Abstract
Malware recognition has been widely used in the literature. One of the malware recognition methods is the byte code based methods. These methods generally use image processing and machine learning methods together to recognize malware. In this article, a novel byte code based malware recognition method is presented, and it consists of feature extraction using the proposed local neighborhood binary pattern (LNBP), feature concatenation, feature selection with neighborhood component analysis (NCA), feature reduction using principal component analysis (PCA) and classification using linear discriminant analysis. A heterogeneous and mostly used byte-based malware dataset (Maligm) was chosen to evaluate the performance of the proposed LNBP based recognition method. The best accuracy rate was equal to 89.40%. The proposed LNBP based method was also compared to the state-of-art deep learning methods, and it achieved a higher success rate than them. These results clearly demonstrate prove the success of the proposed LNBP based method.
Similar content being viewed by others
References
Agarap AF, Pepito FJH (2017) Towards building an intelligent anti-malware system: a deep learning approach using support vector machine (SVM) for malware classification
Ahonen T, Hadid A, Pietikäinen M (2004) Face recognition with local binary patterns. In: Lecture notes in computer science (including subseries lecture notes in artificial intelligence and lecture notes in bioinformatics), pp 469–481
Ahonen T, Hadid A, Pietikäinen M (2006) Face description with local binary patterns: application to face recognition. IEEE Trans Pattern Anal Mach Intell 28:2037–2041. https://doi.org/10.1109/TPAMI.2006.244
Arp D, Spreitzenbarth M, Hübner M et al (2014) Drebin: effective and explainable detection of android malware in your pocket. In: Proceedings 2014 network and distributed system security symposium. Internet Society, Reston
Balakrishnama S, Ganapathiraju A, Picone J (1999) Linear discriminant analysis for signal processing problems. In: Proceedings IEEE Southeastcon’99. Technology on the brink of 2000 (Cat. No.99CH36300). IEEE, pp 78–81
Banin S, Dyrkolbotn GO (2018) Multinomial malware classification via low-level features. Proc Digit Forensic Res Conf DFRWS 2018 USA. Digit Investig 26:S107–S117. https://doi.org/10.1016/j.diin.2018.04.019
Boero L, Marchese M, Zappatore S (2017) Support vector machine meets software defined networking in IDS domain. In: 2017 29th International Teletraffic Congress (ITC 29). IEEE, pp 25–30
Case A, Richard GG (2016) Detecting objective-C malware through memory forensics. Digit Investig 18:S3–S10. https://doi.org/10.1016/j.diin.2016.04.017
Chandrika MP, Com B, Phil M, Nandimath C (2017) Ethical hacking and cyber law in India
Dai Y, Li H, Qian Y, Lu X (2018) A malware classification method based on memory dump grayscale image. Digit Investig 27:30–37. https://doi.org/10.1016/j.diin.2018.09.006
Demme J, Maycock M, Schmitz J, Tang A, Waksman A, Sethumadhavan S, Stolfo S (2013) On the feasibility of online malware detection with performance counters. ACM SIGARCH Comput Archit News 41:559–570. https://doi.org/10.1145/2508148.2485970
Egele M, Scholte T, Kirda E, Kruegel C (2012) A survey on automated dynamic malware-analysis techniques and tools. ACM Comput Surv 44:1–42. https://doi.org/10.1145/2089125.2089126
Feng Y, Bastani O, Martins R et al (2017) Automated synthesis of semantic malware signatures using maximum satisfiability. In: Proceedings 2017 network and distributed system security symposium. Internet Society, Reston
Gibert D, Mateu C, Planes J (2020) The rise of machine learning for detection and classification of malware: research developments, trends and challenges. J Netw Comput Appl
Javaheri D, Hosseinzadeh M (2018) A framework for recognition and confronting of obfuscated malwares based on memory dumping and filter drivers. Wirel Pers Commun 98:119–137. https://doi.org/10.1007/s11277-017-4859-y
Jones KJ, Wang Y (2020) Malgazer: an automated malware classifier with running window entropy and machine learning. In: 2020 6th International Conference on Mobile and Secure Services, MOBISECSERV 2020
Kalash M, Rochan M, Mohammed N et al (2018) Malware classification with deep convolutional neural networks. In: 2018 9th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2018 - Proceedings
Khasawneh KN, Ozsoy M, Donovick C et al (2015) Ensemble learning for low-level hardware-supported malware detection. In: Lecture notes in computer science (including subseries lecture notes in artificial intelligence and lecture notes in bioinformatics), pp 3–25
Kirat D, Vigna G, Kruegel C (2011) BareBox. Proc 27th Annu Comput Secur Appl Conf 403. https://doi.org/10.1145/2076732.2076790
Liao X, Qin Z, Ding L (2017) Data embedding in digital images using critical functions. Signal Process Image Commun 58:146–156. https://doi.org/10.1016/j.image.2017.07.006
