Skip to main content
SpringerLink
Log in

A Novel Malware Detection and Classification Method Based on Capsule Network

  • Conference paper
  • First Online:
Artificial Intelligence and Security (ICAIS 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11632))

Included in the following conference series:

Abstract

By using camouflage technologies such as code confusion, packing and signature, malware could escape the killing of anti-virus software with a high probability. To detect malware efficiently, traditional machine learning methods usually require complex feature extraction work in advance, CNN and other deep learning methods usually need a large number of labeled samples, all of these will affect the detection performance. For these problems, an improved deep learning method (ColCaps) based on malware color image visualization technology and capsule network is proposed in this paper to detect malware. Firstly, the malware is transformed into a color image. Then, the dynamic routing-based capsule network is used to detect and classify the color image. Without advanced feature extraction and with only a small number of labeled samples, ColCaps has better performances in cross-platform detection and classification. The experimental results show that, the detection accuracy of the proposed method on Android and Windows platforms is 99.3% and 96.5% respectively, which is 20% higher than that of the existing method. Meanwhile, the classification task in Drebin dataset has an accuracy of 98.2%, which is a significant improvement over the prior DREBIN.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Symantec: 2018-Internet-Security-Treat-Report. Symante (2018). https://www.symantec.com/content/dam/symantec/docs/reports/istr-23-executive-summary-en.pdf

  2. Li, T., Dong, H., Yuan, C.: Description of Android malware feature based on Dalvik instructions. J. Comput. Res. Dev. 51(7), 1458–1466 (2014)

    Google Scholar 

  3. Jieren, C., Ruomeng, X., Xiangyan, T.: An abnormal network flow feature sequence prediction approach for DDoS attacks detection in big data environment. CMC: Comput. Mater. Continua 55(1), 095–119 (2018)

    Google Scholar 

  4. Okane, P., Sezer, S., McLaughlin, K.: Obfuscation: the hidden malware. IEEE Secur. Priv. 9(5), 41–47 (2011)

    Article  Google Scholar 

  5. Ki, Y., Kim, E., Kim, H.: A novel approach to detect malware based on API call sequence analysis. Taylor & Francis, Inc. (2015)

    Google Scholar 

  6. Enck, W., Gilbert, P., Han, S.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Usenix Conference on Operating Systems Design & Implementation, pp. 393–407 (2014)

    Google Scholar 

  7. Zhou, Y., Wang, Z., Zhou, W.: Hey, you, get off of my market: detecting malicious apps in official and alternative Android Markets. In: Proceedings of Annual Network & Distributed System Security Symposium (2012)

    Google Scholar 

  8. Yan, L., Yin, H.: DroidScope: seamlessly reconstructing the OS and Dalvik semantic views for dynamic android malware analysis. In: Proceedings of the 21st USENIX Conference on Security Symposium, p. 29. USENIX Association (2012)

    Google Scholar 

  9. Yang, C., Xu, Z., Gu, G., Yegneswaran, V., Porras, P.: DroidMiner: automated mining and characterization of fine-grained malicious behaviors in Android applications. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8712, pp. 163–182. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11203-9_10

    Chapter  Google Scholar 

  10. Alam, M., Vuong, S.: Random Forest classification for detecting Android malware. In: Proceedings of IEEE International Conference on Green Computing and Communications and IEEE Internet of Things and IEEE Cyber, Physical and Social Computing, pp. 663–669. IEEE Computer Society (2013)

    Google Scholar 

  11. Yerima, S., Sezer, S., Mcwilliams, G.: Analysis of Bayesian classification-based approaches for Android malware detection. Inf. Secur. IET 8(1), 25–36 (2016)

    Article  Google Scholar 

  12. Yerima, S., Sezer, S., Mcwilliams, G.: A new Android malware detection approach using Bayesian classification. In: Proceedings of International Conference on Advanced Information NETWORKING and Applications, pp. 121–128. IEEE Computer Society (2013)

    Google Scholar 

  13. Yuhong, Z., Qinqin, W., Yuling, L., Xindong, W.: Sentiment classification based on piecewise pooling convolutional neural network. CMC: Comput. Mater. Continua 56(2), 285–297 (2018)

    Google Scholar 

  14. Saxe, J., Berlin, K.: Deep neural network based malware detection using two dimensional binary program features. In: Proceedings of the 10th International Conference on Malicious and Unwanted Software, pp. 11–20 (2015)

    Google Scholar 

  15. Jiang, C., Hu, Y., Si, K.: An malicious file detection method based on image texture and convolutional neural network. J. Comput. Appl. 1001–9081 (2018)

    Google Scholar 

  16. Nataraj, L., Karthikeyan, S., Jacob, G.: Malware images: visualization and automatic classification. In: Proceedings of International Symposium on Visualization for Cyber Security, pp. 1–7. ACM (2011)

    Google Scholar 

  17. Edgar, X., Selina, B., Yang, J.: Capsule network performance on complex data. arXiv preprint, arXiv:1712.03480 (2017)

  18. Sara, S., Nicholas, F., Geoffrey, H.: Dynamic routing between capsules. In: Advances in Neural Information Processing Systems, pp. 3859–3869 (2017)

    Google Scholar 

  19. Dilin, W., Qiang, L.: An optimization view on dynamic routing between capsules. In: Proceedings of the 6th International Conference on Learning Representations (2018)

    Google Scholar 

  20. Hinton, G.E., Krizhevsky, A., Wang, Sida D.: Transforming auto-encoders. In: Honkela, T., Duch, W., Girolami, M., Kaski, S. (eds.) ICANN 2011. LNCS, vol. 6791, pp. 44–51. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-21735-7_6

    Chapter  Google Scholar 

  21. Kumar, A.D.: Novel deep learning model for traffic sign detection using capsule networks. ArXiv preprint (2018)

    Google Scholar 

  22. Wongsuphasawat, K., Smilkov, D., Wexler, J.: Visualizing dataflow graphs of deep learning models in TensorFlow. IEEE Trans. Vis. Comput. Graph. 24(3), 1–12 (2018)

    Article  Google Scholar 

  23. Hu, W., Tan, Y.: Generating adversarial malware examples for black-box attacks based on GAN. arXiv preprint, arXiv:1702.05983 (2017)

  24. Hu, W., Tan, Y.: Black-box attacks against RNN based malware detection algorithms. arXiv preprint, arXiv:1705.0813 (2017)

  25. Arp, D., Spreitzenbarth, M., Hübner, M.: DREBIN: effective and explainable detection of Android malware in your pocket. In: Network and Distributed System Security Symposium (2014)

    Google Scholar 

  26. Ronen, R., Radu, M., Feuerstein, C.: Microsoft malware classification challenge. arXiv preprint, arXiv:1702.10135 (2018)

  27. Huang, D., Kao, Y.: R2-D2: color-inspired convolutional neural network (CNN)-based Android malware detections. arXiv preprint, arXiv:1705.04448 (2017)

  28. Liu, X., Lin, Y., Li, H.: Adversarial examples: attacks on machine learning-based malware visualization detection methods. arXiv preprint, arXiv:1808.01546 (2018)

Download references

Author information

Authors and Affiliations

  1. China State Key Laboratory of Mathematical Engineering and Advanced Computer, Zhengzhou, 450001, China

    Shu-wei Wang, Gang Zhou, Ji-cang Lu & Feng-juan Zhang

Authors
  1. Shu-wei Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gang Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ji-cang Lu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Feng-juan Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shu-wei Wang .

Editor information

Editors and Affiliations

  1. Nanjing University of Information Science and Technology, Nanjing, China

    Xingming Sun

  2. Nanjing University of Information Science and Technology, Nanjing, China

    Zhaoqing Pan

  3. Purdue University, West Lafayette, IN, USA

    Elisa Bertino

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Wang, Sw., Zhou, G., Lu, Jc., Zhang, Fj. (2019). A Novel Malware Detection and Classification Method Based on Capsule Network. In: Sun, X., Pan, Z., Bertino, E. (eds) Artificial Intelligence and Security. ICAIS 2019. Lecture Notes in Computer Science(), vol 11632. Springer, Cham. https://doi.org/10.1007/978-3-030-24274-9_52

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-24274-9_52

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-24273-2

  • Online ISBN: 978-3-030-24274-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation