Skip to main content
Springer Nature Link
Log in

A Method for Windows Malware Detection Based on Deep Learning

  • Published:
Journal of Signal Processing Systems Aims and scope Submit manuscript

Abstract

As the Internet rapidly develops, the types and quantity of malware continue to diversify and increase, and the technology of evading security software is becoming more and more advanced. This paper proposes a malware detection method based on deep learning, which combines malware visualization technology with convolutional neural network. The structure of neural network is based on VGG16 network. This paper proposes the hybrid visualization of malware, combining static and dynamic analysis. In hybrid visualization, we use the Cuckoo Sandbox to carry out dynamic analysis on the samples, convert the dynamic analysis results into a visualization image according to a designed algorithm, and train the neural network on static and hybrid visualization images. Finally, we test the performance of the malware detection method we propose, evaluating its effectiveness on detecting unknown malware.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Figure 1
Figure 2
Figure 3
Figure 4
Figure 5

Similar content being viewed by others

References

  1. Damodaran, A., Di Troia, F., Visaggio, C. A., Austin, T. H., & Stamp, M. (2017). A comparison of static, dynamic, and hybrid analysis for malware detection. Journal of Computer Virology and Hacking Techniques, 13(1), 1–12.

    Article  Google Scholar 

  2. Alazab, M., Venkataraman, S., Watters, P. (2010, July). Towards understanding malware behaviour by the extraction of API calls. In 2010 Second Cybercrime and Trustworthy Computing Workshop (pp. 52-59). IEEE.

  3. Ye, Y., Li, T., Adjeroh, D., & Iyengar, S. S. (2017). A survey on malware detection using data mining techniques. ACM Computing Surveys (CSUR), 50(3), 1–40.

    Article  Google Scholar 

  4. Zhang, F. (2003). Implementation Technology and Research on Unknown Virus Detection Method and System (Master’s thesis). Northwestern Polytechnical University, Xi’an, Shaanxi Province, China.

  5. Lu, Z. (2013). A Study of Static Malicious Code Detection Method Based on Opcode Sequneces (Master’s thesis). Harbin: Harbin Institute of Technology.

    Google Scholar 

  6. Ravi, C., & Manoharan, R. (2012). Malware detection using windows api sequence and machine learning. International Journal of Computer Applications, 43(17), 12–16.

    Article  Google Scholar 

  7. Zhang, R., & Yang, J. (2014). Android malware detection based on permission correlation. Journal of Computer Applications, 34(5), 1322–1325.

    Article  Google Scholar 

  8. Yang, P., Zhao, B., & Shu, H. (2019). Malicious code detection method based on icon similarity analysis. Journal of Computer Applications, 39(06), 1728–1734.

    Google Scholar 

  9. Qiu, H., Qiu, M., & Lu, Z. (2020). Selective encryption on ecg data in body sensor network based on supervised machine learning. Information Fusion, 55, 59–67.

    Article  Google Scholar 

  10. Qiu, H., Noura, H., Qiu, M., Ming, Z., Memmi, G. (2019). A user-centric data protection method for cloud storage based on invertible DWT. IEEE Transactions on Cloud Computing

  11. Li, Z., Zou, D., Xu, S., Ou, X., Jin, H., Wang, S., ... & Zhong, Y. (2018). Vuldeepecker: A deep learning-based system for vulnerability detection. Paper presented at 25th Annual Network and Distributed System Security Symposium (NDSS 2018), San Diego, California, USA, 18–21 February 2018.

  12. Qiu, H., Zheng, Q., Memmi, G., Lu, J., Qiu, M., & Thuraisingham, B. (2020). Deep residual learning based enhanced JPEG compression in the internet of things. IEEE Transactions on Industrial Informatics., 1.

  13. Nataraj, L., Karthikeyan, S., Jacob, G., & Manjunath, B. S. (2011, July). Malware images: Visualization and automatic classification. In Proceedings of the 8th international symposium on visualization for cyber security (pp. 1-7).

