Developing an Improved Method for Malware Attack Detection in Cloud Computing using Ensemble Learning

Document Type : Original Article

Authors

1 Master's student, Science and Research Unit, Islamic Azad University, Tehran, Iran

2 Associate Professor, Shahid Sattari Aviation University, Tehran, Iran

Abstract

Nowadays, detecting unusual events in the network has been the subject of many researches. Network traffic is huge and very large, and this leads to high data size and increased noise, which makes it very difficult to extract meaningful information to detect abnormal events. Early detection of attacks improves the stability of a system. Each attack is a type of specific behavior; But some attacks may behave similarly and differ only in some features. This article presents a new way to detect malware and attacks in the cloud computing environment. In this method, data clustering separates the data from each other to provide better conditions for model construction by balancing the data in different classes. This research uses a combination of Adabost, Random Forest and Bosted Gradient Tree algorithms as ensemble learning to improve malware detection in cloud computing. In order to combine boosted learners and build a higher level model, the voting mechanism is used. In the proposed model, ensemble learning, using the strengths of various algorithms, creates a useful, high-performance system for detecting malware in cloud computing. By applying the proposed method on real data, it was observed that the accuracy of the proposed method is equal to 99.96%, its accuracy is equal to 99.97% and its recall is equal to 99.95% which compared to previous methods, it has a noticeable advantage, but its computational complexity has not changed much.

Keywords


Smiley face

[1] ‏S. Naval, V. Laxmi, M. Rajarajan, M. S. Gaur, & M. Conti, “Employing Program Semantics for Malware Detection,” IEEE Transactions on Information Forensics and Security, vol. 10, no. 12, pp. 2591-2604, 2015.
[2] Z. Bazrafshan, H. Hashemi, S. M. H. Fard, & A. Hamzeh, “A survey on heuristic malware detection techniques,” in IKT 2013 5th Conference on Information, 2013.
[3] A. Damodaran, F. D. Troia, C. A. Visaggio, T. H. Austin, & M. Stamp, “A comparison of static, dynamic, and hybrid analysis for malware detection,” J. comput. virol. hacking tech., vol. 13, no. 1, pp. 1-12, 2017.
[4] M. Ahmadi, A. Sami, H. Rahimi, & B. Yadegari, “Malware detection by behavioural sequential patterns,” Comput. fraud secur., vol. 2013, no. 8, pp. 11-19, 2013.
[5] H. Darabian, A. Dehghantanha, S. Hashemi, S. Homayoun, & K.-K. R. Choo, “An opcode based technique for polymorphic Internet of Things malware detection: An OpCode-Based Technique for Polymorphic Internet of Things Malware Detection,” Concurr. Comput., vol. 32, no. 6, pp. 51-73, 2020.
[6] B. B. Rad, M. Masrom, & S. Ibrahim, “Opcodes histogram for classifying meta-morphic portable executables malware,” in 2012 International Conference on e-Learning and e-Technologies in Education (ICEEE), IEEE, pp. 209-213, 2012.
[7] W. Hardy, L. Chen, S. Hou, Y. Ye, & X. Li, “DL 4 MD: A deep learning framework for intelligent malwarc detection,” in Inel Conf. Data Mining, CSREA Press, pp. 61-67, 2016.
[8] L. Yu, S. Wang, & K. K. Lai, “Forecasting crude oil price with an EMD-based neural network ensemble learning paradigm,” Energy Econ., vol. 30, no. 5, pp. 2623-2635, 2008.
[9] S. Almarri & P. Sant, “Optimised Malware Detection in Digital Forensics,” Int. j. netw. secur. appl., vol. 6, no. 1, pp. 1-15, 2014.
[10] M. Deypir, “Entropy-based security risk measurement for Android mobile applications,” Soft Comput., vol. 23, no. 16, pp. 7303-7319, 2019.
[11] Ram Mahesh Yadav, “Effective analysis of malware detection in cloud computing,” Computers & Security, vol. 83, pp. 14-21, 2019.
[12] M. Ghasabi, M. Deypir, & E. Mahdipour, "A New Algorithm Based on Hellinger Distance for Mitigation of DDoS Attacks in Software Defined Networks," Journal of Electronical & Cyber Defence, Vol. 5, No. 4, 2017.(In Persian)
[13] N. Usman, S. Usman, F. Khan, M. A., Jan, A. Sajid, M. Alazab, & P. Watters, "Intelligent dynamic malware detection using machine learning in IP reputation for forensics data analytics," Future Generation Computer Systems, vol. 118, pp. 124-141, 2021.
[14] A. Shahraki, M. Abbasi, & Ø. Haugen, “Boosting algorithms for network intrusion detection: A comparative evaluation of Real AdaBoost, Gentle AdaBoost and Modest AdaBoost,” Eng. Appl. Artif. Intell., vol. 94, no. 5, pp. 103-770, 2020.
[15] L. Pallippattu Mathai, "Malware Detection on Android using Adaboost Algorithm," Doctoral dissertation, Dublin, National College of Ireland, 2021.
[16] F. C. Garcia & F. P. Muga II, "Random forest for malware classification," arXiv preprint arXiv:1609.07770, 2016.
[17] C. Galen & Steele, R. “Performance Maintenance Over Time of Random Forest-based Malware Detection Models,” 11th IEEE Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON), pp. 536-541, 2020.
[18] S. Joshi, H. Upadhyay, L. Lagos, N. S. Akkipeddi, & V. Guerra, "Machine learning approach for malware detection using random forest classifier on process list data structure," In Proceedings of the 2nd International Conference on Information System and Data Mining, pp. 98-102, 2018.
[19] H. D. Pham, T. D. Le, & T. N. Vu, "Static PE malware detection using gradient boosting decision trees algorithm," In International Conference on Future Data and Security Engineering, pp. 228-236, Springer, Cham, November 2018.
[20] C. Galen & R. Steele, "Empirical Measurement of Performance Maintenance of Gradient Boosted Decision Tree Models for Malware Detection," In 2021 International Conference on Artificial Intelligence in Information and Communication (ICAIIC), pp. 193-198, 2021.
[21] J. E. L. Abdelkhalki, M. B. Ahmed, & A. A. Boudhir, “Image malware detection using deep learning,” IJCNIS, vol. 12, no. 2, 2020.
[22] D. Tian, Q. Ying, X. Jia, R. Ma, C. Hu, & W. Liu, “MDCHD: A novel malware detection method in cloud using hardware trace and deep learning,” Computer Networks, vol. 198, pp. 108-394, 2021.
  • Receive Date: 21 December 2021
  • Revise Date: 22 January 2022
  • Accept Date: 09 August 2022
  • Publish Date: 21 January 2023