Skip to main content
SpringerLink
Log in
Book cover

Asia-Pacific Web (APWeb) and Web-Age Information Management (WAIM) Joint Conference on Web and Big Data

APWeb-WAIM 2017: Web and Big Data pp 31–42Cite as

Deep Analysis and Utilization of Malware’s Social Relation Network for Its Detection

  • Conference paper
  • First Online:

  • 1081 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 10612))

Abstract

To combat with the evolving malware attacks, many research efforts have been conducted on developing intelligent malware detection systems. In most of the existing systems, resting on the analysis of file contents extracted from the file samples (e.g., binary n-grams, system calls), data mining techniques such as classification and clustering have been used for malware detection. However, ignoring the social relations among these file samples (i.e., utilizing file contents only) is a significant limitation of these malware detection methods. In this paper, (1) instead of using file contents extracted from the collected samples, we conduct deep analysis of the social relation network among file samples and study how it can be used for malware detection; (2) resting on the constructed file relation graph, we perform large scale inference by propagating information from the labeled samples (either benign or malicious) to detect newly unknown malware. A comprehensive experimental study on a large collection of file sample relations obtained from Comodo Cloud Security Center is performed to compare various malware detection approaches. Promising experimental results demonstrate that the accuracy and efficiency of our proposed method outperform other alternate data mining based detection techniques.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Bailey, M., Oberheide, J., Andersen, J., Mao, Z.M., Jahanian, F., Nazario, J.: Automated classification and analysis of internet malware. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol. 4637, pp. 178–197. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74320-0_10

  2. Bayer, U., Comparetti, P.M., Hlauschek, C., Kruegel, C., Kirda, E.: Scalable, behavior-based malware clustering. In: NDSS 2009 (2009)

    Google Scholar 

  3. Bayer, U., Moser, A., Kruegel, C., Kirda, E.: Dynamic analysis of malicious code. J. Comput. Virol. 2(1), 67–77 (2006)

    Article  Google Scholar 

  4. Beaucamps, P., Filiol, E.: Malware pattern scanning schemes secure against black box analysis. J. Comput. Virol. 2(1), 35–50 (2006)

    Article  Google Scholar 

  5. Beaucamps, P., Filiol, E.: On the possibility of practically obfuscating programs towards a unified perspective of code protection. J. Comput. Virol. 3(1), 3–21 (2007)

    Article  Google Scholar 

  6. Bishop, C.: Pattern Recognition and Machine Learning. Information Science and Statistics. Springer, New York (2006)

    MATH  Google Scholar 

  7. Chau, D.H., Nachenberg, C., Wilhelm, J., Wright, A., Faloutsos, C.: Polonium: tera-scale graph mining for malware detection. In: SIAM International Conference on Data Mining (SDM) (2011)

    Google Scholar 

  8. Chen, L., Hardy, W., Ye, Y., Li, T.: Analyzing file-to-file relation network in malware detection. In: Wang, J., Cellary, W., Wang, D., Wang, H., Chen, S.-C., Li, T., Zhang, Y. (eds.) WISE 2015. LNCS, vol. 9418, pp. 415–430. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-26190-4_28

  9. Chen, L., Li, T., Abdulhayoglu, M., Ye, Y.: Intelligent malware detection based on file relation graphs. In: Proceedings of the 9th IEEE International Conference on Semantic Computing, pp. 85–92 (2015)

    Google Scholar 

  10. Clarkson, K.L.: Large-scale malware analysis, detection, and signature generation. Ph.D. dissertation, University of Michigan (2011)

    Google Scholar 

  11. CSI: 12th annual edition of the CSI computer crime and security survey. Technical report, Computer Security Institute (2007)

    Google Scholar 

  12. Filiol, E., Jacob, G., Liard, M.: Evaluation methodology and theoretical model for antiviral behavioural detection strategies. J. Comput. Virol. 3(1), 27–37 (2007)

    Article  Google Scholar 

  13. Jung, W., Kim, S., Choi, S.: Poster: deep learning for zero-day flash malware detection. In: S&P 2015 (2015)

    Google Scholar 

  14. 2013–2014 Internet security report in China (2014). http://www.ijinshan.com/news/2014011401.shtml

  15. Kolter, J.Z., Maloof, M.A.: Learning to detect malicious executables in the wild. In: KDD 2004, pp. 470–478 (2004)

    Google Scholar 

  16. Li, Y., Ma, R., Jiao, R.: A hybrid malicious code detection method based on deep learning. IJSIA 9, 205–216 (2015)

    Article  Google Scholar 

  17. McGlohon, M., Bay, S., Anderle, M.G., Steier, D.M., Faloutsos, C.: Snare: a link analytic system for graph labeling and risk detection. In: KDD 2009 (2009)

