Skip to main content
SpringerLink
Log in

Automated malware recognition method based on local neighborhood binary pattern

  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

Malware recognition has been widely used in the literature. One of the malware recognition methods is the byte code based methods. These methods generally use image processing and machine learning methods together to recognize malware. In this article, a novel byte code based malware recognition method is presented, and it consists of feature extraction using the proposed local neighborhood binary pattern (LNBP), feature concatenation, feature selection with neighborhood component analysis (NCA), feature reduction using principal component analysis (PCA) and classification using linear discriminant analysis. A heterogeneous and mostly used byte-based malware dataset (Maligm) was chosen to evaluate the performance of the proposed LNBP based recognition method. The best accuracy rate was equal to 89.40%. The proposed LNBP based method was also compared to the state-of-art deep learning methods, and it achieved a higher success rate than them. These results clearly demonstrate prove the success of the proposed LNBP based method.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

References

  1. Agarap AF, Pepito FJH (2017) Towards building an intelligent anti-malware system: a deep learning approach using support vector machine (SVM) for malware classification

  2. Ahonen T, Hadid A, Pietikäinen M (2004) Face recognition with local binary patterns. In: Lecture notes in computer science (including subseries lecture notes in artificial intelligence and lecture notes in bioinformatics), pp 469–481

  3. Ahonen T, Hadid A, Pietikäinen M (2006) Face description with local binary patterns: application to face recognition. IEEE Trans Pattern Anal Mach Intell 28:2037–2041. https://doi.org/10.1109/TPAMI.2006.244

    Article  MATH  Google Scholar 

  4. Arp D, Spreitzenbarth M, Hübner M et al (2014) Drebin: effective and explainable detection of android malware in your pocket. In: Proceedings 2014 network and distributed system security symposium. Internet Society, Reston

  5. Balakrishnama S, Ganapathiraju A, Picone J (1999) Linear discriminant analysis for signal processing problems. In: Proceedings IEEE Southeastcon’99. Technology on the brink of 2000 (Cat. No.99CH36300). IEEE, pp 78–81

  6. Banin S, Dyrkolbotn GO (2018) Multinomial malware classification via low-level features. Proc Digit Forensic Res Conf DFRWS 2018 USA. Digit Investig 26:S107–S117. https://doi.org/10.1016/j.diin.2018.04.019

    Article  Google Scholar 

  7. Boero L, Marchese M, Zappatore S (2017) Support vector machine meets software defined networking in IDS domain. In: 2017 29th International Teletraffic Congress (ITC 29). IEEE, pp 25–30

  8. Case A, Richard GG (2016) Detecting objective-C malware through memory forensics. Digit Investig 18:S3–S10. https://doi.org/10.1016/j.diin.2016.04.017

    Article  Google Scholar 

  9. Chandrika MP, Com B, Phil M, Nandimath C (2017) Ethical hacking and cyber law in India

  10. Dai Y, Li H, Qian Y, Lu X (2018) A malware classification method based on memory dump grayscale image. Digit Investig 27:30–37. https://doi.org/10.1016/j.diin.2018.09.006

    Article  Google Scholar 

  11. Demme J, Maycock M, Schmitz J, Tang A, Waksman A, Sethumadhavan S, Stolfo S (2013) On the feasibility of online malware detection with performance counters. ACM SIGARCH Comput Archit News 41:559–570. https://doi.org/10.1145/2508148.2485970

    Article  Google Scholar 

  12. Egele M, Scholte T, Kirda E, Kruegel C (2012) A survey on automated dynamic malware-analysis techniques and tools. ACM Comput Surv 44:1–42. https://doi.org/10.1145/2089125.2089126

    Article  Google Scholar 

  13. Feng Y, Bastani O, Martins R et al (2017) Automated synthesis of semantic malware signatures using maximum satisfiability. In: Proceedings 2017 network and distributed system security symposium. Internet Society, Reston

  14. Gibert D, Mateu C, Planes J (2020) The rise of machine learning for detection and classification of malware: research developments, trends and challenges. J Netw Comput Appl

  15. Javaheri D, Hosseinzadeh M (2018) A framework for recognition and confronting of obfuscated malwares based on memory dumping and filter drivers. Wirel Pers Commun 98:119–137. https://doi.org/10.1007/s11277-017-4859-y

    Article  Google Scholar 

  16. Jones KJ, Wang Y (2020) Malgazer: an automated malware classifier with running window entropy and machine learning. In: 2020 6th International Conference on Mobile and Secure Services, MOBISECSERV 2020

  17. Kalash M, Rochan M, Mohammed N et al (2018) Malware classification with deep convolutional neural networks. In: 2018 9th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2018 - Proceedings

  18. Khasawneh KN, Ozsoy M, Donovick C et al (2015) Ensemble learning for low-level hardware-supported malware detection. In: Lecture notes in computer science (including subseries lecture notes in artificial intelligence and lecture notes in bioinformatics), pp 3–25

  19. Kirat D, Vigna G, Kruegel C (2011) BareBox. Proc 27th Annu Comput Secur Appl Conf 403. https://doi.org/10.1145/2076732.2076790

  20. Liao X, Qin Z, Ding L (2017) Data embedding in digital images using critical functions. Signal Process Image Commun 58:146–156. https://doi.org/10.1016/j.image.2017.07.006

    Article  Google Scholar 

  21. Liao X, Yu Y, Li B, Li Z, Qin Z (2020) A new payload partition strategy in color image steganography. IEEE Trans Circuits Syst Video Technol 30:685–696. https://doi.org/10.1109/TCSVT.2019.2896270

