Research on host malcode detection using machine learning

doi:10.11959/j.issn.2096-109x.2017.00179

Abstract

Abstract:

Main trends of host malcode detection using machine learning were focused on,and two categories of detection models(namely static analysis and dynamic analysis) were well discussed.Moreover,the critical stages such as malcode samples collection,feature extraction and selection,the construction of machine learning classifiers were considered fully.At last,some future work and challenges in this field were listed.The work can serve as a practical reference for establishing next-generation malcode detection techniques.

Key words: malcode detection, machine learning, static analysis, dynamic analysis, classification model

CLC Number:

TP309

Dong ZHANG,Yao ZHANG,Gang LIU,Gui-xiang SONG. Research on host malcode detection using machine learning[J]. Chinese Journal of Network and Information Security, 2017, 3(7): 25-32.

Figures/Tables 4

References 29

[1]	国家互联网应急中心. 2015年中国互联网网络安全报告[EB/OL]. .
	CNCERT/CC. 2015 China cyber security report[EB/OL]. .
[2]	ZHANG Y , WANG X , PERRIG A ,et al. Tumbler:adaptable link access in the bots-infested Internet[J]. Computer Networks, 2016,105: 180-193.
[3]	360威胁情报中心. 2016中国高级持续性威胁(APT)研究报告[EB/OL]. .
	360 Threat Intelligence Center. 2016 China APT research report[EB/OL]. .
[4]	COHEN P . Models of practical defenses against computer viruses[J]. Computers ＆Security, 1989,8(2): 149-160.
[5]	VirusBulletin[EB/OL]. .
[6]	Open Malware[EB/OL]. .
[7]	VX Heavens[EB/OL]. .
[8]	BAECHER P , KOETTER M , HOLZ T ,et al. The nepenthes platform:an efficient approach to collect malware[C]// The International Symposium on Recent Advances in Intrusion Detection (RAID). 2006: 165-184.
[9]	卡饭论坛[EB/OL]. .
	Kaspersky Forum[EB/OL]. .
[10]	HEX-RAYS SA . IDA pro introduction[EB/OL]. .
[11]	ABOU-ASSALEH T , CERCONE N , KESELJ V ,et al. N-gram-based detection of new malicious code[C]// The 28th Annual International Computer Software and Applications Conference (COMPSAC). 2004: 41-42.
[12]	KOLTER J Z , MALOOF M A . Learning to detect and classify malicious executables in the wild[J]. The Journal of Machine Learning Research, 2006(7): 2721-2744.
[13]	MOSKOVITCH R , STOPEL D , FEHER C ,et al. Unknown malcode detection via text categorization and the imbalance problem[C]// IEEE International Conference on Intelligence and Security Informatics (ISI). 2008: 156-161.
[14]	KARIM M E , WALENSTEIN A , LAKHOTIA A ,et al. Malware phylogeny generation using permutations of code[J]. Journal in Computer Virology, 2005,1(1/2): 13-23.
[15]	SIDDIQUI M , WANG M C , LEE J . Data mining methods for malware detection using instruction sequences[C]// The Artificial Intelligence and Applications (AIA). 2008.
[16]	MOSKOVITCH R , FEHER C , TZACHAR N ,et al. Unknown malcode detection using opcode representation[C]// European Conference on Intelligence and Security Informatics(EuroISI). 2008: 204-215.
[17]	SCHULTZ M G , ESKIN E , ZADOK F ,et al. Data mining methods for detection of new malicious executables[C]// IEEE Symposium on Security and Privacy (S＆P). 2001: 38-49.
[18]	LAI Y , . A feature selection for malicious detection[C]// The 9th International Conference on Software Engineering,Artificial Intelligence,Networking,and Parallel/Distributed Computing. 2008: 365-370.
[19]	DING Y , YUAN X , TANG K ,et al. A fast malware detection algo-rithm based on objective-oriented association mining[J]. Computers ＆Security, 2013,39: 315-324.
[20]	MARICONTI E , ONWUZURIKE L , ANDRIOTIS P ,et al. MA-MADROID:detecting android malware by building Markov chains of behavioral models[C]// The Symposium on Network and Distributed System Security (NDSS). 2017.
[21]	SCHWARTZ E J , AVGERINOS T , BRUMLEY D . All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask)[C]// IEEE Symposium on Security and Privacy (S＆P). 2010: 317-331.
[22]	CHRISTODORESCU M , JHA S , KRUEGEL C . Mining specifications of malicious behavior[C]// The 1st India Software Engineering Conference. 2008: 5-14.
[23]	RIECK K , HOLZ T , WILLEMS C ,et al. Learning and classification of malware behavior[C]// The International Conference on Detection of Intrusions and Malware,and Vulnerability Assessment (DIMVA). 2008: 108-125.
[24]	杨轶, 苏璞睿, 应凌云 ,等. 基于行为依赖特征的恶意代码相似性比较方法[J]. 软件学报, 2011,22(10): 2438-2453.
	YANG Y , SU P , YING L ,et al. Dependency-based malware similarity comparison method[J]. Journal of Software, 2011,22(10): 2438-2453.
[25]	IMRAN M , AFZAL M T , QADIR M A . Malware classification using dynamic features and hidden markov model[J]. Journal of Intelligent ＆Fuzzy Systems, 2016,31(2): 837-847.
[26]	ANDERSON B , QUIST D , NEIL J ,et al. Graph-based malware detection using dynamic analysis[J]. Journal in Computer Virolo-gy, 2011,7(4): 247-258.
[27]	TRINIUS P , WILLEMS C , HOLZ T ,et al. A malware instruction set for behavior-based analysis[C]// The 5th GI Conference on Sicherheit,Schutz und Zuverl assigkeit. 2010: 205-216.
[28]	杨晔 . 基于行为的恶意代码检测方法研究[D]. 西安:西安电子科技大学, 2015.
	YANG Y . Research on detection method of malware based on behavior[D]. Xi’an:Xidian University, 2015.
[29]	HUANG W , STOKES J W . MtNet:a multi-task neural network for dynamic malware classification[C]// The International Conference on Detection of Intrusions and Malware,and Vulnerability Assessment(DIMVA). 2016: 399-418.