Skip to main content
Springer Nature Link
Log in

An Ensemble Learning System to Mitigate Malware Concept Drift Attacks (Short Paper)

  • Conference paper
  • First Online:
Information Security Practice and Experience (ISPEC 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10701))

  • 3057 Accesses

Abstract

Machine learning is widely used in malware detection systems as a core component. However, machine learning algorithm is based on the assumption that the underlying malware concept is stable for training and testing. The assumption is vulnerable to well-crafted concept drift attacks, such as mimicry attacks, gradient descent attacks, poisoning attacks and so on. This paper proposes an ensemble learning system which combines vertical and horizontal correlation learning models. The significant diversity among vertical and horizontal correlation models increases the difficulty of concept drift attacks. And average p-value assessment is applied to fortify the system to be sensitive to hidden concept drift. The experiment results show that the hybrid system could actively recognize the concept drift among different Miuref variants.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Garcia, Sebastian. Malware Capture Facility Project. Retrieved from https://stratosphereips.org.

References

  1. AV-Test: Malware statistics, September 2017. https://www.av-test.org/en/statistics/malware/

  2. Demontis, A., Melis, M., Biggio, B., Maiorca, D., Arp, D., Rieck, K., Corona, I., Giacinto, G., Roli, F.: Yes, machine learning can be more secure! A case study on android malware detection. IEEE Trans. Dependable Sec. Comput. PP(99), 1 (2017). https://doi.org/10.1109/TDSC.2017.2700270

    Article  Google Scholar 

  3. Lastline, Protect your network from advanced malware that fireeye doesn’t detect (2017). https://go.lastline.com/protect-your-network-from-evasive-malware-webinar.html

  4. Zeng, Y., Shin, K.G., Hu, X.: Design of SMS commanded-and-controlled and P2P-structured mobile botnets. In: Proceedings of the Fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks (WISEC 2012), New York, NY, USA, pp. 137–148. ACM (2012)

    Google Scholar 

  5. Singh, K., Sangal, S., Jain, N., Traynor, P., Lee, W.: Evaluating bluetooth as a medium for botnet command and control. In: Kreibich, C., Jahnke, M. (eds.) DIMVA 2010. LNCS, vol. 6201, pp. 61–80. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14215-4_4

    Chapter  Google Scholar 

  6. Krombholz, K., Hobel, H., Huber, M., Weippl, E.: Advanced social engineering attacks. J. Inf. Secur. Appl. 22, 113–122 (2015). Special Issue on Security of Information and Networks

    Google Scholar 

  7. Yin, T., Zhang, Y., Li, S.: DR-SNBot: a social network-based botnet with strong destroy-resistance. In: IEEE International Conference on Networking, Architecture, and Storage, pp. 191–199 (2014)

    Google Scholar 

  8. Šrndic, N., Laskov, P.: Practical evasion of a learning-based classifier: a case study. In: Proceedings of the 2014 IEEE Symposium on Security and Privacy (SP 2014), Washington, DC, USA, pp. 197–211. IEEE Computer Society (2014)

    Google Scholar 

  9. Biggio, B., Pillai, I., Rota Bulò, S., Ariu, D., Pelillo, M., Roli, F.: Is data clustering in adversarial settings secure? In: Proceedings of the 2013 ACM Workshop on Artificial Intelligence and Security (AISec 2013), New York, NY, USA, pp. 87–98. ACM (2013)

    Google Scholar 

  10. Biggio, B., Rieck, K., Ariu, D., Wressnegger, C., Corona, I., Giacinto, G., Roli, F.: Poisoning behavioral malware clustering. In: Proceedings of the 2014 Workshop on Artificial Intelligent and Security Workshop (AISec 2014), New York, NY, USA, pp. 27–36. ACM (2014)

    Google Scholar 

  11. Gu, G., Porras, P., Yegneswaran, V., Fong, M., Lee, W.: Bothunter: detecting malware infection through ids-driven dialog correlation. In: Proceedings of 16th USENIX Security Symposium. USENIX Association Berkeley, CA (2007)

    Google Scholar 

  12. Tegeler, F., Fu, X., Vigna, G., Kruegel, C.: Botfinder: finding bots in network traffic without deep packet inspection. In: Proceedings of the 8th International Conference on Emerging Networking Experiments and Technologies (CoNEXT 2012), France, pp. 349–360. ACM, New York, December 2012