Liao X, Yu Y, Li B, Li Z, Qin Z (2020) A new payload partition strategy in color image steganography. IEEE Trans Circuits Syst Video Technol 30:685–696. https://doi.org/10.1109/TCSVT.2019.2896270
Liu J, Song J, Miao Q, Cao Y (2013) FENOC: an ensemble one-class learning framework for malware detection. In: 2013 ninth international conference on computational intelligence and security. IEEE, pp 523–527
Liu X, Lin Y, Li H, Zhang J (2020) A novel method for malware detection on ML-based visualization technique. Comput Secur 89:101682. https://doi.org/10.1016/j.cose.2019.101682
Mitsuhashi R, Shinagawa T (2020) High-accuracy malware classification with a malware-optimized deep learning model
Nataraj L, Manjunath BS (2016) SPAM: signal processing to analyze malware [applications corner]. IEEE Signal Process Mag 33:105–117. https://doi.org/10.1109/MSP.2015.2507185
Nataraj L, Yegneswaran V, Porras P, Zhang J (2011) A comparative assessment of malware classification using binary texture analysis and dynamic analysis. In: Proceedings of the ACM Conference on Computer and Communications Security, pp 21–29
Nataraj L, Karthikeyan S, Jacob G, Manjunath BS (2011) Malware images : visualization and automatic classification. Proc 8th Int Symp Vis Cyber Secur - VizSec ‘11. https://doi.org/10.1145/2016904.2016908
Ojala T, Pietikäinen M, Harwood D (1994) Performance evaluation of texture measures with classification based on Kullback discrimination of distributions. In: Proceedings - International Conference on Pattern Recognition
Ojala T, Pietikäinen M, Mäenpää T (2001) A generalized local binary pattern operator for multiresolution gray scale and rotation invariant texture classification. In: Lecture notes in computer science (including subseries lecture notes in artificial intelligence and lecture notes in bioinformatics), pp 399–408
Ozsoy M, Donovick C, Gorelik I et al (2015) Malware-aware processors: a framework for efficient online malware detection. In: 2015 IEEE 21st international symposium on high performance computer architecture (HPCA). IEEE, pp 651–661
Raghu S, Sriraam N (2018) Classification of focal and non-focal EEG signals using neighborhood component analysis and machine learning algorithms. Expert Syst Appl 113:18–32. https://doi.org/10.1016/j.eswa.2018.06.031
Rudd EM, Rozsa A, Günther M, Boult TE (2017) A survey of stealth malware attacks, mitigation measures, and steps toward autonomous open world solutions. IEEE Commun Surv Tutorials 19:1145–1172
Sampson J, Morstatter F, Wu L, Liu H (2016) Leveraging the implicit structure within social media for emergent rumor detection. In: International Conference on Information and Knowledge Management, Proceedings, pp 2377–2382
Smutz C, Stavrou A (2016) When a tree falls: using diversity in ensemble classifiers to identify evasion in malware detectors. In: Proceedings 2016 network and distributed system security symposium. Internet Society, Reston
Tang A, Sethumadhavan S, Stolfo SJ (2014) Unsupervised anomaly-based malware detection using hardware features. In: Lecture notes in computer science (including subseries lecture notes in artificial intelligence and lecture notes in bioinformatics), pp 109–129
Tuncer T, Dogan S, Pławiak P, Rajendra Acharya U (2019) Automated arrhythmia detection using novel hexadecimal local pattern and multilevel wavelet transform with ECG signals. Knowledge-Based Syst 186:104923. https://doi.org/10.1016/j.knosys.2019.104923
Ucci D, Aniello L, Baldoni R (2019) Survey of machine learning techniques for malware analysis. Comput Secur 81:123–147. https://doi.org/10.1016/j.cose.2018.11.001
Vasan D, Alazab M, Wassan S, Safaei B, Zheng Q (2020) Image-based malware classification using ensemble of CNN architectures (IMCEC). Comput Secur 92:101748. https://doi.org/10.1016/j.cose.2020.101748
Vinayakumar R, Alazab M, Soman KP, Poornachandran P, Venkatraman S (2019) Robust intelligent malware detection using deep learning. IEEE Access 7:46717–46738. https://doi.org/10.1109/ACCESS.2019.2906934
Wall ME, Rechtsteiner A, Rocha LM (2005) Singular value decomposition and principal component analysis. In: A practical approach to microarray data analysis. Kluwer Academic Publishers, Boston, pp 91–109
Ye Y, Li T, Adjeroh D, Iyengar SS (2017) A survey on malware detection using data mining techniques. ACM Comput Surv 50:1–40. https://doi.org/10.1145/3073559
Yuan B, Wang J, Liu D, Guo W, Wu P, Bao X (2020) Byte-level malware classification based on markov images and deep learning. Comput Secur 92:101740. https://doi.org/10.1016/j.cose.2020.101740
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Tuncer, T., Ertam, F. & Dogan, S. Automated malware recognition method based on local neighborhood binary pattern. Multimed Tools Appl 79, 27815–27832 (2020). https://doi.org/10.1007/s11042-020-09376-6
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11042-020-09376-6