detection and classification, due to the ineffectiveness of signature-based method toward rapid malware proliferation. Although state-of-the-art machine learning models tend to achieve high performances, they require a large number of training samples. It is infeasible to train machine learning models with sufficient malware samples while facing newly appeared malware variants. Therefore, it is important for security protectors to train a model given a small set of data, which can identify malware variants based on the similarity function. In addition, security protectors should keep re-training the models on newly-found samples, while the typical machine learning models based on massive data are not efficient for the instant update. Inspired by recent success using Siamese neural networks for one-shot image recognition, we aim to apply the networks to malware image classification task. The implementation includes three main stages: pre-processing, training, and testing. In the pre-processing stage, the system transforms malware samples to the resized gray-scale images and classifies them by average hash in the same family. In the training and testing stages, Siamese networks are trained to rank similarity between samples and the accuracy is calculated through N-way one-shot tasks. The experiment results showed that our networks outperformed the baseline methods. Besides, this paper indicated that our networks were more suitable for malwareimage one-shot learning than typical deep learning models. (C) 2019 The Authors. Published by Elsevier B.V.
Machine learning has largely applied to malware detection and classification, due to the ineffectiveness of signature-based method toward rapid malware proliferation. Although state-of-the-art machine learning models ...
详细信息
Machine learning has largely applied to malware detection and classification, due to the ineffectiveness of signature-based method toward rapid malware proliferation. Although state-of-the-art machine learning models tend to achieve high performances, they require a large number of training samples. It is infeasible to train machine learning models with sufficient malware samples while facing newly appeared malware variants. Therefore, it is important for security protectors to train a model given a small set of data, which can identify malware variants based on the similarity function. In addition, security protectors should keep re-training the models on newly-found samples, while the typical machine learning models based on massive data are not efficient for the instant update. Inspired by recent success using Siamese neural networks for one-shot image recognition, we aim to apply the networks to malware image classification task. The implementation includes three main stages: pre-processing, training, and testing. In the pre-processing stage, the system transforms malware samples to the resized gray-scale images and classifies them by average hash in the same family. In the training and testing stages, Siamese networks are trained to rank similarity between samples and the accuracy is calculated through N-way one-shot tasks. The experiment results showed that our networks outperformed the baseline methods. Besides, this paper indicated that our networks were more suitable for malwareimage one-shot learning than typical deep learning models.
IoT malware is rapidly increasing due to variants easily generated from publicly available source codes. malware image classification capable of fast and accurate malware identification attracts attention. Since the c...
详细信息
ISBN:
(纸本)9798350326970
IoT malware is rapidly increasing due to variants easily generated from publicly available source codes. malware image classification capable of fast and accurate malware identification attracts attention. Since the classification by imaging is affected by malware binary changes, a binary modification without behavioral changes can be a potential attacking method to the classification by imaging. There are concerns that by combining the publicly available malware source code with readily available source code obfuscation tools, it is possible to construct an effective attack that bypasses image classifiers relatively simply. In this study, we show the effectiveness of the attack by source code obfuscation and the possibility of defense against the attack. The contribution of this research is twofold. 1) We showed that Obfuscator-LLVM (oLLVM) code obfuscation could be used as an attack method on malware image classification. The obfuscated malware binaries made by oLLVM were misclassified by VGG16-based image classifier for all the attacked malware families including Mirai, Lightaidra, and Bashlite. 2) We showed that classifier training with obfuscated samples could address this attack method. We confirmed that the malwareimage classifier trained with obfuscated malware binaries made by oLLVM could classify with an accuracy of 100% the malware family with obfuscation as the obfuscated original malware family.
The Internet of Things (IoT) is an extension of the traditional Internet, which allows a very large number of smart devices, such as home appliances, network cameras, sensors and controllers to connect to one another ...
详细信息
ISBN:
(纸本)9781538626672
The Internet of Things (IoT) is an extension of the traditional Internet, which allows a very large number of smart devices, such as home appliances, network cameras, sensors and controllers to connect to one another to share information and improve user experiences. IoT devices are micro-computers for domain-specific computations rather than traditional function-specific embedded devices. This opens the possibility of seeing many kinds of existing attacks, traditionally targeted at the Internet, also directed at IoT devices. As shown by recent events, such as the Mirai and Brickerbot botnets, DDoS attacks have become very common in IoT environments as these lack basic security monitoring and protection mechanisms. In this paper, we propose a novel light-weight approach for detecting DDos malware in IoT environments. We extract the malwareimages (i.e., a one-channel gray-scale image converted from a malware binary) and utilize a light-weight convolutional neural network for classifying their families. The experimental results show that the proposed system can achieve 94.0% accuracy for the classification of goodware and DDoS malware, and 81.8% accuracy for the classification of goodware and two main malware families.
The incidents of malware attacks are continually increasing at a rapid rate, thanks to the lucrative potential in schemes such as ransomware, credential stealing Trojans and cryptominers. Their explosive growth is com...
详细信息
ISBN:
(纸本)9781914587276
The incidents of malware attacks are continually increasing at a rapid rate, thanks to the lucrative potential in schemes such as ransomware, credential stealing Trojans and cryptominers. Their explosive growth is compounded by the ease with which variants can be created from original strains. As a result, anti-virus organisations are struggling to keep up, with some reporting upwards of 14 million samples processed per month. These sheer volumes have caused a shift towards machine learning and artificial intelligence in an effort to alleviate the manual burden of analysis and classification. This research presents a novel framework for the classification of malware into distinct family classes through computer vision and deep learning. In the proposed framework, malware binaries are represented in an abstract form as images mapped through mathematical constructs known as space-filling curves. Convolutional neural networks were constructed and applied to the malwareimages to build predictive models for classification. The models were optimised using an auto-tuning function for the hyper parameters, which included Bayesian Optimisation, Random search and HyperBand, providing an exhaustive search on the hyper parameters. On a training dataset of 13k malware samples from 23 distinct families, the models yielded an average score of 95% for precision, recall and f1-score. The final deep learning model was validated for robustness against a dataset of more recent variants, comprising 12,816 samples from 16 malware families, returning classification scores of 95%, 86% and 90% for precision, recall and f1-score. The final model was demonstrated to outperform a similar benchmark model considerably. The results show the potential of the deep learning framework as a viable solution to the classification of malware, without the need for manually intensive feature generation or invasive processing techniques.
暂无评论