The process of detecting malicious code by anti-virus systems is considered. The main part of this process is the procedure for analyzing a file or process. Artificial neural networks based on the adaptive-resonance theory are proposed to use as a method of analysis. The graph2vec vectorization algorithm is used to represent the analyzed program codes in numerical format. Despite the fact that the use of this vectorization method ignores the semantic relationships between the sequence of executable commands, it allows to reduce the analysis time without significant loss of accuracy. The use of an artificial neural network ART-2m with a hierarchical memory structure made it possible to reduce the classification time for a malicious file. Reducing the classification time allows to set more memory levels and increase the similarity parameter, which leads to an improved classification quality. Experiments show that with this approach to detecting malicious software, similar files can be recognized by both size and behavior.
Download file
Counter downloads: 98
- Title Detection of malware using an artificial neural network based on adaptive resonant theory
- Headline Detection of malware using an artificial neural network based on adaptive resonant theory
- Publesher
Tomsk State University - Issue Prikladnaya Diskretnaya Matematika - Applied Discrete Mathematics 52
- Date:
- DOI 10.17223/20710410/52/4
Keywords
malware, analysis of portable executable files, control flow graph, vecto-rization, deobfuscation, artificial neural networks based on adaptive resonance theory, clusteringAuthors
References
https://opendatasecurity.io/how-much-does-a-cyberattack-cost-companies/- How much does a cyberattack cost companies. 2017.
Salahdine F. and Kaabouch N. Social Engineering Attacks: A Survey // Future Internet. 2019. V.11. https://www.mdpi.com/1999-5903/11/4/89/htm
https://www.kaspersky.ru/blog/economics-report-2018/20655/ - Во сколько может обойтись потеря данных. 2018.
Харченко С. С., Давыдова Е. М., Тимченко С. В. Сигнатурный анализ программного кода // Ползуновский вестник. 2012. №3. С. 60-64.
Babak B.R., Maslin M., and Suhaimi I. Camouflage in malware: from encryption to metamorphism // Intern. J. Computer Science and Network Security. 2012. V. 12. P. 74-83.
Cai H., Shao Z, and Vaynberg A. Certified Self-Modifying Code (extended version & coq implementation). Technical Report YALEU/DCS/TR-1379. 2007.
Wei Y., Zheng Z., and Nirwan A. Revealing packed malware // IEEE Security & Privacy. 2008. V. 6. No. 5. P. 65-69.
Jacob G., Comparetti P. M., Neugschwandtner M., et al. A static, packer-agnostic filter to detect similar malware samples // LNCS. 2013. V. 7591. P.102-122.
Linn C. and Debray S. Obfuscation of executable code to improve resistance to static disassembly // Proc. CCS’03. Washington, USA, 2003. P.290-299.
Golovkin M. Systems and methods for detecting obfuscated malware // Patent U.S. 9087195. 2015.
Solomon I. A., Jatain A, and Bajaj S.B. Neural network based intrusion detection: State of the art // Proc. Intern. Conf. SUSCOM. Amity University Rajasthan, Jaipur-India, February 26-28, 2019.
Bonfante G., Kaczmarek M., and Marion J. On abstract computer virology from a recursion theoretic perspective // J. Computer Virology. 2009. V. 5. No. 3. P. 263-270.
Narayanan A., Chandramohan M., Chen L., et al. Subgraph2vec: Learning Distributed Representations of Rooted Subgraphs from Large Graphs. arXiv: 1606.08928. 2016.
Burnap P., French R., Turner F., and Jones K. Malware classification using self organising feature maps and machine activity data // Computers & Security. 2018. V. 73. P. 399-410.
Ahmed F., Hameed H., Shafiq M. Z., and Farooq M. Using spatio-temporal information in API calls with machine learning algorithms for malware detection // Proc. AISec’09. Chicago, Illinois, USA, 2009. P. 55-62.
Carpenter G. A. and Grossberg S. ART 2: self-organization of stable category recognition codes for analog input patterns // Appl. Opt. 1987. V. 26. No.23. P.4919-4930.
Курмангалеев Ш. Ф., Долгорукова К. Ю., Савченко В. В. и др. О методах деобфускации программ // Труды Института системного программирования РАН. 2013. Т. 24. С.145-160.
Буханов Д. Г., Поляков В. М. Сеть адаптивно-резонансной теории с многоуровневой памятью // Научные ведомости БелГУ. 2018. Т. 45. №4. С. 709-717
Detection of malware using an artificial neural network based on adaptive resonant theory | Prikladnaya Diskretnaya Matematika - Applied Discrete Mathematics. 2021. № 52. DOI: 10.17223/20710410/52/4
Download full-text version
Counter downloads: 153