Chinese Journal of Network and Information Security ›› 2019, Vol. 5 ›› Issue (6): 21-30.doi: 10.11959/j.issn.2096-109x.2019059

• Papers • Previous Articles     Next Articles

Malware detection approach based on improved SOINN

Bin ZHANG1,2,Lixun LI1,2,Shuqin DONG1,2()   

  1. 1 Information and Engineering University,Zhengzhou 450001,China
    2 Key Laboratory of Information Security of Henan Province,Zhengzhou 450001,China
  • Revised:2019-03-20 Online:2019-12-15 Published:2019-12-14
  • Supported by:
    Henan Province Foundation and Frontier Technology Research Project(2014302903);New Research Direction Cultivation Fund for Information Engineering University(2016604703)

Abstract:

To deal with the problems of dynamic update of detection model and high computation costs in malware detection model based on batch learning,a novel malware detection approach is proposed by combing SOINN and supervised classifiers,to reduce computation costs and enable the detection model to update dynamically with the assistance of SOINN′s incremental learning characteristic.Firstly,the improved SOINN was given.According to the whole alignment algorithm,search the adjusted weights of neurons under all input sequences in the learning cycle and then calculate the average value of all adjusted weights as the final result,to avoid SOINN′s stability under different input sequences and representativeness of original data,therefore improve malware detection accuracy.Then a data preprocessing algorithm was proposed based on nonnegative matrix factor and Z-score normalization to transfer the malware behavior feature vector from high dimension and high order to low dimension and low order,to speed up and avoid overfitting and further improve detection accuracy.The results of experiments show that proposed approach supports dynamic updating of detection model and has a significantly higher accuracy of detecting unknown new samples and lower computation costs than tradition methods.

Key words: SOINN algorithm, malware detection, neural network, incremental learning, intrusion detection

CLC Number: 

No Suggested Reading articles found!