Abstract
To combat with the evolving malware attacks, many research efforts have been conducted on developing intelligent malware detection systems. In most of the existing systems, resting on the analysis of file contents extracted from the file samples (e.g., binary n-grams, system calls), data mining techniques such as classification and clustering have been used for malware detection. However, ignoring the social relations among these file samples (i.e., utilizing file contents only) is a significant limitation of these malware detection methods. In this paper, (1) instead of using file contents extracted from the collected samples, we conduct deep analysis of the social relation network among file samples and study how it can be used for malware detection; (2) resting on the constructed file relation graph, we perform large scale inference by propagating information from the labeled samples (either benign or malicious) to detect newly unknown malware. A comprehensive experimental study on a large collection of file sample relations obtained from Comodo Cloud Security Center is performed to compare various malware detection approaches. Promising experimental results demonstrate that the accuracy and efficiency of our proposed method outperform other alternate data mining based detection techniques.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Bailey, M., Oberheide, J., Andersen, J., Mao, Z.M., Jahanian, F., Nazario, J.: Automated classification and analysis of internet malware. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol. 4637, pp. 178–197. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74320-0_10
Bayer, U., Comparetti, P.M., Hlauschek, C., Kruegel, C., Kirda, E.: Scalable, behavior-based malware clustering. In: NDSS 2009 (2009)
Bayer, U., Moser, A., Kruegel, C., Kirda, E.: Dynamic analysis of malicious code. J. Comput. Virol. 2(1), 67–77 (2006)
Beaucamps, P., Filiol, E.: Malware pattern scanning schemes secure against black box analysis. J. Comput. Virol. 2(1), 35–50 (2006)
Beaucamps, P., Filiol, E.: On the possibility of practically obfuscating programs towards a unified perspective of code protection. J. Comput. Virol. 3(1), 3–21 (2007)
Bishop, C.: Pattern Recognition and Machine Learning. Information Science and Statistics. Springer, New York (2006)
Chau, D.H., Nachenberg, C., Wilhelm, J., Wright, A., Faloutsos, C.: Polonium: tera-scale graph mining for malware detection. In: SIAM International Conference on Data Mining (SDM) (2011)
Chen, L., Hardy, W., Ye, Y., Li, T.: Analyzing file-to-file relation network in malware detection. In: Wang, J., Cellary, W., Wang, D., Wang, H., Chen, S.-C., Li, T., Zhang, Y. (eds.) WISE 2015. LNCS, vol. 9418, pp. 415–430. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-26190-4_28
Chen, L., Li, T., Abdulhayoglu, M., Ye, Y.: Intelligent malware detection based on file relation graphs. In: Proceedings of the 9th IEEE International Conference on Semantic Computing, pp. 85–92 (2015)
Clarkson, K.L.: Large-scale malware analysis, detection, and signature generation. Ph.D. dissertation, University of Michigan (2011)
CSI: 12th annual edition of the CSI computer crime and security survey. Technical report, Computer Security Institute (2007)
Filiol, E., Jacob, G., Liard, M.: Evaluation methodology and theoretical model for antiviral behavioural detection strategies. J. Comput. Virol. 3(1), 27–37 (2007)
Jung, W., Kim, S., Choi, S.: Poster: deep learning for zero-day flash malware detection. In: S&P 2015 (2015)
2013–2014 Internet security report in China (2014). http://www.ijinshan.com/news/2014011401.shtml
Kolter, J.Z., Maloof, M.A.: Learning to detect malicious executables in the wild. In: KDD 2004, pp. 470–478 (2004)
Li, Y., Ma, R., Jiao, R.: A hybrid malicious code detection method based on deep learning. IJSIA 9, 205–216 (2015)
McGlohon, M., Bay, S., Anderle, M.G., Steier, D.M., Faloutsos, C.: Snare: a link analytic system for graph labeling and risk detection. In: KDD 2009 (2009)
Noorshams, N., Wainwright, M.J.: Belief propagation for continuous state spaces: stochastic message-passing with quantitative guarantees. J. Mach. Learn. Res. 14(1), 2799–2835 (2013)
Pearl, J.: Reverend bayes on inference engines: a distributed hierarchical approach. In: Proceedings of the Second National Conference on Artificial Intelligence, pp. 133–136 (1982)
Reddy, D.K.S., Pujari, A.K.: N-gram analysis for computer virus detection. J. Comput. Virol. 2(3), 231–239 (2006)
Shah, S., Jani, H., Shetty, S., Bhowmick, K.: Virus detection using artificial neural networks. Int. J. Comput. Appl. 84, 17–23 (2013)
Tamersoy, A., Roundy, K., Chau, D.H.: Guilt by association: large scale malware detection by mining file-relation graphs. In: KDD 2014 (2014)
Zeus: a persistent criminal enterprise (2010). http://www.trendmicro.com/cloudcontent/us/pdfs/security-intelligence/white-papers/wpzeuspersistent-criminal-enterprise.pdf
Venzhega, A., Zhinalieva, P., Suboch, N.: Graph-based malware distributors detection. In: WWW 2013 (2013)
Wang, J., Deng, P., Fan, Y., Jaw, L., Liu, Y.: Virus detection using data mining techniques. In: ICDM (2003)
Ye, Y., Li, T., Chen, Y., Jiang, Q.: Automatic malware categorization using cluster ensemble. In: KDD 2010, pp. 95–104 (2010)
Ye, Y., Li, T., Zhu, S., Zhuang, W., Tas, E., Gupta, U., Abdulhayoglu, M.: Combining file content and file relations for cloud based malware detection. In: KDD 2011, pp. 222–230 (2011)
Ye, Y., Li, T., Jiang, Q., Han, Z., Wan, L.: Intelligent file scoring system for malware detection from the gray list. In: KDD 2009 (2009)
Ye, Y., Wang, D., Ye, D.: IMDS: intelligent malware detection system. In: KDD 2007, pp. 1043–1047 (2007)
Yedidia, J.S., Freeman, W.T., Weiss, Y.: Understanding belief propagation and its generalizations. Morgan Kaufmann Publishers Inc., San Francisco, CA, USA (2003)
Acknowledgments
The authors would also like to thank the anti-malware experts of Comodo Security Lab for the data collection as well as helpful discussions and supports. The work of S. Hou, Lingwei Chen, and Y. Ye is supported by the U.S. National Science Foundation under grant CNS-1618629; the work of Lifei Chen is supported by the Chinese National Science Foundation under grant 61672157.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Hou, S., Chen, L., Ye, Y., Chen, L. (2017). Deep Analysis and Utilization of Malware’s Social Relation Network for Its Detection. In: Song, S., Renz, M., Moon, YS. (eds) Web and Big Data. APWeb-WAIM 2017. Lecture Notes in Computer Science(), vol 10612. Springer, Cham. https://doi.org/10.1007/978-3-319-69781-9_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-69781-9_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-69780-2
Online ISBN: 978-3-319-69781-9
eBook Packages: Computer ScienceComputer Science (R0)