    Google Scholar 

  13. Arce, I.: The weakest link revisited. IEEE Secur. Priv. 1, 72–76 (2003)

    Article  Google Scholar 

  14. Kantchelian, A., Afroz, S., Huang, L., Islam, A.C., Miller, B., Tschantz, M.C., Greenstadt, R., Joseph, A.D., Tygar, J.D.: Approaches to adversarial drift. In: Proceedings of the 2013 ACM Workshop on Artificial Intelligence and Security (AISec 2013), New York, NY, USA, pp. 99–110. ACM (2013)

    Google Scholar 

  15. Singh, K., Srivastava, A., Giffin, J., Lee, W.: Evaluating email feasibility for botnet command and control. In: IEEE International Conference on Dependable Systems and Networks with FTCS and DCC, Anchorage, AK, pp. 376–385. IEEE, June 2008

    Google Scholar 

  16. Kartaltepe, E.J., Morales, J.A., Xu, S., Sandhu, R.: Social network-based botnet command-and-control: emerging threats and countermeasures. In: Zhou, J., Yung, M. (eds.) ACNS 2010. LNCS, vol. 6123, pp. 511–528. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13708-2_30

    Chapter  Google Scholar 

  17. Wagner, D., Soto, P.: Mimicry attacks on host-based intrusion detection systems. In: Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS 2002), New York, NY, USA, pp. 255–264. ACM (2002)

    Google Scholar 

  18. Srndic, N., Laskov, P.: Practical evasion of a learning-based classier: a case study. In: Proceedings of the 35th IEEE Symposium on Security and Privacy (S&P), San Jose, CA, May 2014

    Google Scholar 

  19. Smutz, C., Stavrou, A.: Malicious PDF detection using metadata and structural features. In: Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC 2012), New York, NY, USA, pp. 239–248. ACM (2012)

    Google Scholar 

  20. Deo, A., Dash, S.K., Suarez-Tangil, G., Vovk, V., Cavallaro, L.: Prescience: probabilistic guidance on the retraining conundrum for malware detection. In: Proceedings of the 2016 ACM Workshop on Artificial Intelligence and Security (AISec 2016), New York, NY, USA, pp. 71–82. ACM (2016)

    Google Scholar 

  21. Jordaney, R., Sharad, K., Dash, S.K., Wang, Z., Papini, D., Nouretdinov, I., Cavallaro, L.: Transcend: detecting concept drift in malware classification models. In: Proceedings of the 26th USENIX Security Symposium (USENIX Security 2017) (2017)

    Google Scholar 

  22. van der Maaten, L., Hinton, G.: Visualizing data using t-SNE. J. Mach. Learn. Res. 9, 2579–2605 (2008)

    MATH  Google Scholar 

Download references

Acknowledgements

This material is based upon the work supported by the Tianjin Research Program of Application Foundation and Advanced Technology under the Grant No. 15JCQNJC41500, and by the Open Project Foundation of Information Security Evaluation Center of Civil Aviation, Civil Aviation University of China under the Grant No. CAAC-ISECCA-201701.

Author information

Authors and Affiliations

  1. College of Computer and Control Engineering, Nankai University, Tianjin, China

    Zhi Wang, Meiqi Tian & Chunfu Jia

  2. Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China

    Junnan Wang

  3. School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China

    Junnan Wang

Authors
  1. Zhi Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Meiqi Tian
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Junnan Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Chunfu Jia
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Chunfu Jia .

Editor information

Editors and Affiliations

  1. Monash University, Clayton, Victoria, Australia

    Joseph K. Liu

  2. University of Milan, Milan, Italy

    Pierangela Samarati

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Wang, Z., Tian, M., Wang, J., Jia, C. (2017). An Ensemble Learning System to Mitigate Malware Concept Drift Attacks (Short Paper). In: Liu, J., Samarati, P. (eds) Information Security Practice and Experience. ISPEC 2017. Lecture Notes in Computer Science(), vol 10701. Springer, Cham. https://doi.org/10.1007/978-3-319-72359-4_46

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-72359-4_46

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-72358-7

  • Online ISBN: 978-3-319-72359-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics