Abstract
Malware variants are expanding at a fast pace and detecting them is a critical problem. According to surveys from McAfee, over 50% of the newly recognized malware are variants of earlier ones. Huge amount of miscellaneous malware variants compelled researchers to find a better model for detecting them. In this work, we propose an extreme learning machine trained model (ELM- MVD) for malware variants detection. We use the dataset comprising benign and malware executable names along with their features represented as a triplet of system calls. Along with that, we demonstrate that features in the form of a triplet vector are optimal while training a model. Feature reduction is done using an alternating direction method of multipliers (ADMM) technique. Finally, training is done on the ELM-MVD model and achieve 99.3% accuracy and 0.003 s detection speed.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Symantec, Internet security threat report (2017)
Kishore, P., Barisal, S.K., Vaish, S.: NITRSCT: a software security tool for collection and analysis of kernel calls. In: IEEE Region 10 Conference (TENCON), pp. 510–515 (2019)
Cesare, S., Xiang, Y.: Malware variant detection using similarity search over sets of control flow graphs. In: IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications, pp. 181–189 (2011)
Fan, M., et al.: Android malware familial classification and representative sample selection via frequent subgraph analysis. IEEE Trans. Inf. Forensics Secur. 13(8), 1890–1905 (2018)
Zhang, J., Qin, Z., Yin, H., Ou, L., Zhang, K.: A feature-hybrid malware variants detection using CNN based opcode embedding and BPNN based API embedding. Comput. Secur. 84, 376–392 (2019)
Zhang, J., Qin, Z., Zhang, K., Yin, H., Zou, J.: Dalvik opcode graph based Android malware variants detection using global topology features. IEEE Access 6, 51964–61974 (2018)
McLaughlin, N., et al.: Deep Android malware detection. In: Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, pp. 301–308 (2017)
Stringhiniq, G., Shen, Y., Han, Y., Zhang, X.: Marmite: spreading malicious file reputation through download graphs. In: Proceedings of the 33rd Annual Computer Security Applications Conference (AC-SAC) (2017)
Raff, E., Barker, J., Sylvester, J., Brandon, R., Catanzaro, B., Nicholas C.: Malware detection by eating a whole EXE. Proceedings of arXiv:1710.09435 (2017)
Kang, B., Yerima, S.Y., McLaughlin, K., Sezer, S.: N-opcode analysis for Android malware classification and categorization. In: Proceedings of International Conference on Cyber Security and Protection of Digital Services (Cyber Security) (2016)
Barisal, S.K., Dutta, A., Godboley, S., Sahoo, B., Mohapatra, D.P.: MC/DC guided test sequence prioritization using firefly algorithm. Evol. Intell., 1–14 (2019)
Rieck, K., Trinius, P., Willems, C., Holz, T.: Automatic analysis of malware behavior using machine learning. J. Comput. Secur. 19(4), 639–668 (2011)
Xu, L., Zhang, D., Alvarez, M.A., Morales, J.A., Ma, X., Cavazos, J.: Dynamic Android malware classification using graph-based representations. In: IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud), pp. 220–231 (2016)
Barisal, S.K., Behera, S.S., Godboley, S., Mohapatra, D.P.: Validating object-oriented software at design phase by achieving MC/DC. Int. J. Syst. Assur. Eng. Manag. 10(4), 811–823 (2019). https://doi.org/10.1007/s13198-019-00815-8
Kolbitsch, C., Comparetti, P.M., Kruegel, C., Kirda, E., Zhou, X.Y., Wang, X.: Effective and efficient malware detection at the end host. In: USENIX Security Symposium, vol. 4, no. 1, pp. 351–366 (2009)
Boyd, S., Parikh, N., Chu, E., Peleato, B., Eckstein, J.: Distributed optimization and statistical learning via the alternating direction method of multipliers. Found. Trends® Mach. Learn. 3(1), 1–122 (2011)
Afonso, M.V., Bioucas-Dias, J.M., Figueiredo, M.A.: An augmented Lagrangian approach to the constrained optimization formulation of imaging inverse problems. IEEE Trans. Image Process. 20(3), 681–695 (2010)
Fernández-Navarro, F., Hervás-Martínez, C., Sanchez-Monedero, J., Gutiérrez, P.A.: MELM-GRBF: a modified version of the extreme learning machine for generalized radial basis function neural networks. Neurocomputing 74(16), 2502–2510 (2011)
Zhang, J., Khan, M.F., Lin, X., Qin, Z.: An optimized positive-unlabeled learning method for detecting a large scale of malware variants. In: IEEE Conference on Dependable and Secure Computing (DSC), pp. 1–8 (2019)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Kishore, P., Barisal, S.K., Reddy, A.G., Mohapatra, D.P. (2020). ELM-MVD: An Extreme Learning Machine Trained Model for Malware Variants Detection. In: Singh, M., Gupta, P., Tyagi, V., Flusser, J., Ören, T., Valentino, G. (eds) Advances in Computing and Data Sciences. ICACDS 2020. Communications in Computer and Information Science, vol 1244. Springer, Singapore. https://doi.org/10.1007/978-981-15-6634-9_26
Download citation
DOI: https://doi.org/10.1007/978-981-15-6634-9_26
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-6633-2
Online ISBN: 978-981-15-6634-9
eBook Packages: Computer ScienceComputer Science (R0)