research-article

An Opcode Sequences Analysis Method For Unknown Malware Detection

Authors:

Zhi Sun,

Zhihong Rao,

Jianfeng Chen,

Rui Xu,

Da He,

Hui Yang,

Jie LiuAuthors Info & Claims

ICGDA '19: Proceedings of the 2019 2nd International Conference on Geoinformatics and Data Analysis

Pages 15 - 19

https://doi.org/10.1145/3318236.3318255

Published: 15 March 2019 Publication History

Get Access

Abstract

One of the main challenges in security today is defending against unknown malware attacks which have the potential to harm a computer or network. Hence, detecting malware has become one of the most important challenges for the security of computer systems. The known malware detection methods based on the appearance of opcode sequences has to construct a matrix from programs of different architectures to extract high-level features. In order to resolve high dimensional inputs vector and differences assembly instruction, this paper proposes a novel method for detecting static characteristics of 32-bit and 64-bit malicious Portable Executable (PE) Windows files by opcode sequences analysis. By compute the frequency of occurrence of each opcode sequence and distinguishing different types of 32-bit and 64-bit PE files, the proposed method shows promising results with less complexity in comparison with previous studies, which is beneficial to train machine learning model such as k-nearest neighbor (KNN) and back-propagation neural network (BP). Our method is evaluated on more than 20,000 samples, and experimental results show that our system can effectively detect and classify unknown malware.

References

[1]

G. McGraw, G. Morrisett. Attacking malicious code: A report to the infosec research council, In Proceedings of IEEE Software, 2000, pp 33--41.

Digital Library

Google Scholar

[2]

Bazrafshan, Zahra, Hashem Hashemi, Seyed Mehdi Hazrati Fard, and Ali Hamzeh. A survey on heuristic malware detection techniques. In Information and Knowledge Technology (IKT), 2013 5th Conference on, 2013, pp. 113--120. IEEE.

Google Scholar

[3]

Baig, Mirza, Pavol Zavarsky, Ron Ruhl, and Dale Lindskog. The study of evasion of packed pe from static detection. In Internet Security (WorldCIS), 2012 World Congress on, 2012, pp. 99--104. IEEE.

Google Scholar

[4]

Damshenas, Mohsen, Ali Dehghantanha, and Ramlan Mahmoud. A survey on malware propagation, analysis, and detection. International Journal of Cyber-Security and Digital Forensics 2.4, 2013, 10--30.

Google Scholar

[5]

David, O.E. and Netanyahu, N.S., 2015, July. Deepsign: Deep learning for automatic malware signature generation and classification. In Neural Networks (IJCNN), 2015 International Joint Conference on, 2015, pp. 1--8. IEEE.

Google Scholar

[6]

Bilar D. Opcodes as predictor for malware. International journal of electronic security and digital forensics. 2007 Jan 1;1(2):156--68.

Digital Library

Google Scholar

[7]

Santos, Igor, Felix Brezo, Xabier Ugarte-Pedrero, and Pablo G. Bringas. Opcode sequences as representation of executables for data-mining-based unknown malware detection. Information Sciences 231 2013: 64--82.

Digital Library

Google Scholar

[8]

Hashemi, Hashem, Amin Azmoodeh, Ali Hamzeh, and Sattar Hashemi. Graph embedding as a new approach for unknown malware detection. Journal of Computer Virology and Hacking Techniques 13, no. 3 2017: 153--166.

Crossref

Google Scholar

[9]

Manavi, Farnoush, and Ali Hamzeh. A new method for malware detection using opcode visualization. In Artificial Intelligence and Signal Processing Conference (AISP), 2017, pp. 96--102. IEEE.

Google Scholar

[10]

Schultz, Matthew G., Eleazar Eskin, F. Zadok, and Salvatore J. Stolfo. Data mining methods for detection of new malicious executables. In Security and Privacy, 2001. S&P 2001. Proceedings. 2001 IEEE Symposium on, pp. 38--49. IEEE.

Digital Library

Google Scholar

[11]

Kolter, J. Zico, and Marcus A. Maloof. Learning to detect and classify malicious executables in the wild. Journal of Machine Learning Research 7. Dec, 2006, pp: 2721--2744.

Digital Library

Google Scholar

[12]

Ye, Yanfang, Tao Li, Kai Huang, Qingshan Jiang, and Yong Chen. Hierarchical associative classifier (HAC) for malware detection from the large and imbalanced gray list. Journal of Intelligent Information Systems 35, no. 1 2010: 1--20.

Digital Library

Google Scholar

[13]

Blei, David M., Andrew Y. Ng, and Michael I. Jordan. Latent dirichlet allocation. Journal of machine Learning research 3, no. Jan 2003: 993--1022.

Digital Library

Google Scholar

[14]

Lin, F., Cohen, W.W. Power iteration clustering. In Proceedings of the 27th International Conference on Machine Learning (ICML- 10), 2010, pp. 655--662

Digital Library

Google Scholar

Cited By

View all

Ahmad IWan ZAhmad AUllah S(2024)A Hybrid Optimization Model for Efficient Detection and Classification of Malware in the Internet of ThingsMathematics10.3390/math1210143712:10(1437)Online publication date: 7-May-2024
https://doi.org/10.3390/math12101437
Maniriho PMahmood AChowdhury M(2024)MeMalDetComputers and Security10.1016/j.cose.2024.103864142:COnline publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1016/j.cose.2024.103864
Feng PGai LYang LWang QLi TXi NMa J(2024)DawnGNN: Documentation augmented windows malware detection using graph neural networkComputers & Security10.1016/j.cose.2024.103788(103788)Online publication date: Mar-2024
https://doi.org/10.1016/j.cose.2024.103788
Show More Cited By

Index Terms

An Opcode Sequences Analysis Method For Unknown Malware Detection
1. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
    1. Malware and its mitigation

Recommendations

Opcode sequences as representation of executables for data-mining-based unknown malware detection

Malware can be defined as any type of malicious code that has the potential to harm a computer or network. The volume of malware is growing faster every year and poses a serious global security threat. Consequently, malware detection has become a ...
Malware detection using adaptive data compression
AISec '08: Proceedings of the 1st ACM workshop on Workshop on AISec

A popular approach in current commercial anti-malware software detects malicious programs by searching in the code of programs for scan strings that are byte sequences indicative of malicious code. The scan strings, also known as the signatures of ...
Sequential opcode embedding-based malware detection method
Abstract
In recent years, researchers have focused on uncovering the distinctive malicious patterns of malware samples through opcode sequences using some feature learning methods to improve the accuracy of malware detection mechanisms. However,...
Graphical abstract

Display Omitted
Highlights
- A new static analysis-based malware detection method.
- Representation learning ...

Comments

Information & Contributors

Information

Published In

ICGDA '19: Proceedings of the 2019 2nd International Conference on Geoinformatics and Data Analysis

March 2019

156 pages

ISBN:9781450362450

DOI:10.1145/3318236

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

Department of Informatics, University of Oslo

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 March 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ICGDA 2019

ICGDA 2019: 2019 2nd International Conference on Geoinformatics and Data Analysis & 2019 2nd International Conference on Software and Services Engineering

March 15 - 17, 2019

Prague, Czech Republic

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

17
Total Citations
View Citations
299
Total Downloads

Downloads (Last 12 months)35
Downloads (Last 6 weeks)8

Reflects downloads up to 26 Jul 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Ahmad IWan ZAhmad AUllah S(2024)A Hybrid Optimization Model for Efficient Detection and Classification of Malware in the Internet of ThingsMathematics10.3390/math1210143712:10(1437)Online publication date: 7-May-2024
https://doi.org/10.3390/math12101437
Maniriho PMahmood AChowdhury M(2024)MeMalDetComputers and Security10.1016/j.cose.2024.103864142:COnline publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1016/j.cose.2024.103864
Feng PGai LYang LWang QLi TXi NMa J(2024)DawnGNN: Documentation augmented windows malware detection using graph neural networkComputers & Security10.1016/j.cose.2024.103788(103788)Online publication date: Mar-2024
https://doi.org/10.1016/j.cose.2024.103788
Naveen Kumar NBalamurugan SMaruthamuthu RDevi PSeshu Kumar P(2024)A robust method for malware analysis using stacking classifiers and dendrogram visualizationInternational Journal of Information Technology10.1007/s41870-024-01982-zOnline publication date: 9-Jul-2024
https://doi.org/10.1007/s41870-024-01982-z
Chen ZRen X(2023)An Efficient Boosting-Based Windows Malware Family Classification System Using Multi-Features FusionApplied Sciences10.3390/app1306406013:6(4060)Online publication date: 22-Mar-2023
https://doi.org/10.3390/app13064060
Maniriho PMahmood AChowdhury M(2023)A systematic literature review on windows malware detection: Techniques, research issues, and future directionsJournal of Systems and Software10.1016/j.jss.2023.111921(111921)Online publication date: Dec-2023
https://doi.org/10.1016/j.jss.2023.111921
Maniriho PMahmood AChowdhury M(2023)API-MalDetectJournal of Network and Computer Applications10.1016/j.jnca.2023.103704218:COnline publication date: 1-Sep-2023
https://dl.acm.org/doi/10.1016/j.jnca.2023.103704
Duby ATaylor TBloom GZhuang Y(2022)Evaluating Feature Robustness for Windows Malware Family Classification2022 International Conference on Computer Communications and Networks (ICCCN)10.1109/ICCCN54977.2022.9868914(1-10)Online publication date: Jul-2022
https://doi.org/10.1109/ICCCN54977.2022.9868914
Duby ATaylor TBloom GZhuang Y(2022)Detecting and Classifying Self-Deleting Windows Malware Using Prefetch Files2022 IEEE 12th Annual Computing and Communication Workshop and Conference (CCWC)10.1109/CCWC54503.2022.9720874(0745-0751)Online publication date: 26-Jan-2022
https://doi.org/10.1109/CCWC54503.2022.9720874
shah IMehmood AKhan AElhadef MKhan A(2022)HeuCrip: a malware detection approach for internet of battlefield thingsCluster Computing10.1007/s10586-022-03618-y26:2(977-992)Online publication date: 3-Aug-2022
https://dl.acm.org/doi/10.1007/s10586-022-03618-y
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Opcode sequences as representation of executables for data-mining-based unknown malware detection

Malware detection using adaptive data compression

Sequential opcode embedding-based malware detection method

Comments

Published In

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Other Metrics

Article Metrics

Other Metrics

Cited By

Login options

Full Access

PDF

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Opcode sequences as representation of executables for data-mining-based unknown malware detection

Malware detection using adaptive data compression

Sequential opcode embedding-based malware detection method

Comments

Information

Published In

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Get Access

Login options

Full Access

View options

PDF

eReader

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations