Detecção estática e dinâmica de malwares usando redes neurais sem peso
Resumo
A preocupação com a segurança e a integridade dos dados em sistemas de computação, incluindo áreas importantes como Internet das Coisas e Indústria 4.0, estão crescendo dramaticamente. Dessa forma, a existência de um malware pode ameaçar o bom funcionamento de sistemas inteiros, trazendo consequências irreversíveis. Este trabalho visa utilizar redes neurais sem peso para detecção estática e dinâmica de malwares. Na utilização de técnicas estáticas baseadas na imagem 2D do arquivo binário e de técnicas dinâmicas baseadas em API Calls, a rede WiSARD mostrou resultados próximos de técnicas do estado da arte utilizando redes neurais com peso, porém com tempos de treinamento e classificação uma ordem de grandeza menor.Referências
Aleksander, I., Thomas, W., and Bowden, P. (1984). Wisard-a radical step forward in image recognition. Sensor Review, 4(3):120–124.
Aycock, J. (2006). Computer Viruses and Malware. Advances in Information Security. Springer US.
Bazrafshan, Z., Hashemi, H., Fard, S. M. H., and Hamzeh, A. (2013). A survey on heuristic malware detection techniques. In The 5th Conference on Information and Knowledge Technology, page 113–120.
Bledsoe, W. W. and Browning, I. (1959). Pattern recognition and reading by machine. In IRE-AIEE-ACM Computer Conference, IRE-AIEE-ACM ’59 (Eastern), page 225–232. Association for Computing Machinery.
Bozkir, A. S., Cankaya, A. O., and Aydos, M. (2019). Utilization and comparision of convolutional neural networks in malware recognition. In 27th Signal Processing and Communications Applications Conference (SIU), page 1–4.
Cardoso, D. O., Carvalho, D. S., Alves, D. S. F., Souza, D. F. P., Carneiro, H. C. C., Pedreira, C. E., Lima, P. M. V., and França, F. M. G. (2016). Financial credit analysis via a clustering weightless neural classifier. Neurocomputing, 183:70–78.
de Souza, C. R. (2011). Redes Neurais Sem-Peso Aplicadas na Categorização de Subtipos do HIV-1. Master’s thesis, Dissertação de Mestrado - COPPE/UFRJ, Brasil.
Elhadi, A. A. E., Maarof, M. A., and Osman, A. H. (2012). Malware detection based on hybrid signature behaviour application programming interface call graph. American Journal of Applied Sciences, 9(33):283–288.
Farrokhmanesh, M. and Hamzeh, A. (2016). A novel method for malware detection using audio signal processing techniques. In 2016 Artificial Intelligence and Robotics (IRANOPEN), page 85–91.
Filho, A. S. L., Guarisa, G. P., Filho, L. A. D. L., Oliveira, L. F. R., Franca, F. M. G., and Lima, P. M. V. (2020). wisardpkg – a library for wisard-based models.
França, H. L., SILVA, J., Lengerke, O., França, F. M., and Dutra, M. S. (2009). Um sistema de visão artificial para o controle de perseguição de movimento por uma plataforma Stewart. In 2° Congreso Internacional de Ingeniería Mecatrónica, UNAB, Bucaramanga, Colômbia.
Garcia, F. C. C. and Muga II, F. P. (2016). Random forest for malware classification. arXiv:1609.07770 [cs]. arXiv: 1609.07770.
Grieco, B. P., Lima, P. M., De Gregorio, M., and França, F. M. (2009). Extracting fuzzy rules from “mental” images generated by modified wisard perceptrons. In 17th European Symposium on Artificial Neural Networks, pages 313–318.
Grieco, B. P. A., Lima, P. M. V., De Gregorio, M., and França, F. M. G. (2010). Producing pattern examples from “mental” images. Neurocomputing, 73(7):1057–1064.
Huang, W. and Stokes, J. W. (2016). Mtnet: A multi-task neural network for dynamic malware classification. In Caballero, J., Zurutuza, U., and Rodríguez, R. J., editors, Detection of Intrusions and Malware, and Vulnerability Assessment, Lecture Notes in Computer Science, page 399–418. Springer International Publishing.
Kolosnjaji, B., Zarras, A., Webster, G., and Eckert, C. (2016). Deep learning for classification of malware system call sequences. In Kang, B. H. and Bai, Q., editors, AI 2016: Advances in Artificial Intelligence, Lecture Notes in Computer Science, page 137–149. Springer International Publishing.
Nataraj, L. (2015). A signal processing approach to malware analysis. University of California, Santa Barbara.
Nataraj, L., Karthikeyan, S., Jacob, G., and Manjunath, B. S. (2011a). Malware images: visualization and automatic classification. In Proceedings of the 8th International Symposium on Visualization for Cyber Security, VizSec ’11, page 1–7. Association for Computing Machinery.
Nataraj, L., Kirat, D., Manjunath, B., and Vigna, G. (2013). Sarvam: Search and retrieval of malware. In Proceedings of the Annual Computer Security Conference (ACSAC) Worshop on Next Generation Malware Attacks and Defense (NGMAD).
Nataraj, L., Yegneswaran, V., Porras, P., and Zhang, J. (2011b). A comparative assessment of malware classification using binary texture analysis and dynamic analysis. In Proceedings of the 4th ACM workshop on Security and artificial intelligence, AISec ’11, page 21–30. Association for Computing Machinery.
Oliveira, A. (2019). Malware analysis datasets: Top-1000 PE Imports. IEEE-DataPort: [link], Acesso em Julho de 2020.
Oliveira, A. and Sassi, R. J. (2019). Behavioral malware detection using deep graph convolutional neural networks. TechRxiv. [link].
Pascanu, R., Stokes, J. W., Sanossian, H., Marinescu, M., and Thomas, A. (2015). Malware classification with recurrent networks. In 2015 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), page 1916–1920.
Rhode, M., Burnap, P., and Jones, K. (2018). Early-stage malware prediction using recurrent neural networks. Computers & Security, 77:578–594.
Schultz, M., Eskin, E., Zadok, F., and Stolfo, S. (2001). Data mining methods for detection of new malicious executables. In Proceedings 2001 IEEE Symposium on Security and Privacy. S P 2001, page 38–49.
Stichting Cuckoo Foundation (accessed July, 2020). Cuckoo Sandbox (Automated Malware Analysis). https://cuckoosandbox.org/.
Vinayakumar, R., Alazab, M., Soman, K. P., Poornachandran, P., and Venkatraman, S. (2019). Robust intelligent malware detection using deep learning. IEEE Access, 7:46717–46738.
Aycock, J. (2006). Computer Viruses and Malware. Advances in Information Security. Springer US.
Bazrafshan, Z., Hashemi, H., Fard, S. M. H., and Hamzeh, A. (2013). A survey on heuristic malware detection techniques. In The 5th Conference on Information and Knowledge Technology, page 113–120.
Bledsoe, W. W. and Browning, I. (1959). Pattern recognition and reading by machine. In IRE-AIEE-ACM Computer Conference, IRE-AIEE-ACM ’59 (Eastern), page 225–232. Association for Computing Machinery.
Bozkir, A. S., Cankaya, A. O., and Aydos, M. (2019). Utilization and comparision of convolutional neural networks in malware recognition. In 27th Signal Processing and Communications Applications Conference (SIU), page 1–4.
Cardoso, D. O., Carvalho, D. S., Alves, D. S. F., Souza, D. F. P., Carneiro, H. C. C., Pedreira, C. E., Lima, P. M. V., and França, F. M. G. (2016). Financial credit analysis via a clustering weightless neural classifier. Neurocomputing, 183:70–78.
de Souza, C. R. (2011). Redes Neurais Sem-Peso Aplicadas na Categorização de Subtipos do HIV-1. Master’s thesis, Dissertação de Mestrado - COPPE/UFRJ, Brasil.
Elhadi, A. A. E., Maarof, M. A., and Osman, A. H. (2012). Malware detection based on hybrid signature behaviour application programming interface call graph. American Journal of Applied Sciences, 9(33):283–288.
Farrokhmanesh, M. and Hamzeh, A. (2016). A novel method for malware detection using audio signal processing techniques. In 2016 Artificial Intelligence and Robotics (IRANOPEN), page 85–91.
Filho, A. S. L., Guarisa, G. P., Filho, L. A. D. L., Oliveira, L. F. R., Franca, F. M. G., and Lima, P. M. V. (2020). wisardpkg – a library for wisard-based models.
França, H. L., SILVA, J., Lengerke, O., França, F. M., and Dutra, M. S. (2009). Um sistema de visão artificial para o controle de perseguição de movimento por uma plataforma Stewart. In 2° Congreso Internacional de Ingeniería Mecatrónica, UNAB, Bucaramanga, Colômbia.
Garcia, F. C. C. and Muga II, F. P. (2016). Random forest for malware classification. arXiv:1609.07770 [cs]. arXiv: 1609.07770.
Grieco, B. P., Lima, P. M., De Gregorio, M., and França, F. M. (2009). Extracting fuzzy rules from “mental” images generated by modified wisard perceptrons. In 17th European Symposium on Artificial Neural Networks, pages 313–318.
Grieco, B. P. A., Lima, P. M. V., De Gregorio, M., and França, F. M. G. (2010). Producing pattern examples from “mental” images. Neurocomputing, 73(7):1057–1064.
Huang, W. and Stokes, J. W. (2016). Mtnet: A multi-task neural network for dynamic malware classification. In Caballero, J., Zurutuza, U., and Rodríguez, R. J., editors, Detection of Intrusions and Malware, and Vulnerability Assessment, Lecture Notes in Computer Science, page 399–418. Springer International Publishing.
Kolosnjaji, B., Zarras, A., Webster, G., and Eckert, C. (2016). Deep learning for classification of malware system call sequences. In Kang, B. H. and Bai, Q., editors, AI 2016: Advances in Artificial Intelligence, Lecture Notes in Computer Science, page 137–149. Springer International Publishing.
Nataraj, L. (2015). A signal processing approach to malware analysis. University of California, Santa Barbara.
Nataraj, L., Karthikeyan, S., Jacob, G., and Manjunath, B. S. (2011a). Malware images: visualization and automatic classification. In Proceedings of the 8th International Symposium on Visualization for Cyber Security, VizSec ’11, page 1–7. Association for Computing Machinery.
Nataraj, L., Kirat, D., Manjunath, B., and Vigna, G. (2013). Sarvam: Search and retrieval of malware. In Proceedings of the Annual Computer Security Conference (ACSAC) Worshop on Next Generation Malware Attacks and Defense (NGMAD).
Nataraj, L., Yegneswaran, V., Porras, P., and Zhang, J. (2011b). A comparative assessment of malware classification using binary texture analysis and dynamic analysis. In Proceedings of the 4th ACM workshop on Security and artificial intelligence, AISec ’11, page 21–30. Association for Computing Machinery.
Oliveira, A. (2019). Malware analysis datasets: Top-1000 PE Imports. IEEE-DataPort: [link], Acesso em Julho de 2020.
Oliveira, A. and Sassi, R. J. (2019). Behavioral malware detection using deep graph convolutional neural networks. TechRxiv. [link].
Pascanu, R., Stokes, J. W., Sanossian, H., Marinescu, M., and Thomas, A. (2015). Malware classification with recurrent networks. In 2015 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), page 1916–1920.
Rhode, M., Burnap, P., and Jones, K. (2018). Early-stage malware prediction using recurrent neural networks. Computers & Security, 77:578–594.
Schultz, M., Eskin, E., Zadok, F., and Stolfo, S. (2001). Data mining methods for detection of new malicious executables. In Proceedings 2001 IEEE Symposium on Security and Privacy. S P 2001, page 38–49.
Stichting Cuckoo Foundation (accessed July, 2020). Cuckoo Sandbox (Automated Malware Analysis). https://cuckoosandbox.org/.
Vinayakumar, R., Alazab, M., Soman, K. P., Poornachandran, P., and Venkatraman, S. (2019). Robust intelligent malware detection using deep learning. IEEE Access, 7:46717–46738.
Publicado
13/10/2020
Como Citar
RAMOS, Luiz C. S.; LUSQUINO FILHO, Leopoldo A. D.; FRANÇA, Felipe M. G.; LIMA, Priscila M. V..
Detecção estática e dinâmica de malwares usando redes neurais sem peso. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 20. , 2020, Petrópolis.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2020
.
p. 369-381.
DOI: https://doi.org/10.5753/sbseg.2020.19250.
