Abstract
By using camouflage technologies such as code confusion, packing and signature, malware could escape the killing of anti-virus software with a high probability. To detect malware efficiently, traditional machine learning methods usually require complex feature extraction work in advance, CNN and other deep learning methods usually need a large number of labeled samples, all of these will affect the detection performance. For these problems, an improved deep learning method (ColCaps) based on malware color image visualization technology and capsule network is proposed in this paper to detect malware. Firstly, the malware is transformed into a color image. Then, the dynamic routing-based capsule network is used to detect and classify the color image. Without advanced feature extraction and with only a small number of labeled samples, ColCaps has better performances in cross-platform detection and classification. The experimental results show that, the detection accuracy of the proposed method on Android and Windows platforms is 99.3% and 96.5% respectively, which is 20% higher than that of the existing method. Meanwhile, the classification task in Drebin dataset has an accuracy of 98.2%, which is a significant improvement over the prior DREBIN.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Symantec: 2018-Internet-Security-Treat-Report. Symante (2018). https://www.symantec.com/content/dam/symantec/docs/reports/istr-23-executive-summary-en.pdf
Li, T., Dong, H., Yuan, C.: Description of Android malware feature based on Dalvik instructions. J. Comput. Res. Dev. 51(7), 1458–1466 (2014)
Jieren, C., Ruomeng, X., Xiangyan, T.: An abnormal network flow feature sequence prediction approach for DDoS attacks detection in big data environment. CMC: Comput. Mater. Continua 55(1), 095–119 (2018)
Okane, P., Sezer, S., McLaughlin, K.: Obfuscation: the hidden malware. IEEE Secur. Priv. 9(5), 41–47 (2011)
Ki, Y., Kim, E., Kim, H.: A novel approach to detect malware based on API call sequence analysis. Taylor & Francis, Inc. (2015)
Enck, W., Gilbert, P., Han, S.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Usenix Conference on Operating Systems Design & Implementation, pp. 393–407 (2014)
Zhou, Y., Wang, Z., Zhou, W.: Hey, you, get off of my market: detecting malicious apps in official and alternative Android Markets. In: Proceedings of Annual Network & Distributed System Security Symposium (2012)
Yan, L., Yin, H.: DroidScope: seamlessly reconstructing the OS and Dalvik semantic views for dynamic android malware analysis. In: Proceedings of the 21st USENIX Conference on Security Symposium, p. 29. USENIX Association (2012)
Yang, C., Xu, Z., Gu, G., Yegneswaran, V., Porras, P.: DroidMiner: automated mining and characterization of fine-grained malicious behaviors in Android applications. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8712, pp. 163–182. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11203-9_10
Alam, M., Vuong, S.: Random Forest classification for detecting Android malware. In: Proceedings of IEEE International Conference on Green Computing and Communications and IEEE Internet of Things and IEEE Cyber, Physical and Social Computing, pp. 663–669. IEEE Computer Society (2013)
Yerima, S., Sezer, S., Mcwilliams, G.: Analysis of Bayesian classification-based approaches for Android malware detection. Inf. Secur. IET 8(1), 25–36 (2016)
Yerima, S., Sezer, S., Mcwilliams, G.: A new Android malware detection approach using Bayesian classification. In: Proceedings of International Conference on Advanced Information NETWORKING and Applications, pp. 121–128. IEEE Computer Society (2013)
Yuhong, Z., Qinqin, W., Yuling, L., Xindong, W.: Sentiment classification based on piecewise pooling convolutional neural network. CMC: Comput. Mater. Continua 56(2), 285–297 (2018)
Saxe, J., Berlin, K.: Deep neural network based malware detection using two dimensional binary program features. In: Proceedings of the 10th International Conference on Malicious and Unwanted Software, pp. 11–20 (2015)
Jiang, C., Hu, Y., Si, K.: An malicious file detection method based on image texture and convolutional neural network. J. Comput. Appl. 1001–9081 (2018)
Nataraj, L., Karthikeyan, S., Jacob, G.: Malware images: visualization and automatic classification. In: Proceedings of International Symposium on Visualization for Cyber Security, pp. 1–7. ACM (2011)
Edgar, X., Selina, B., Yang, J.: Capsule network performance on complex data. arXiv preprint, arXiv:1712.03480 (2017)
Sara, S., Nicholas, F., Geoffrey, H.: Dynamic routing between capsules. In: Advances in Neural Information Processing Systems, pp. 3859–3869 (2017)
Dilin, W., Qiang, L.: An optimization view on dynamic routing between capsules. In: Proceedings of the 6th International Conference on Learning Representations (2018)
Hinton, G.E., Krizhevsky, A., Wang, Sida D.: Transforming auto-encoders. In: Honkela, T., Duch, W., Girolami, M., Kaski, S. (eds.) ICANN 2011. LNCS, vol. 6791, pp. 44–51. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-21735-7_6
Kumar, A.D.: Novel deep learning model for traffic sign detection using capsule networks. ArXiv preprint (2018)
Wongsuphasawat, K., Smilkov, D., Wexler, J.: Visualizing dataflow graphs of deep learning models in TensorFlow. IEEE Trans. Vis. Comput. Graph. 24(3), 1–12 (2018)
Hu, W., Tan, Y.: Generating adversarial malware examples for black-box attacks based on GAN. arXiv preprint, arXiv:1702.05983 (2017)
Hu, W., Tan, Y.: Black-box attacks against RNN based malware detection algorithms. arXiv preprint, arXiv:1705.0813 (2017)
Arp, D., Spreitzenbarth, M., Hübner, M.: DREBIN: effective and explainable detection of Android malware in your pocket. In: Network and Distributed System Security Symposium (2014)
Ronen, R., Radu, M., Feuerstein, C.: Microsoft malware classification challenge. arXiv preprint, arXiv:1702.10135 (2018)
Huang, D., Kao, Y.: R2-D2: color-inspired convolutional neural network (CNN)-based Android malware detections. arXiv preprint, arXiv:1705.04448 (2017)
Liu, X., Lin, Y., Li, H.: Adversarial examples: attacks on machine learning-based malware visualization detection methods. arXiv preprint, arXiv:1808.01546 (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Wang, Sw., Zhou, G., Lu, Jc., Zhang, Fj. (2019). A Novel Malware Detection and Classification Method Based on Capsule Network. In: Sun, X., Pan, Z., Bertino, E. (eds) Artificial Intelligence and Security. ICAIS 2019. Lecture Notes in Computer Science(), vol 11632. Springer, Cham. https://doi.org/10.1007/978-3-030-24274-9_52
Download citation
DOI: https://doi.org/10.1007/978-3-030-24274-9_52
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-24273-2
Online ISBN: 978-3-030-24274-9
eBook Packages: Computer ScienceComputer Science (R0)