Abstract
To explore the classification of malware variants, a malware variant detection method is proposed based on the code visualization method and ensemble learning model. First, malware binary data was transformed into a gray-scale image and the GIST texture feature of the image was extracted. Then, KNN (K Nearest Neighbor) and RF (random forest) method are used as base learners and a malware variant classification model was proposed based on the voting learning method. Finally, the integration results were mapped to the final malware classification result. To verify the accuracy of the method, a malware family classification experiment was performed. The results show that the method can reach an accuracy rate of 98.95% and the AUC value of 0.9976, meaning that it can effectively analyze and classify malware variants.
Keywords
Supported by laboratory of Network Security, College of Electronic Engineering, National University of Defense Technology.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
SYMANTEC: Internet security threat report, 16 May 2020. https://www.broadcom.com/support/security-center/publications/threat-report
Cui, Z., Xue, F., Cai, X., Cao, Y., Wang, G., Chen, J.: Detection of malicious code variants based on deep learning. IEEE Trans. Industr. Inf. 14(7), 3187–3196 (2018)
Naeem, H., Guo, B., Ullah, F., Naeem, M.: A cross-platform malware variant classification based on image representation. Ksii Trans. Internet Inf. Syst. 13(7), 3756–3777 (2019)
Naeem, H., Guo, B., Naeem, M.R., Ullah, F., Aldabbas, H., Javed, M.S.: Identification of malicious code variants based on image visualization. Comput. Electr. Eng. 76, 225–237 (2019)
Microsoft Antivirus. Malware names, 10 May 2020. https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/malware-naming
Moskovitch, R., Feher, C., Elovici, Y.: A chronological evaluation of unknown malcode detection. In: IEEE International Conference on Intelligence & Security Informatics (2009)
Raff, E., Nicholas, C.: An alternative to NCD for large sequences, Lempel-ZIV Jaccard distance, pp. 1007–1015 (2017)
Ahmadi, M., Ulyanov, D., Semenov, S., Trofimov, M., Giacinto, G.: Novel feature extraction, selection and fusion for effective malware family classification, pp. 183–194 (2016)
Chen, L., Li, T., Abdulhayoglu, M., Ye, Y.: Intelligent malware detection based on file relation graphs, pp. 85–92 (2015)
Ng, C.K., Jiang, F., Zhang, L.Y., Zhou, W.: Static malware clustering using enhanced deep embedding method. Concurrency Comput. Pract. Exp. 31(19), 1–16 (2019)
Liang, G., Pang, J., Dai, C.: A behavior-based malware variant classification technique. Int. J. Inf. Educ. Technol. 6(4), 291–295 (2016)
Kim, H., Kim, J., Kim, Y., Kim, I., Kim, K.J., Kim, H.: Improvement of malware detection and classification using API call sequence alignment and visualization. Cluster Comput. 22(1), 921–929 (2017). https://doi.org/10.1007/s10586-017-1110-2
Nataraj, L., Karthikeyan, S., Jacob, G., Manjunath, B.S.: Malware images: visualization and automatic classification. In: Proceedings of the 8th International Symposium on Visualization for Cyber Security, pp. 1–7 (2011)
Kosmidis, K., Kalloniatis, C.: Machine learning and images for malware detection and classification, p. 5 (2017)
Hashemi, H., Hamzeh, A.: Visual malware detection using local malicious pattern. J. Comput. Virol. Hacking Tech. 15(1), 1–14 (2018). https://doi.org/10.1007/s11416-018-0314-1
Li, Y., Zuo, Z.H.: An overview of object code obfuscation technologies. Comput. Technol. Dev. 17, 124–127 (2007)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Guo, H. et al. (2020). Classification of Malware Variant Based on Ensemble Learning. In: Chen, X., Yan, H., Yan, Q., Zhang, X. (eds) Machine Learning for Cyber Security. ML4CS 2020. Lecture Notes in Computer Science(), vol 12486. Springer, Cham. https://doi.org/10.1007/978-3-030-62223-7_11
Download citation
DOI: https://doi.org/10.1007/978-3-030-62223-7_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-62222-0
Online ISBN: 978-3-030-62223-7
eBook Packages: Computer ScienceComputer Science (R0)