Providing a behavioral malware detection system based on the function of hardware counters using a neural network optimized with a dragonfly algorithm

Document Type : Original Article

Authors

1 Karoon Institute of Higher Education, Ahvaz, Iran

2 Department of Computer Engineering, Dezful Branch, Islamic Azad University, Dezful, Iran

Abstract

Today, one of the most important challenges of information security and communication networks is the increasing number of malware and, consequently, finding suitable ways to protect systems against them. Knowing in time and finding ways to deal with the malicious effects of malware is one of the most important challenges for programmers and information security professionals. Is. Intelligent malware detection systems are able to model malicious behavior well. Extracting appropriate features and using efficient classifiers can improve the performance of such systems. In this paper, a new approach to malware detection is proposed using synergy of the features of the hardware counters and the optimization of the multilayer perceptron neural network classifier. The proposed system is able to identify healthy files from malware by extracting features with high discrimination and also using the neural network optimized by the dragonfly algorithm. In order to evaluate the proposed system, a data set including 168 healthy samples and 437 samples infected with malware is used. The results of the simulations show the higher performance of the proposed category compared to other categories, so that the proposed system has been able to detect the presence of malware-infected files with 86% accuracy.

Keywords

References

[1]     S. Parsa and S. Khoshruy, “A new method for gradual detection of environmental conditions and resources required by smart malware,” Journal of Electrical& Cyber Defence, vol. 6, no. 4, pp. 33-44, 2019.##
[2]     G. Laurenza, D. Ucci, L. Aniello, and R. Baldoni, “An architecture for semi-automatic collaborative malware analysis for cis,” in  2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshop (DSN-W), IEEE, pp. 137-142, 2016.##
[3]     H. Ali Alatwi, T. Oh, E. Fokoue, and B. Stackpole, “Android malware detection using category-based machine learning classifiers,” in Proceedings of the 17th Annual Conference on Information Technology Education, pp. 54-59, 2016.##
[4]     Z. Bazrafshan, H. Hashemi, S. M. H. Fard, and A. Hamzeh, “A survey on heuristic malware detection techniques,” in The 5th Conference on Information and Knowledge Technology, IEEE, pp. 113-120, 2013.##
[5]     N. Milosevic, A. Dehghantanha, and K.-K. R. Choo, “Machine learning aided Android malware classification,” Computers & Electrical Engineering, vol. 61, pp. 266-274, 2017.##
[6]     S. Parsa and A. Gooran Oorimi, “An Optimal and Transparent Framework for Automatic Analysis of Malware,” ADST Journal, vol. 7, no. 1, pp. 71-80, 2016.##
[7]     H. Hashemi, A. Azmoodeh, A. Hamzeh, and S. Hashemi, “Graph embedding as a new approach for unknown malware detection,” Journal of Computer Virology and Hacking Techniques, vol. 13, no. 3, pp. 153-166, 2017.##
[8]     K. Pal and J. Verma, “A Survey on Anomaly Based Malware Detection and Demolition in False Alarm Rate,” Available at SSRN 2652104, 2015.##
[9]      A. Tang, S. Sethumadhavan, and S. J. Stolfo, “Unsupervised anomaly-based malware detection using hardware features,” in International Workshop on Recent Advances in Intrusion Detection, Springer, pp. 109-129, 2014.##
[10]  K. N. Khasawneh, M. Ozsoy, C. Donovick, N. Abu-Ghazaleh, and D. Ponomarev, “Ensemble learning for low-level hardware-supported malware detection,” in International Symposium on Recent Advances in Intrusion Detection, Springer, pp. 3-25, 2015.##
[11]  Y. Fan, Y. Ye, and L. Chen, “Malicious sequential pattern mining for automatic malware detection,” Expert Systems with Applications, vol. 52, pp. 16-25, 2016.##
[12]  M. Ozsoy, K. N. Khasawneh, C. Donovick, I. Gorelik, N. Abu-Ghazaleh, and D. Ponomarev, “Hardware-based malware detection using low-level architectural features,” IEEE Transactions on Computers, vol. 65, no. 11, pp.     3332-3344, 2016.##
[13]  S. Huda, J. Abawajy, M. Alazab, M. Abdollalihian, R. Islam, and J. Yearwood, “Hybrids of support vector machine wrapper and filter based framework for malware detection,” Future Generation Computer Systems, vol. 55, pp. 376-390, 2016.##
[14]  M. Imran, M. T. Afzal, and M. A. Qadir, “Malware classification using dynamic features and Hidden Markov Model,” Journal of Intelligent & Fuzzy Systems, vol. 31, no. 2, pp. 837-847, 2016.##
[15]  S. S. Hansen, T. M. T. Larsen, M. Stevanovic, and J. M. Pedersen, “An approach for detection and family classification of malware based on behavioral analysis,” in 2016 International conference on computing, networking and communications (ICNC), IEEE, pp. 1-5, 2016.##
[16]  B. M. Khammas, A. Monemi, I. Ismail, S. M. Nor, and M. Marsono, “Metamorphic malware detection based on support vector machine classification of malware sub-signatures,” Telkomnika (Telecommunication Computing Electronics and Control), vol. 14, no. 3, 2016.##
[17]  K. Grosse, N. Papernot, P. Manoharan, M. Backes, and P. McDaniel, “Adversarial perturbations against deep neural networks for malware classification,” arXiv preprint arXiv:1606.04435, 2016.##
[18]  N. Patel, A. Sasan, and H. Homayoun, “Analyzing hardware based malware detectors,” in 2017 54th ACM/EDAC/IEEE Design Automation Conference (DAC), IEEE, pp. 1-6, 2017.##
[19]  B. Singh, D. Evtyushkin, J. Elwell, R. Riley, and I. Cervesato, “On the detection of kernel-level rootkits using hardware performance counters,” in Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 483-493, 2017.##
[20]  H. Sayadi, N. Patel, S. M. PD, A. Sasan, S. Rafatirad, and H. Homayoun, “Ensemble learning for effective run-time hardware-based malware detection: A comprehensive analysis and classification,” in 2018 55th ACM/ESDA/IEEE Design Automation Conference (DAC), IEEE, pp. 1-6, 2018.##
[21]  Z.-U. Rehman et al., “Machine learning-assisted signature and heuristic-based detection of malwares in Android devices,” Computers & Electrical Engineering, vol. 69, pp. 828-841, 2018.##
[22]  W. S. McCulloch and W. Pitts, “A logical calculus of the ideas immanent in nervous activity,” The bulletin of mathematical biophysics, vol. 5, no. 4, pp. 115-133, 1943.##
[23]  Z. Soltani and A. Jafarian, “A new artificial neural networks approach for diagnosing diabetes disease type II,” International Journal of Advanced Computer Science and Applications, vol. 7, no. 6, pp. 89-94, 2016.##
[24]  S. Mirjalili, “Dragonfly algorithm: a new meta-heuristic optimization technique for solving single-objective, discrete, and multi-objective problems,” Neural Computing and Applications, vol. 27, no. 4, pp. 1053-1073, 2016.##
[25]  J. Han, J. Pei, and M. Kamber, Data mining: concepts and techniques, Elsevier, 2011.##
[26]  S. Y. Yerima and S. Sezer, “Droidfusion: A novel multilevel classifier fusion approach for android malware detection,” IEEE transactions on cybernetics, vol. 49, no. 2, pp.  453-466, 2018.##
Electronic and Cyber Defense
Volume 9, Issue 2 - Serial Number 34
Serial No. 34, Summer Quarterly
June 2021
Pages 9-16

Files

History

  • Receive Date: 14 December 2019
  • Revise Date: 14 December 2020
  • Accept Date: 05 August 2020
  • Publish Date: 22 June 2021

Share

How to cite

Statistics