ABSTRACT
This paper proposed a Internet of things (IoT) malware classification method, which uses a novel visual local feature based on sections of the malware binary. This method filter binary file section of malware samples, then divides the section contents into groups of 8 bits, and visualize the gray-scale image. Finally, we extract normalized gray-scale image sequence as the visual local feature of IoT malware, compared with the visual global features based on the malware binary, it can achieve approximate classification accuracy with low cost. In addition, in order to improve the classification accuracy of the method, a local feature generation model based on Generative Adversarial Nets (GAN) was designed. The method has been implemented and tested on a set of 2358 malware instances in 9 families, compared with the traditional classification methods based on the global features, local features of section combination based on text, data, rodata can achieve better results, and the classification accuracy achieves 90.3%.
- Shalaginov A , Banin S , Dehghantanha A , Machine Learning Aided Static Malware Analysis: A Survey and Tutorial. 2018.Google Scholar
- Kaspersky Lab: Internet of things security threat has changed from concept to reality [EB/OL]. [2017-06-22]. https://www.gkzhan. com/news/ detail /101407.html.Google Scholar
- Kaspersky Lab: the number of Internet of things malware has more than doubled since last year [EB/OL]. [2017-07-04]. https://deve loper. aliyun .com/article/171328.Google Scholar
- Tencent released the 2018 IOT security threat analysis report[EB/OL].[2019-01-03].https://smart.huanqiu.com/a rticle/9CaKrnKgBmQ.Google Scholar
- Significant Internet of things security trend in 2020 [EB/OL].[2020-03-19].https://www.aqniu.com/vendor/65 415.html.Google Scholar
- Zhang Y , Huang Q , Ma X , Using Multi-features and Ensemble Learning Method for Imbalanced Malware Classification[C]// 2016 IEEE Trustcom/BigDataSE/I SPA. IEEE, 2017.Google Scholar
- Michael Sikorski and Andrew Honig. Practical Malware Analysis The Hands-On Guide to Dissecting Malicious Software, ISBN 978-1-59327-290-6[M]. No Starch Press.2012.Google Scholar
- Sun, H., Wang, X., Buyya, R. and Su, J., 2017. CloudEyes: Cloud based malware detection with reversible sketch for resource constrained internet of things (IoT) devices. Software: Practice and Experience,47(3), pp.421-441.Google ScholarDigital Library
- Bhodia N , Prajapati P , Troia F D , Transfer Learning for Image-Based Malware Classification[C]// International Conference on International Workshop on Formal Methods for Security Engineering. 2019.Google Scholar
- Kumar N , Mukhopadhyay S , Gupta M , Malware Classification using Early Stage Behavioral Analysis[C]// 2019 14th Asia Joint Conference on Information Security (AsiaJCIS). 2019.Google Scholar
- Abdurrahman, Pekta, Tankut, Deep learning for effective Android malware detection using API call graph embeddings[J]. Soft Computing, 2020.Google Scholar
- [Hong J , Park S , Kim T , Malware classification for identifying author groups: a graph-based approach. 2019.Google ScholarDigital Library
- Wen H , Zhang W , Hu Y , Lightweight IoT Malware Visualization Analysis via Two-Bits Networks[M]// Wireless Algorithms, Systems, and Applications. Springer, Cham, 2019.Google Scholar
- Dewen Wang, Kaihua Yang. Power theft detection data generation method based on generative countermeasure network [J]. Power grid technology, 2020, 44(2).Google Scholar
- Yong Z , Shao Y M , Xi Z , EDGAN: motion deblurring algorithm based on enhanced generative adversarial networks[J]. The Journal of Supercomputing, 2020.Google Scholar
- Mu J , Zhou Y , Cao S , Enhanced Evolutionary Generative Adversarial Networks[C]// 2020 39th Chinese Control Conference (CCC). IEEE, 2020.Google Scholar
- MALSHARE, A community driven public malware repository [EB/OL]. https://malshare.com.Google Scholar
- VirusSign, A service that automatically collects malware samples and provide controlled access to the files [EB/OL]. http://www. virusign.com.Google Scholar
- Linux cloud computing network [EB/OL]. [2012-08-05].https://www.cnblogs.com/bakari/archive/2012/08/05/2623637.html.Google Scholar
Recommendations
A Malware Classification Method Based on Generic Malware Information
ICONIP 2015: Proceeings, Part II, of the 22nd International Conference on Neural Information Processing - Volume 9490Since attackers easily have been making malware using dedicated malware generation tools, the number of malware is increasing rapidly. However, it is hard to analyze all malwares because of rise in high-volume of malwares. For this reason, many ...
VisDroid: Android malware classification based on local and global image features, bag of visual words and machine learning techniques
AbstractIn this paper, VisDroid, a novel generic image-based classification method has been suggested and developed for classifying the Android malware samples into its families. To this end, five grayscale image datasets each of which contains 4850 ...
Malware classification method via binary content comparison
RACS '12: Proceedings of the 2012 ACM Research in Applied Computation SymposiumWith the wide spread uses of the Internet, the number of Internet attacks keeps increasing, and malware is the main cause of most Internet attacks. Malware is used by attackers to infect normal users' computers and to acquire private information as well ...
Comments