Abstract
With the phenomenon of code reuse is becoming more widespread in the same malicious family, this paper proposed a method to detect malicious code using a novel neural net. To implement our proposed detection method, malicious code was transformed into RGB images according to its binary sequence. Then, because of code reuse features can be revealed in the image, the images were identified and classified automatically using a flexible and lightweight neural net. In addition, we utilized dropout algorithm to address the data imbalance among different malware families. The experimental results demonstrated that our model performs well in accuracy and rate of convergence as compared with other models.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Symantec: Internet Security Threat Report (2017)
Anderson, B., Lane, T., Hash, C.: Malware phylogenetics based on the multiview graphical lasso. In: Advances in Intelligent Data Analysis Xiii, vol. 8819, pp. 1–12 (2014)
Alazab, M.: Profiling and classifying the behavior of malicious codes. J. Syst. Softw. 100, 91–102 (2015)
Yoo, I.: Visualizing windows executable viruses using self-organizing maps. In: Proceedings of ACM Workshop on Visualization and Data Mining for Computer Security, pp. 154–166 (2004)
Han, K.S., Lim, J.H., Kang, B.: Malware analysis using visualized images and entropy graphs. Int. J. Inf. Secur. 14(1), 1–14 (2015)
Natara, L., Karthikeyan, S., et al.: Malware images: visualization and automatic classification. In: International Symposium on Visualization for Cyber Security (2011)
Cui, Z.H., Xue, F., Cai, X.J., Cao, Y., Wang, G.G., Chen, J.J.: Detection of malicious code variants based on deep learning. IEEE Trans. Ind. Inf. 14(7), 3187–3196 (2018)
Simoyan, K., Zisserman, A.: Very deep convolutional networks for large-scale image recognition. Computer Science (2014)
Chollet, F.: Xception: deep learning with depthwise separable convolutions. In: 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR). IEEE (2017)
Ioffe, S., Szegedy, C.: Batch normalization: accelerating deep network training by reducing internal covariate shift. In: Proceedings of the 32nd International Conference on Machine Learning, pp. 448–456 (2015)
Kingma, D.P., Ba, J.: Adam: a method for stochastic optimization. Computer Science (2014)
Hinton, G.E., Srivastava, N., Krizhevsky, A., et al.: Improving neural networks by preventing co-adaptation of feature detectors. Computer Science (2012)
Acknowledgements
This work is supported by the National Key Research and Development Program of China Under Grants No. 2017YFB0802000, National Cryptography Development Fund of China Under Grants No. MMJJ20170112, the Natural Science Basic Research Plan in Shaanxi Province of china (Grant Nos. 2018JM6028), National Nature Science Foundation of China (Grant Nos. 61772550, 61572521, U1636114, 61402531), Engineering University of PAP’s Funding for Scientific Research Innovation Team (Grant No. KYTD201805).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Bo, W., An, W.X., Yang, S., Ke, N.J. (2020). Detection of Malicious Code Variants Based on a Flexible and Lightweight Net. In: Barolli, L., Hellinckx, P., Natwichai, J. (eds) Advances on P2P, Parallel, Grid, Cloud and Internet Computing. 3PGCIC 2019. Lecture Notes in Networks and Systems, vol 96. Springer, Cham. https://doi.org/10.1007/978-3-030-33509-0_33
Download citation
DOI: https://doi.org/10.1007/978-3-030-33509-0_33
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-33508-3
Online ISBN: 978-3-030-33509-0
eBook Packages: EngineeringEngineering (R0)