Recurrent neural network for malware detection

Research output: Contribution to journalArticle

Abstract

Recently, an active development of network communication technology has brought inspiration to new cyber-attack such as malware. This possesses a massive threat to network organization, users and security. Consequently, many researchers have developed novel algorithms for attack detection. Nevertheless, they still face the problem of building reliable and accurate models that are capable in handling large quantities of data with changing patterns. The most common technique to represent the feature of malware is bag-of-words (BOW) where the frequency of each word is used for malware description. However, using BOW approach will destroy the spatial and sequence information aspects of malware patterns, resulting in information loss and coarse indexing. Therefore, this paper presents two combination models of Long Short-Term Memory (LSTM) and Convolutional Neural Network (CNN) to deal with spatial and temporal signals problem of BOW representation. Both techniques are well known in the classification problem with LSTM being useful in temporal modeling while CNN is good at extract spatial information from data. After that, the Multi-Layer Perceptron (MLP) is used for classification. The model is trained on Drebin dataset and validated, and then the result is compared with other techniques. The experiment shows that the both proposed models outperform common MLP, CNN and LSTM models on a malware classification task. Our best model (LSTM-CNN) model obtains state-of-the-art performance level of 98.53% of the Drebin dataset.

Original languageEnglish
Pages (from-to)46-63
Number of pages18
JournalInternational Journal of Advances in Soft Computing and its Applications
Volume11
Issue number1
Publication statusPublished - 1 Jan 2019

Fingerprint

Recurrent neural networks
Neural networks
Multilayer neural networks
Malware
Telecommunication networks
Long short-term memory

Keywords

  • Deep learning
  • Long short term memory
  • Malware classification
  • Recurrent neural network

ASJC Scopus subject areas

  • Computer Science Applications

Cite this

Recurrent neural network for malware detection. / Halim, Mudzfirah Abdul; Abdullah, Azizi; Zainol Ariffin , Khairul Akram.

In: International Journal of Advances in Soft Computing and its Applications, Vol. 11, No. 1, 01.01.2019, p. 46-63.

Research output: Contribution to journalArticle

@article{b3479be28eb246c8bd3327df956e31e2,
title = "Recurrent neural network for malware detection",
abstract = "Recently, an active development of network communication technology has brought inspiration to new cyber-attack such as malware. This possesses a massive threat to network organization, users and security. Consequently, many researchers have developed novel algorithms for attack detection. Nevertheless, they still face the problem of building reliable and accurate models that are capable in handling large quantities of data with changing patterns. The most common technique to represent the feature of malware is bag-of-words (BOW) where the frequency of each word is used for malware description. However, using BOW approach will destroy the spatial and sequence information aspects of malware patterns, resulting in information loss and coarse indexing. Therefore, this paper presents two combination models of Long Short-Term Memory (LSTM) and Convolutional Neural Network (CNN) to deal with spatial and temporal signals problem of BOW representation. Both techniques are well known in the classification problem with LSTM being useful in temporal modeling while CNN is good at extract spatial information from data. After that, the Multi-Layer Perceptron (MLP) is used for classification. The model is trained on Drebin dataset and validated, and then the result is compared with other techniques. The experiment shows that the both proposed models outperform common MLP, CNN and LSTM models on a malware classification task. Our best model (LSTM-CNN) model obtains state-of-the-art performance level of 98.53{\%} of the Drebin dataset.",
keywords = "Deep learning, Long short term memory, Malware classification, Recurrent neural network",
author = "Halim, {Mudzfirah Abdul} and Azizi Abdullah and {Zainol Ariffin }, {Khairul Akram}",
year = "2019",
month = "1",
day = "1",
language = "English",
volume = "11",
pages = "46--63",
journal = "International Journal of Advances in Soft Computing and its Applications",
issn = "2074-8523",
publisher = "International Center for Scientific Research and Studies (ICSRS)",
number = "1",

}

TY - JOUR

T1 - Recurrent neural network for malware detection

AU - Halim, Mudzfirah Abdul

AU - Abdullah, Azizi

AU - Zainol Ariffin , Khairul Akram

PY - 2019/1/1

Y1 - 2019/1/1

N2 - Recently, an active development of network communication technology has brought inspiration to new cyber-attack such as malware. This possesses a massive threat to network organization, users and security. Consequently, many researchers have developed novel algorithms for attack detection. Nevertheless, they still face the problem of building reliable and accurate models that are capable in handling large quantities of data with changing patterns. The most common technique to represent the feature of malware is bag-of-words (BOW) where the frequency of each word is used for malware description. However, using BOW approach will destroy the spatial and sequence information aspects of malware patterns, resulting in information loss and coarse indexing. Therefore, this paper presents two combination models of Long Short-Term Memory (LSTM) and Convolutional Neural Network (CNN) to deal with spatial and temporal signals problem of BOW representation. Both techniques are well known in the classification problem with LSTM being useful in temporal modeling while CNN is good at extract spatial information from data. After that, the Multi-Layer Perceptron (MLP) is used for classification. The model is trained on Drebin dataset and validated, and then the result is compared with other techniques. The experiment shows that the both proposed models outperform common MLP, CNN and LSTM models on a malware classification task. Our best model (LSTM-CNN) model obtains state-of-the-art performance level of 98.53% of the Drebin dataset.

AB - Recently, an active development of network communication technology has brought inspiration to new cyber-attack such as malware. This possesses a massive threat to network organization, users and security. Consequently, many researchers have developed novel algorithms for attack detection. Nevertheless, they still face the problem of building reliable and accurate models that are capable in handling large quantities of data with changing patterns. The most common technique to represent the feature of malware is bag-of-words (BOW) where the frequency of each word is used for malware description. However, using BOW approach will destroy the spatial and sequence information aspects of malware patterns, resulting in information loss and coarse indexing. Therefore, this paper presents two combination models of Long Short-Term Memory (LSTM) and Convolutional Neural Network (CNN) to deal with spatial and temporal signals problem of BOW representation. Both techniques are well known in the classification problem with LSTM being useful in temporal modeling while CNN is good at extract spatial information from data. After that, the Multi-Layer Perceptron (MLP) is used for classification. The model is trained on Drebin dataset and validated, and then the result is compared with other techniques. The experiment shows that the both proposed models outperform common MLP, CNN and LSTM models on a malware classification task. Our best model (LSTM-CNN) model obtains state-of-the-art performance level of 98.53% of the Drebin dataset.

KW - Deep learning

KW - Long short term memory

KW - Malware classification

KW - Recurrent neural network

UR - http://www.scopus.com/inward/record.url?scp=85071375137&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85071375137&partnerID=8YFLogxK

M3 - Article

AN - SCOPUS:85071375137

VL - 11

SP - 46

EP - 63

JO - International Journal of Advances in Soft Computing and its Applications

JF - International Journal of Advances in Soft Computing and its Applications

SN - 2074-8523

IS - 1

ER -