    Article  Google Scholar 

  22. Liu J, Song J, Miao Q, Cao Y (2013) FENOC: an ensemble one-class learning framework for malware detection. In: 2013 ninth international conference on computational intelligence and security. IEEE, pp 523–527

  23. Liu X, Lin Y, Li H, Zhang J (2020) A novel method for malware detection on ML-based visualization technique. Comput Secur 89:101682. https://doi.org/10.1016/j.cose.2019.101682

    Article  Google Scholar 

  24. Mitsuhashi R, Shinagawa T (2020) High-accuracy malware classification with a malware-optimized deep learning model

  25. Nataraj L, Manjunath BS (2016) SPAM: signal processing to analyze malware [applications corner]. IEEE Signal Process Mag 33:105–117. https://doi.org/10.1109/MSP.2015.2507185

    Article  Google Scholar 

  26. Nataraj L, Yegneswaran V, Porras P, Zhang J (2011) A comparative assessment of malware classification using binary texture analysis and dynamic analysis. In: Proceedings of the ACM Conference on Computer and Communications Security, pp 21–29

  27. Nataraj L, Karthikeyan S, Jacob G, Manjunath BS (2011) Malware images : visualization and automatic classification. Proc 8th Int Symp Vis Cyber Secur - VizSec ‘11. https://doi.org/10.1145/2016904.2016908

  28. Ojala T, Pietikäinen M, Harwood D (1994) Performance evaluation of texture measures with classification based on Kullback discrimination of distributions. In: Proceedings - International Conference on Pattern Recognition

  29. Ojala T, Pietikäinen M, Mäenpää T (2001) A generalized local binary pattern operator for multiresolution gray scale and rotation invariant texture classification. In: Lecture notes in computer science (including subseries lecture notes in artificial intelligence and lecture notes in bioinformatics), pp 399–408

  30. Ozsoy M, Donovick C, Gorelik I et al (2015) Malware-aware processors: a framework for efficient online malware detection. In: 2015 IEEE 21st international symposium on high performance computer architecture (HPCA). IEEE, pp 651–661

  31. Raghu S, Sriraam N (2018) Classification of focal and non-focal EEG signals using neighborhood component analysis and machine learning algorithms. Expert Syst Appl 113:18–32. https://doi.org/10.1016/j.eswa.2018.06.031

    Article  Google Scholar 

  32. Rudd EM, Rozsa A, Günther M, Boult TE (2017) A survey of stealth malware attacks, mitigation measures, and steps toward autonomous open world solutions. IEEE Commun Surv Tutorials 19:1145–1172

    Article  Google Scholar 

  33. Sampson J, Morstatter F, Wu L, Liu H (2016) Leveraging the implicit structure within social media for emergent rumor detection. In: International Conference on Information and Knowledge Management, Proceedings, pp 2377–2382

  34. Smutz C, Stavrou A (2016) When a tree falls: using diversity in ensemble classifiers to identify evasion in malware detectors. In: Proceedings 2016 network and distributed system security symposium. Internet Society, Reston

  35. Tang A, Sethumadhavan S, Stolfo SJ (2014) Unsupervised anomaly-based malware detection using hardware features. In: Lecture notes in computer science (including subseries lecture notes in artificial intelligence and lecture notes in bioinformatics), pp 109–129

  36. Tuncer T, Dogan S, Pławiak P, Rajendra Acharya U (2019) Automated arrhythmia detection using novel hexadecimal local pattern and multilevel wavelet transform with ECG signals. Knowledge-Based Syst 186:104923. https://doi.org/10.1016/j.knosys.2019.104923

    Article  Google Scholar 

  37. Ucci D, Aniello L, Baldoni R (2019) Survey of machine learning techniques for malware analysis. Comput Secur 81:123–147. https://doi.org/10.1016/j.cose.2018.11.001

    Article  Google Scholar 

  38. Vasan D, Alazab M, Wassan S, Safaei B, Zheng Q (2020) Image-based malware classification using ensemble of CNN architectures (IMCEC). Comput Secur 92:101748. https://doi.org/10.1016/j.cose.2020.101748

    Article  Google Scholar 

  39. Vinayakumar R, Alazab M, Soman KP, Poornachandran P, Venkatraman S (2019) Robust intelligent malware detection using deep learning. IEEE Access 7:46717–46738. https://doi.org/10.1109/ACCESS.2019.2906934

    Article  Google Scholar 

  40. Wall ME, Rechtsteiner A, Rocha LM (2005) Singular value decomposition and principal component analysis. In: A practical approach to microarray data analysis. Kluwer Academic Publishers, Boston, pp 91–109

  41. Ye Y, Li T, Adjeroh D, Iyengar SS (2017) A survey on malware detection using data mining techniques. ACM Comput Surv 50:1–40. https://doi.org/10.1145/3073559

    Article  Google Scholar 

  42. Yuan B, Wang J, Liu D, Guo W, Wu P, Bao X (2020) Byte-level malware classification based on markov images and deep learning. Comput Secur 92:101740. https://doi.org/10.1016/j.cose.2020.101740

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Digital Forensics Engineering, Technology Faculty, Firat University, Elazig, Turkey

    Turker Tuncer, Fatih Ertam & Sengul Dogan

Authors
  1. Turker Tuncer
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Fatih Ertam
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sengul Dogan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Turker Tuncer.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Tuncer, T., Ertam, F. & Dogan, S. Automated malware recognition method based on local neighborhood binary pattern. Multimed Tools Appl 79, 27815–27832 (2020). https://doi.org/10.1007/s11042-020-09376-6

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11042-020-09376-6

Keywords

Search

Navigation