    Google Scholar 

  18. Noorshams, N., Wainwright, M.J.: Belief propagation for continuous state spaces: stochastic message-passing with quantitative guarantees. J. Mach. Learn. Res. 14(1), 2799–2835 (2013)

    MATH  MathSciNet  Google Scholar 

  19. Pearl, J.: Reverend bayes on inference engines: a distributed hierarchical approach. In: Proceedings of the Second National Conference on Artificial Intelligence, pp. 133–136 (1982)

    Google Scholar 

  20. Reddy, D.K.S., Pujari, A.K.: N-gram analysis for computer virus detection. J. Comput. Virol. 2(3), 231–239 (2006)

    Article  Google Scholar 

  21. Shah, S., Jani, H., Shetty, S., Bhowmick, K.: Virus detection using artificial neural networks. Int. J. Comput. Appl. 84, 17–23 (2013)

    Google Scholar 

  22. Tamersoy, A., Roundy, K., Chau, D.H.: Guilt by association: large scale malware detection by mining file-relation graphs. In: KDD 2014 (2014)

    Google Scholar 

  23. Zeus: a persistent criminal enterprise (2010). http://www.trendmicro.com/cloudcontent/us/pdfs/security-intelligence/white-papers/wpzeuspersistent-criminal-enterprise.pdf

  24. Venzhega, A., Zhinalieva, P., Suboch, N.: Graph-based malware distributors detection. In: WWW 2013 (2013)

    Google Scholar 

  25. Wang, J., Deng, P., Fan, Y., Jaw, L., Liu, Y.: Virus detection using data mining techniques. In: ICDM (2003)

    Google Scholar 

  26. Ye, Y., Li, T., Chen, Y., Jiang, Q.: Automatic malware categorization using cluster ensemble. In: KDD 2010, pp. 95–104 (2010)

    Google Scholar 

  27. Ye, Y., Li, T., Zhu, S., Zhuang, W., Tas, E., Gupta, U., Abdulhayoglu, M.: Combining file content and file relations for cloud based malware detection. In: KDD 2011, pp. 222–230 (2011)

    Google Scholar 

  28. Ye, Y., Li, T., Jiang, Q., Han, Z., Wan, L.: Intelligent file scoring system for malware detection from the gray list. In: KDD 2009 (2009)

    Google Scholar 

  29. Ye, Y., Wang, D., Ye, D.: IMDS: intelligent malware detection system. In: KDD 2007, pp. 1043–1047 (2007)

    Google Scholar 

  30. Yedidia, J.S., Freeman, W.T., Weiss, Y.: Understanding belief propagation and its generalizations. Morgan Kaufmann Publishers Inc., San Francisco, CA, USA (2003)

    Google Scholar 

Download references

Acknowledgments

The authors would also like to thank the anti-malware experts of Comodo Security Lab for the data collection as well as helpful discussions and supports. The work of S. Hou, Lingwei Chen, and Y. Ye is supported by the U.S. National Science Foundation under grant CNS-1618629; the work of Lifei Chen is supported by the Chinese National Science Foundation under grant 61672157.

Author information

Authors and Affiliations

  1. Department of Computer Science and Electrical Engineering, West Virginia University, Morgantown, WV, 26506, USA

    Shifu Hou, Lingwei Chen & Yanfang Ye

  2. School of Mathematics and Computer Science, Fujian Normal University, Fuzhou, 350117, Fujian, China

    Lifei Chen

Authors
  1. Shifu Hou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lingwei Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yanfang Ye
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Lifei Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yanfang Ye .

Editor information

Editors and Affiliations

  1. Tsinghua University, Beijing, China

    Shaoxu Song

  2. George Mason University, Fairfax, Virginia, USA

    Matthias Renz

  3. Kangwon National University, Chuncheon, Korea (Republic of)

    Yang-Sae Moon

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Hou, S., Chen, L., Ye, Y., Chen, L. (2017). Deep Analysis and Utilization of Malware’s Social Relation Network for Its Detection. In: Song, S., Renz, M., Moon, YS. (eds) Web and Big Data. APWeb-WAIM 2017. Lecture Notes in Computer Science(), vol 10612. Springer, Cham. https://doi.org/10.1007/978-3-319-69781-9_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-69781-9_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-69780-2

  • Online ISBN: 978-3-319-69781-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation