research-article

Space Filling Curve Mapping for Malware Detection and Classification

Authors:

Wenke LuAuthors Info & Claims

CSSE '20: Proceedings of the 3rd International Conference on Computer Science and Software Engineering

Pages 176 - 180

https://doi.org/10.1145/3403746.3403924

Published: 26 June 2020 Publication History

Abstract

Shannon entropy can reflect whether malware is encrypted or compressed, so it is important that security analysts can locate obfuscated regions by higher-entropy values. Moreover, malware files belonging to the same families share similar modules that can be shown in the form of entropy. So we present a new method that uses space filling curve mapping (SFCM) to visualize malware, extracts image features by using the deep convolution neural networks and classifies the generated images by SVM (support vector machine) classifier. We verified the proposed method with 7162 samples of 24 Kaspersky malware families, and obtained 99.44% detection accuracy and 98.56% classification accuracy.

References

[1]

Ligh, Michael, et al. Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code. Wiley Publishing, 2010.

Digital Library

[2]

Sikorski, Michael, and A. Honig. "Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software." Computers & Security31v6 (2012):802--803

[3]

Lee, Dong Hwi, et al. "A Study on Malicious Codes Pattern Analysis Using Visualization." Multimedia Tools & Applications 68.2(2014):253--263.

[4]

Nataraj, L., et al. "Malware images:visualization and automatic classification." International Symposium on Visualization for Cyber Security ACM, 2011:1--7.

[5]

Panas, Thomas. "Signature visualization of software binaries." ACM Symposium on Software Visualization ACM, 2008:185--188.

[6]

Shaid, Syed Zainudeen Mohd, and M. A. Maarof. "Malware behavior image for malware variant identification." International Symposium on Biometrics and Security Technologies IEEE, 2015:238--243.

[7]

Grégio, André R. A., and R. D. C. Santos. "Visualization techniques for malware behavior analysis." International Society for Optics and Photonics, 2011:801905-801905-9.

[8]

Yoo, In Seon. "Visualizing windows executable viruses using self-organizing maps." ACM Workshop on Visualization and Data Mining for Computer Security ACM, 2004:82--89.

[9]

Lyda, Robert, and J. Hamrock. "Using Entropy Analysis to Find Encrypted and Packed Malware." IEEE Security & Privacy 5.2(2007):40--45.

[10]

Baysa, Donabelle, R. M. Low, and M. Stamp. "Structural entropy and metamorphic malware." Journal of Computer Virology & Hacking Techniques 9.4(2013):179--192.

[11]

Han, Kyoung Soo, et al. "Malware analysis using visualized images and entropy graphs." International Journal of Information Security14.1(2015):1--14.

[12]

Strelkov, V. V. "A new similarity measure for histogram comparison and its application in time series analysis." Pattern Recognition Letters29.13(2008):1768--1774.

[13]

Shannon, C. E. "A mathematical theory of communication." Bell System Technical Journal 27.3(2014):379--423.

[14]

Asano, Tetsuo, et al. "Space filling curves and their use in the design of geometric data structures." Latin American Symposium on Theoretical Informatics Springer-Verlag, 1995:36--48.

[15]

Zimmermann, Jens. "Parallelizing an Unstructured Grid Generator with a Space-Filling Curve Approach." From the, International Euro-Par Conference on Parallel Processing Springer-Verlag, 2000:815--823.

[16]

Liao, Swanwa, M. A. Lopez, and S. T. Leutenegger. "High Dimensional Similarity Search With Space Filling Curves." International Conference on Data Engineering IEEE Computer Society, 2001:615--622.

[17]

Faloutsos, C. "Gray Codes for Partial Match and Range Queries." Software Engineering IEEE Transactions on 14.10(1988):1381--1393.

[18]

Mokbel, Mohamed F., and W. G. Aref. "Irregularity in high-dimensional space-filling curves." Distributed & Parallel Databases 29.3(2011):217--238.

[19]

Niedermeier, Rolf, K. Reinhardt, and P. Sanders. "Towards Optimal Locality in Mesh-Indexings." International Symposium on Fundamentals of Computation Theory Springer-Verlag, 1997:364--375.

[20]

Sagan, Hans, et al. "Space-Filling Curves." Springer-Verlag GmbH12.8(2014):133--135.

[21]

Schrack, G, and L. Stocco. "Generation of spatial orders and space-filling curves." IEEE Transactions on Image Processing A Publication of the IEEE Signal Processing Society 24.6(2015):1791--800.

[22]

Mokbel, Mohamed F., and W. G. Aref. Space-Filling Curves for Query Processing. Encyclopedia of Database Systems. Springer US, 2009: 2675--2680.

[23]

Kang J M. "Space-Filling Curves". Encyclopedia of GIS. 2016.

[24]

Böxhm, Christian, G. Klump, and H. P. Kriegel. "XZ-Ordering: A Space-Filling Curve for Objects with Spatial Extension." International Symposium on Advances in Spatial Databases Springer-Verlag, 1999:75--90.

[25]

Abel, D. J., and J. L. Smith. "A data structure and algorithm based on a linear key for a rectangle retrieval problem." Computer Vision Graphics & Image Processing 24.1(1983):1--13.

[26]

Dai, Ho Kwok, and H. C. Su. "Approximation and Analytical Studies of Inter-clustering Performances of Space-Filling Curves. " Discrete Random Walks, Drw'03, Paris, France, September DBLP, 2003:53--68.

[27]

Simonyan, Karen, and A. Zisserman. "Very Deep Convolutional Networks for Large-Scale Image Recognition." Computer Science (2014).

Cited By

Caviglione LChoras MCorona IJanicki AMazurczyk WPawlicki MWasielewska K(2021)Tight Arms Race: Overview of Current Malware Threats and Trends in Their DetectionIEEE Access10.1109/ACCESS.2020.30483199(5371-5396)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2020.3048319

Index Terms

Space Filling Curve Mapping for Malware Detection and Classification
1. Information systems
  1. Information systems applications
    1. Decision support systems
      1. Data analytics
2. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
    1. Malware and its mitigation

Recommendations

Byte Visualization Method for Malware Classification
ICMLT '20: Proceedings of the 2020 5th International Conference on Machine Learning Technologies

The exponential increase in the number of malware stems from the fact that attackers often create malware variants with automated tools. And automated tools generally tend to reuse similar function modules. It is essential, therefore, that security ...
A novel malware analysis for malware detection and classification using machine learning algorithms
SIN '17: Proceedings of the 10th International Conference on Security of Information and Networks

Nowadays, Malware has become a serious threat to the digitization of the world due to the emergence of various new and complex malware every day. Due to this, the traditional signature-based methods for detection of malware effectively becomes an ...
Malware Function Classification Using APIs in Initial Behavior
ASIAJCIS '15: Proceedings of the 2015 10th Asia Joint Conference on Information Security

Malware proliferation has become a serious threat to the Internet in recent years. Most of the current malware are subspecies of existing malware that have been automatically generated by illegal tools. To conduct an efficient analysis of malware, ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

CSSE '20: Proceedings of the 3rd International Conference on Computer Science and Software Engineering

May 2020

214 pages

ISBN:9781450375528

DOI:10.1145/3403746

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

National Central University: National Central University
NCCU: National Chung Cheng University

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 26 June 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

Conference

CSSE 2020

CSSE 2020: 2020 3rd International Conference on Computer Science and Software Engineering

May 22 - 24, 2020

Beijing, China

Acceptance Rates

Overall Acceptance Rate 33 of 74 submissions, 45%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
92
Total Downloads

Downloads (Last 12 months)10
Downloads (Last 6 weeks)4

Reflects downloads up to 28 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Caviglione LChoras MCorona IJanicki AMazurczyk WPawlicki MWasielewska K(2021)Tight Arms Race: Overview of Current Malware Threats and Trends in Their DetectionIEEE Access10.1109/ACCESS.2020.30483199(5371-5396)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2020.3048319

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten