Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
Springer Nature Link
Log in

DACN: Malware Classification Based on Dynamic Analysis and Capsule Networks

  • Conference paper
  • First Online:
Frontiers in Cyber Security (FCS 2021)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1558))

Included in the following conference series:

  • 758 Accesses

Abstract

In the existing classification method of malware visualization, an individual static feature leads to an incomplete characterization of malware and affects classification accuracy, and the max-pooling layers in a convolutional neural network-based classification model disregard the spatial location relationships between features and loses valuable information. To overcome these drawbacks, we build a new malware classification system, DACN, which first maps the three dynamic features (i.e., API calls, DLL loads, and registry operations) of malware to the R, G, and B channels of an image respectively. Then, based on the capsule network, a malware classification model is proposed to capture the spatial location relationships between features. Experimental results demonstrate that using fused features instead of an individual feature improves the accuracy of malware classification by 1.3%–13.8%. DACN can achieve 97.5% classification accuracy, which is better than the model based on convolutional neural network.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Total malware (2021). https://www.av-test.org/en/statistics/malware/

  2. Ibm x-force threat intelligence index (2021). https://www.ibm.com/downloads/cas/M1X3B7QG/

  3. Moser, A., Kruegel, C., Kirda, E.: Limits of static analysis for malware detection. In: Proceedings of ACSAC, pp. 421–430 (2007)

    Google Scholar 

  4. Afianian, A., Niksefat, S., Sadeghiyan, B., Baptiste, D.: Malware dynamic analysis evasion techniques: A survey. ACM Comput. Surv. 52(6), 1–28 (2019)

    Article  Google Scholar 

  5. Huang, N., Xu, M., Zheng, N., Qiao, T., Choo, K.K.R.: Deep android malware classification with API-based feature graph. In: Proceedings of TrustCom/BigDataSE, pp. 296–303 (2019)

    Google Scholar 

  6. Iwamoto, K., Wasaki, K.: Malware classification based on extracted API sequences using static analysis. In: Proceedings of AINTEC, pp. 31–38 (2012)

    Google Scholar 

  7. Wong, M.Y., Lie, D.: Intellidroid: A targeted input generator for the dynamic analysis of android malware. In: Proceedings of NDSS, vol. 16, pp. 21–24 (2016)

    Google Scholar 

  8. Zhang, Z., Qi, P., Wang, W.: Dynamic malware analysis with feature engineering and feature learning. In: Proceedings of AAAI, pp. 1210–1217 (2020)

    Google Scholar 

  9. Nataraj, L., Karthikeyan, S., Jacob, G., Manjunath, B.S.: Malware images: Visualization and automatic classification. In: Proceedings of VizSec, pp. 1–8. Association for Computing Machinery (2011)

    Google Scholar 

  10. Nguyen, K.D.T., Tuan, T.M., Le, S.H., Viet, A.P., Ogawa, M., Minh, N.L.: Comparison of three deep learning-based approaches for IOT malware detection. In: Proceedings of KSE, pp. 382–388 (2018)

    Google Scholar 

  11. Xiong, Y., Su, G., Ye, S., Sun, Y., Sun, Y.: Deeper capsule network for complex data. In: Proceedings of IJCNN, pp. 1–8 (2019)

    Google Scholar 

  12. Sabour, S., Frosst, N., Hinton, G.E.: Dynamic routing between capsules. In: Proceedings of NIPS, pp. 3859–3869 (2017)

    Google Scholar 

  13. Wang, Z., Han, W., Lu, Y., Xue, J.: A malware classification method based on the capsule network. In: International Conference on Machine Learning for Cyber Security, pp. 35–49. Springer (2020). https://doi.org/10.1007/978-3-030-62223-7_4

  14. Cuckoo sandbox - automated malware analysis. https://cuckoosandbox.org/

  15. Zhang, J., Qin, Z., Yin, H., Ou, L., Zhang, K.: A feature-hybrid malware variants detection using CNN based opcode embedding and BPNN based API embedding. Comput. Secur. 84, 376–392 (2019)

    Article  Google Scholar 

  16. Yuan, B., Wang, J., Liu, D., Guo, W., Wu, P., Bao, X.: Byte-level malware classification based on markov images and deep learning. Comput. Secur. 92, 101740 (2020)

    Google Scholar 

  17. Naeem, H., et al.: Malware detection in industrial internet of things based on hybrid image visualization and deep learning model. Ad Hoc Netw. 105, 102154 (2020)

    Google Scholar 

  18. Yuan, Z., Lu, Y., Wang, Z., Xue, Y.: Droid-sec: Deep learning in android malware detection. In: Proceedings of SIGCOMM, pp. 371–372 (2014)

    Google Scholar 

  19. Yoo, S., Kim, S., Kim, S., Kang, B.B.: Ai-hydra: Advanced hybrid approach using random forest and deep learning for malware classification. Inf. Sci. 546, 420–435 (2021)

    Article  MathSciNet  Google Scholar 

  20. Wadkar, M., Di Troia, F., Stamp, M.: Detecting malware evolution using support vector machines. Expert Syst. Appl. 143, 113022 (2020)

    Google Scholar 

  21. Çayır, A., Ünal, U., Dağ, H.: Random capsnet forest model for imbalanced malware type classification task. Comput. Secur. 102(2), 102133 (2021)

    Google Scholar 

  22. Virusshare. https://virusshare.com/

  23. Virustotal. https://www.virustotal.com/

  24. Hu, J., Shen, L., Sun, G.: Squeeze-and-excitation networks. In: Proceedings of CVPR, pp. 7132–7141 (2018)

    Google Scholar 

  25. Radford, A., Metz, L., Chintala, S.: Unsupervised representation learning with deep convolutional generative adversarial networks. arXiv:1511.06434 (2015)

  26. Sebastián, S., Caballero, J.: Avclass2: Massive malware tag extraction from AV labels. In: Proceedings of ACSAC, pp. 42–53 (2020)

    Google Scholar 

  27. Krizhevsky, A., Sutskever, I., Hinton, G.E.: Imagenet classification with deep convolutional neural networks. Adv. Neural. Inf. Process. Syst. 25, 1097–1105 (2012)

    Google Scholar 

  28. Szegedy, C., et al.: Going deeper with convolutions. In: Proceedings of CVPR, pp. 1–9 (2015)

    Google Scholar 

  29. He, K., Zhang, X., Ren, S., Sun, J.: Deep residual learning for image recognition. In: Proceedings of CVPR, pp. 770–778 (2016)

    Google Scholar 

  30. LeCun, Y.: Lenet-5, convolutional neural networks. J. Vis. Commun. Image 20(5), 14 (2015). http://yann.lecun.com/exdb/lenet

Download references

Acknowledgement

This work was supported in part by the Natural Science Foundation of Hainan Province under Grant No.621MS017, in part by the National Natural Science Foundation of China Enterprise Innovation and Development Joint Fund under Grant No.U19B2044, and in part by the Key Research and Development Project of Hainan Province under Grant No.ZDYF2020012.

Author information

Authors and Affiliations

  1. School of Cyberspace Security, Hainan University, Haikou, 570228, China

    Binghui Zou, Chunjie Cao, Longjuan Wang & Fangjian Tao

  2. Key Laboratory of Internet Information Retrieval of Hainan Province, Hainan University, Haikou, 570228, China

    Binghui Zou, Chunjie Cao, Longjuan Wang & Fangjian Tao

Authors
  1. Binghui Zou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chunjie Cao
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Longjuan Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Fangjian Tao
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Longjuan Wang .

Editor information

Editors and Affiliations

  1. Hainan University, Haikou, China

    Chunjie Cao

  2. National Computer Network Intrusion Protection Center (NCNIPC), Beijing, China

    Yuqing Zhang

  3. Illinois Institute of Technology, Chicago, IL, USA

    Yuan Hong

  4. Nankai University, Tianjin, China

    Ding Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2022 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Zou, B., Cao, C., Wang, L., Tao, F. (2022). DACN: Malware Classification Based on Dynamic Analysis and Capsule Networks. In: Cao, C., Zhang, Y., Hong, Y., Wang, D. (eds) Frontiers in Cyber Security. FCS 2021. Communications in Computer and Information Science, vol 1558. Springer, Singapore. https://doi.org/10.1007/978-981-19-0523-0_1

Download citation

  • DOI: https://doi.org/10.1007/978-981-19-0523-0_1

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-19-0522-3

  • Online ISBN: 978-981-19-0523-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation