Abstract
Malware has become a serious threat to network security. Traditional static analysis methods usually cannot effectively detect packers, obfuscations, and variants. Dynamic analysis is not efficient when dealing with large amounts of malware. Aiming at the shortcomings of the existing methods, this paper proposes a method for analyzing malware based on the capsule network. It uses a supervised learning method to train the capsule network with a large number of malware samples with existing category labels. In the process of constructing features, this paper adopts a method of combining static features and dynamic features to extract the operation code information based on static analysis, and extract the API call sequence information based on general analysis. Both characteristics can well represent the structure and behavior of malware. Then use N-Gram to construct sequence features, visualize the N-Gram sequence, generate malware images, and finally use the capsule network for classification detection. In addition, this paper improves the original capsule network and verifies the effect of the improved model.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Yann, Y.B., Geoffrey, H.: Deep learning. Nature 521(4), 436–444 (2015)
Shin, H.C., et al.: Deep convolutional neural networks for computer-aided detection: CNN architectures, dataset characteristics and transfer learning. IEEE Trans. Med. Imaging 35(5), 1 (2016)
Nikitha, R., Vedhapriyavadhana, R., Anubala, V.P.: Video saliency detection using weight based spatio-temporal features. In: 2018 International Conference on Smart Systems and Inventive Technology (ICSSIT), Tirunelveli, pp. 343–347. IEEE (2018)
Han, W., Xue, J., Wang, Y., Zhu, S., Kong, Z.: Review: build a roadmap for stepping into the field of anti-malware research smoothly. IEEE Access 7, 143573–143596 (2019)
Liu, L., et al.: A static tagging method of malicious code family based on multi-feature. J. Inf. Secur. Res. 4(4), 322–328 (2018)
Song, Y., et al.: Structure and properties of shapememory polyurethane block copolymers. Mach. Learn. 81(2), 179–205 (2017)
Merkel, R., Hoppe, T., Kraetzer, C., Dittmann, J.: Statistical detection of malicious PE-executables for fast offline analysis. In: De Decker, B., Schaumüller-Bichl, I. (eds.) CMS 2010. LNCS, vol. 6109, pp. 93–105. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13241-4_10
Martin, J., Lórencz, R.: Malware detection using a heterogeneous distance function. Comput. Inform. 37(3), 759–780 (2018)
Han, W., et al.: MalInsight: a systematic profiling based malware detection framework. J. Netw. Comput. Appl. 125(1), 236–250 (2019)
Wang, W., et al.: Detecting Android malicious apps and categorizing benign apps with ensemble of classifiers. Future Gener. Comput. Syst. 78(3), 987–994 (2018)
Han, W., et al.: MalDAE: detecting and explaining malware based on correlation and fusion of static and dynamic characteristics. Comput. Secur. 83, 208–233 (2019)
Ye, Y., et al.: An intelligent PE-malware detection system based on association mining. J. Comput. Virol. 4, 323–334 (2008)
Imran, M., Afzal, M.T., Qadir, M.A.: Using hidden markov model for dynamic malware analysis: first impressions. In: International Conference on Fuzzy Systems and Knowledge Discovery, Zhangjiajie, pp. 816–821. IEEE (2016)
Tan, L.N., et al.: Dynamic time warping and sparse representation classification for birdsong phrase classification using limited training data. J. Acoust. Soc. Am. 173(3), 1069–1080 (2015)
Ding, J., et al.: MGeT: malware gene-based malware dynamic analyses. In: Proceedings of the 2017 International Conference on Cryptography, Security and Privacy, Wuhan, pp. 96–101. ACM (2017)
Stokes, J.W., et al.: Detection of prevalent malware families with deep learning. In: 2019 IEEE Military Communications Conference (MILCOM), Norfolk, pp. 1–8, IEEE (2019)
Park, S., et al.: Generative malware outbreak detection. In: 2019 IEEE International Conference on Industrial Technology (ICIT), Melbourne, pp. 1149–1154. IEEE (2019)
Meng, X., et al.: MCSMGS: malware classification model based on deep learning. In: 2017 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), Nanjing, pp. 272–275. IEEE (2017)
Sewak, M., et al.: Comparison of deep learning and the classical machine learning algorithm for the malware detection. In: 19th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD), Busan, pp. 293–296. IEEE (2018)
Acknowledgments
This work was supported by the National Key Research and Development Program of China under Grant 2016QY06X1205.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Wang, Z., Han, W., Lu, Y., Xue, J. (2020). A Malware Classification Method Based on the Capsule Network. In: Chen, X., Yan, H., Yan, Q., Zhang, X. (eds) Machine Learning for Cyber Security. ML4CS 2020. Lecture Notes in Computer Science(), vol 12486. Springer, Cham. https://doi.org/10.1007/978-3-030-62223-7_4
Download citation
DOI: https://doi.org/10.1007/978-3-030-62223-7_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-62222-0
Online ISBN: 978-3-030-62223-7
eBook Packages: Computer ScienceComputer Science (R0)