  14. Kalash, M., Rochan, M., Mohammed, N., Bruce, N. D., Wang, Y., Iqbal, F. (2018, February). Malware classification with deep convolutional neural networks. In 2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS) (pp. 1-5). IEEE.

  15. Li, Y. (2018). Detection of Malicious Software Based on Data Visualization (Master’s thesis). In Xidian University, Xi’an. Shaanxi Province: China.

    Google Scholar 

  16. Xia, X. (2018). Research on Android Malware Detection Method Based on Image and Text Feature with Deep Learning (Master’s thesis). Harbin Institute of Technology, Harbin.

  17. Fu, J., Xue, J., Wang, Y., Liu, Z., & Shan, C. (2018). Malware visualization for fine-grained classification. IEEE Access, 6, 14510–14523.

    Article  Google Scholar 

  18. Shaid, S, Z, M., & Maarof, M, A. (2014, August). Malware behavior image for malware variant identification. In 2014 International Symposium on Biometrics and Security Technologies (ISBAST) (pp. 238-243). IEEE.

  19. Zhang, J., Chen, B., Gong, L., & Gu, Z. (2019). Research on malware detection technology based on image analysis. Netinfo Security, 19(10), 24–31.

    Google Scholar 

  20. Lyda, R., & Hamrock, J. (2007). Using entropy analysis to find encrypted and packed malware. IEEE Security & Privacy, 5(2), 40–45.

    Article  Google Scholar 

  21. Moser, A., Kruegel, C., Kirda, E. (2007, December). Limits of static analysis for malware detection. In Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007) (pp. 421-430). IEEE.

  22. Egele, M., Scholte, T., Kirda, E., & Kruegel, C. (2008). A survey on automated dynamic malware-analysis techniques and tools. ACM computing surveys (CSUR), 44(2), 1–42.

    Article  Google Scholar 

  23. Cheng, Y., Fan, W., Huang, W., & An, J. (2017, September). A shellcode detection method based on full native api sequence and support vector machine. In IOP Conference Series: Materials Science and Engineering (Vol. 242, no. 1, p. 012124).

  24. Mosli, R., Li, R., Yuan, B., & Pan, Y. (2017, January). A behavior-based approach for malware detection. In IFIP International Conference on Digital Forensics (pp. 187-201). Springer, Cham.

  25. Raff, E., Barker, J., Sylvester, J., Brandon, R., Catanzaro, B., Nicholas, C, K. (2018, June). Malware detection by eating a whole exe. In Workshops at the Thirty-Second AAAI Conference on Artificial Intelligence.

  26. Siddiqui, M., Wang, M. C., Lee, J. (2008, April). Detecting trojans using data mining techniques. In International Multi Topic Conference (pp. 400-411). Springer, Berlin, Heidelberg.

Download references

Acknowledgments

This work was supported by grants from the Natural Science Foundation of Guangdong Province No.2018A0303130082, The Features Innovation Program of the Department of Education of Foshan under Grant Numbers 2019, Basic and Applied Basic Research Fund of Guangdong Province No.2019A1515111080, and Natural Science Foundation of China No.61802061.

Author information

Authors and Affiliations

  1. School of Electronic and Information Engineering, Foshan University, Foshan, China

    Xiang Huang, Li Ma, Wenyin Yang & Yong Zhong

Authors
  1. Xiang Huang
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Li Ma
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. Wenyin Yang
    View author publications

    You can also search for this author inPubMed Google Scholar

  4. Yong Zhong
    View author publications

    You can also search for this author inPubMed Google Scholar

Corresponding author

Correspondence to Li Ma.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Huang, X., Ma, L., Yang, W. et al. A Method for Windows Malware Detection Based on Deep Learning. J Sign Process Syst 93, 265–273 (2021). https://doi.org/10.1007/s11265-020-01588-1

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11265-020-01588-1

Keywords