抗混淆的恶意代码图像纹理特征描述方法

doi:10.11959/j.issn.1000-436x.2018227

Abstract

Abstract:

It is a new method that uses image processing and machine learning algorithms to classify malware samples in malware visualization field.The texture feature description method has great influence on the result.To solve this problem,a new method was presented that joints global feature of GIST with local features of LBP or dense SIFT in order to construct combinative descriptors of malware gray-scale images.Using those descriptors,the malware classification performance was greatly improved in contrast to traditional method,especially for those samples have higher similarity in the different families,or those have lower similarity in the same family.A lot of experiments show that new method is much more effective and general than traditional method.On the confusing dataset,the accuracy rate of classification has been greatly improved.

Key words: malware visualization, image texture, feature descriptors, malware classification

CLC Number:

TP393

Yashu LIU,Zhihai WANG,Hanbing YAN,Yueran HOU,Yukun LAI. Method of anti-confusion texture feature descriptor for malware images[J]. Journal on Communications, 2018, 39(11): 44-53.

Figures/Tables 15

References 21

[1]	杜敬凯 . 二进制恶意代码的同源性分析[D]. 北京:北京航空航天大学, 2016.
	DU J K . Homology analysis of binary malicious code[D]. Beijing:Beihang University, 2016.
[2]	SATHYANARAYAN V S , KOHLI P , BRUHADESHWAR B . Signature generation and detection of malware families[C]// Proceedings of Australasian Conference on Information Security and Privacy. 2008: 336-349.
[3]	ABBAS M F B , SRIKANTHAN T . Low-complexity signature-based malware detection for IoT devices[C]// Proceedings of Applications and Techniques in Information Security. 2017: 181-189.
[4]	FIRDAUSI I , LIM C , ERWIN A ,et al. Analysis of machine learning techniques used in behavior-based malware detection[C]// IEEE International Conference on Advances in Computing. 2010: 201-203.
[5]	王蕊, 冯登国, 杨轶 ,等. 基于语义的恶意代码行为特征提取及检测方法[J]. 软件学报, 2012,23(2): 378-393.
	WANG R , FENG D G , YANG Y ,et al. Semantics-based malware be-havior signature extraction and detection method[J]. Journal of Soft-ware, 2012,23(2): 378-393.
[6]	任李, 潘晓中 . 基于对象语义的恶意代码检测方法[J]. 计算机应用研究, 2013,30(10): 3106-3113.
	REN L , PAN X Z . Object-semantics based malware detection meth-od[J]. Application Research of Computers, 2013,30(10): 3106-3113.
[7]	SANTOS I , BREZO F , NIEVES J ,et al. Idea:opcode-sequence based malware detection[C]// International Conference on Engineering Secure Software and Systems. 2010: 35-43.
[8]	O’KANE P , SEZERAND S , MCLANGHLIN K . Detecting obfuscated malware using reduced opcode set and optimized runtime trace[J]. Security Informatics, 2016,5(1): 2-13.
[9]	QIAO Y C , YUN X C , ZHANG Y Z ,et al. Fast reused function retrieval method based on simHash and inverted index[C]// The 15th IEEE International Conference on Trust,Security and Privacy in Computing and Communications. 2017: 937-944.
[10]	BONFANTE G , KACZMAREK M , MARION JY . Architecture of a morphological malware detector[J]. Computer Virology, 2009,5(3): 263-270.
[11]	CESARE S , XIANG Y . A fast flow graph based classification system for packed and polymorphic malware on the end host[C]// Proceedings of the 24th IEEE International Conference on Advanced Information Networking and Applications. 2010: 721-728.
[12]	KINABLE J , KOSTAKIS O . Malware classification based on call graph clustering[J]. Computer Virology, 2011,7(4): 233-245.
[13]	TRINIUS P , HOLS T , GOBEL J ,et al. Visual analysis of malware behavior using treemaps and thread graphs[C]// the 6th International Workshop on Visualization for Cyber Security. 2010: 33-38.
[14]	CONTI G , BRATUS S , SHUBING A ,et al. Automated mapping of large binary objects using primitive fragment type classification[J]. Digital Investigation:The International Journal of Digital Forensics and Incident Response, 2010,7: S3-S12.
[15]	NATARAJ L , KARTHIKEYAN S , JACOB G ,et al. Malware images:visualization and automatic classification[C]// The 8th International Symposium on Visualization for Cyber Security. 2011: 21-29.
[16]	HAN K S , LIM J H , KANG B J ,et al. Malware analysis using visualized images and entropy graphs[J]. International Journal of Information Security, 2015,14(1): 1-14.
[17]	YAN H B , ZHOU H , ZHANG H G . Automatic malware classification via PRICoLBP[J]. Chinese Journal of Electronics, 2018,27(4): 852-859.
[18]	OLIVA A , TORRALBA A . Modeling the shape of the scene:a holistic representation of the spatial envelope[J]. International Journal of Computer Vision, 2001,42(3): 145-175.
[19]	TORRALBA A , MURPHY A , FREEMAN K P ,et al. Context-based vision systems for place and object recognition[C]// International conference on Computer Vision. 2003:273.
[20]	OJALA T , PIETIKAINEN M , MAENPAA T . Multiresolution gray-scale and rotation invariant texture classification with local binary patterns[J]. IEEE Transactions on Pattern Analysis ＆ Machine Intelligence, 2000,24(7): 971-987.
[21]	LOWE D G , . Object recognition from local scale-invariant features[C]// International Conference on Computer Vision. 1999: 1150-1157.

Metrics

Recommended 0

No Suggested Reading articles found!

文件大小	图像宽度
<10 KB	32
10~ 30 KB	64
30~ 60 KB	128
60~ 100 KB	256
100~ 200 KB	384
200~ 500 KB	512
500 ~ 1000 KB	768
>1 000	1 024

分类器	k	准确率
	1	0.976
	2	0.98
	3	0.978
	4	0.977
	5	0.976
KNN	6	0.978
	7	0.97
	8	0.964
	9	0.965
	10	0.96
RF	estimator=15	0.988

分类器	k	GIST	dense	LBP
	1	0.910	0.936	0.877
	2	0.905	0.926	0.864
	3	0.900	0.925	0.86
	4	0.900	0.909	0.863
	5	0.897	0.913	0.863
KNN	6	0.883	0.912	0.86
	7	0.884	0.914	0.848
	8	0.896	0.914	0.839
	9	0.884	0.912	0.843
	10	0.899	0.906	0.838
RF	estimator=15	0.901	0.922	0.901

家族名称	图像数目
Autorun.K	95
Benign	365
Fakerean	381
Luder.B	509
Obfuscator.AD	142
Skintrim.N	80
Virut.A	133
Virut.AC	269
Virut.AK	571

No.	准确率
1	0.914
2	0.886
3	0.910
4	0.867
5	0.906
6	0.882
7	0.906
8	0.894
9	0.906
10	0.89
平均准确率	0.896

Method of anti-confusion texture feature descriptor for malware images

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 15

References 21

Related Articles 15

Metrics

Recommended 0

RF	Gist特征与LBP特征相融合					Gist	LBP
RF	Gist_10%LBP	Gist_30%LBP	Gist_50%LBP	Gist_70%LBP	Gist_100%LBP	Gist	LBP
estimator=10	0.954	0.958	0.959	0.957	0.958	0.893	0.899
estimator=15	0.953	0.958	0.961	0.960	0.961	0.901	0.901
estimator=20	0.955	0.960	0.962	0.961	0.964	0.899	0.903
estimator=25	0.957	0.963	0.965	0.962	0.964	0.900	0.904

RF	Gist特征与dense SIFT特征相融合					Gist	Dense
RF	10% dense SIFT	30% dense SIFT	50% dense SIFT	70% dense SIFT	100% dense SIFT	Gist	SIFT
estimator=10	0.957	0.960	0.960	0.960	0.960	0.893	0.924
estimator=15	0.961	0.962	0.963	0.964	0.964	0.901	0.922
estimator=20	0.963	0.964	0.963	0.964	0.963	0.899	0.931
estimator=25	0.965	0.965	0.965	0.966	0.966	0.900	0.923

特征表示方法	准确率
文献[15]	0.901 7
文献[16]	0.912
文献[17]	0.932 9
本文方法	0.949 8

[1]	Jingbo LI, Li MA, Yang LI, Yingxun FU, Dongchao MA. Optimized design of sensing transmission and computing collaborative industrial Internet [J]. Journal on Communications, 2023, 44(6): 12-22.
[2]	Shiqi ZHAO, Xiaohong HUANG, Zhigang ZHONG. Research and implementation of reputation-based inter-domain routing selection mechanism [J]. Journal on Communications, 2023, 44(6): 47-56.
[3]	Zhen CHEN, Wenhui CHEN, Xiaowei LIU, Dianlong YOU, Linlin LIU, Limin SHEN. Functional complementarity relationship enhanced cloud API recommendation method [J]. Journal on Communications, 2023, 44(6): 125-137.
[4]	Debin WEI, Chengsheng PAN, Li YANG, Zuoren YAN. Adaptive random early detection algorithm based on network traffic level grade prediction [J]. Journal on Communications, 2023, 44(6): 154-166.
[5]	Yuancheng LI, Yongtai QIN. Deep reinforcement learning based algorithm for real-time QoS optimization of software-defined security middle platform [J]. Journal on Communications, 2023, 44(5): 181-192.
[6]	Yingjie XIA, Siyu ZHU, Xuejiao LIU. Research on efficient cross trust-domain group authentication with conditional privacy of vehicle platoon under blockchian architecture [J]. Journal on Communications, 2023, 44(4): 111-123.
[7]	Renchao XIE, Wen WEN, Qinqin TANG, Yunlong LIU, Gaochang XIE, Tao HUANG. Survey on rail transit mobile edge computing network security [J]. Journal on Communications, 2023, 44(4): 201-215.
[8]	Zhiyong LUO, Yu ZHANG, Qing WANG, Weiwei SONG. Study of SDN intrusion intent identification algorithm based on Bayesian attack graph [J]. Journal on Communications, 2023, 44(4): 216-225.
[9]	Yifeng WANG, Yuanbo GUO, Qingli CHEN, Chen FANG, Renhao LIN, Yongliang ZHOU, Jiali MA. Method based on contrastive incremental learning for fine-grained malicious traffic classification [J]. Journal on Communications, 2023, 44(3): 1-11.
[10]	Jin ZHANG, Qiang GE, Weihai XU, Yiming JIANG, Hailong MA, Hongtao YU. Design, implementation and formal verification of BGP proxy for mimic router [J]. Journal on Communications, 2023, 44(3): 33-44.
[11]	Pujie JING, Liangmin WANG, Xuewen DONG, Yushu ZHANG, Qian WANG, Sohail Muhammad. CHA: cross-chain based hierarchical architecture for practicable blockchain regulatory [J]. Journal on Communications, 2023, 44(3): 93-104.
[12]	Jian SHU, Jiawei SHI, Linlan LIU, Al-Kali Manar. Topology prediction for opportunistic network based on spatiotemporal convolution [J]. Journal on Communications, 2023, 44(3): 145-156.
[13]	Dongbin WANG, Dongzhe WU, Hui ZHI, Kun GUO, Xu ZHANG, Jinqiao SHI, Yu ZHANG, Yueming LU. Preventing flow table overflow against denial of service attack in software defined network [J]. Journal on Communications, 2023, 44(2): 1-11.
[14]	Haiyan KANG, Molan LONG. Research on network attack analysis method based on attack graph of absorbing Markov chain [J]. Journal on Communications, 2023, 44(2): 122-135.
[15]	Yuntao ZHANG, Binxing FANG, Chunlai DU, Zhongru WANG, Zhijian CUI, Shouyou SONG. Container escape detection method based on heterogeneous observation chain [J]. Journal on Communications, 2023, 44(1): 49-63.