Detection of malware using an artificial neural network based on adaptive resonant theory

D. G. Bukhanov; V. M. Polyakov; M. A. Redkina

Geodesic

Parcourir par

Detection of malware using an artificial neural network based on adaptive resonant theory

D. G. Bukhanov ; V. M. Polyakov ; M. A. Redkina

Prikladnaâ diskretnaâ matematika, no. 2 (2021), pp. 69-82.

Voir la notice de l'article provenant de la source Math-Net.Ru

Résumé

The process of detecting malicious code by anti-virus systems is considered. The main part of this process is the procedure for analyzing a file or process. Artificial neural networks based on the adaptive-resonance theory are proposed to use as a method of analysis. The graph2vec vectorization algorithm is used to represent the analyzed program codes in numerical format. Despite the fact that the use of this vectorization method ignores the semantic relationships between the sequence of executable commands, it allows to reduce the analysis time without significant loss of accuracy. The use of an artificial neural network ART-2m with a hierarchical memory structure made it possible to reduce the classification time for a malicious file. Reducing the classification time allows to set more memory levels and increase the similarity parameter, which leads to an improved classification quality. Experiments show that with this approach to detecting malicious software, similar files can be recognized by both size and behavior.

Keywords: malware, analysis of portable executable files, control flow graph, vectorization, deobfuscation, artificial neural networks based on adaptive resonance theory, clustering.

@article{PDM_2021_2_a3,
     author = {D. G. Bukhanov and V. M. Polyakov and M. A. Redkina},
     title = {Detection of malware using an artificial neural network based on adaptive resonant theory},
     journal = {Prikladna\^a diskretna\^a matematika},
     pages = {69--82},
     publisher = {mathdoc},
     number = {2},
     year = {2021},
     language = {ru},
     url = {http://geodesic.mathdoc.fr/item/PDM_2021_2_a3/}
}

TY  - JOUR
AU  - D. G. Bukhanov
AU  - V. M. Polyakov
AU  - M. A. Redkina
TI  - Detection of malware using an artificial neural network based on adaptive resonant theory
JO  - Prikladnaâ diskretnaâ matematika
PY  - 2021
SP  - 69
EP  - 82
IS  - 2
PB  - mathdoc
UR  - http://geodesic.mathdoc.fr/item/PDM_2021_2_a3/
LA  - ru
ID  - PDM_2021_2_a3
ER  -

%0 Journal Article
%A D. G. Bukhanov
%A V. M. Polyakov
%A M. A. Redkina
%T Detection of malware using an artificial neural network based on adaptive resonant theory
%J Prikladnaâ diskretnaâ matematika
%D 2021
%P 69-82
%N 2
%I mathdoc
%U http://geodesic.mathdoc.fr/item/PDM_2021_2_a3/
%G ru
%F PDM_2021_2_a3

D. G. Bukhanov; V. M. Polyakov; M. A. Redkina. Detection of malware using an artificial neural network based on adaptive resonant theory. Prikladnaâ diskretnaâ matematika, no. 2 (2021), pp. 69-82. http://geodesic.mathdoc.fr/item/PDM_2021_2_a3/

Bibliographie
Cité par

[1] How much does a cyberattack cost companies, , 2017 https://opendatasecurity.io/how-much-does-a-cyberattack-cost-companies/

[2] Salahdine F., Kaabouch N., “Social Engineering Attacks: A Survey”, Future Internet, 11 (2019) https://www.mdpi.com/1999-5903/11/4/89/htm

[3] , 2018 https://www.kaspersky.ru/blog/economics-report-2018/20655/

[4] Harchenko S. S., Davydova E. M., Timchenko S. V., “Signature analysis of program code”, Polzunovskiy Vestnik, 2012, no. 3, 60–64 (in Russian)

[5] Babak B. R., Maslin M., Suhaimi I., “Camouflage in malware: from encryption to metamorphism”, Intern. J. Computer Science and Network Security, 12 (2012), 74–83

[6] Cai H., Shao Z., Vaynberg A., Certified Self-Modifying Code (extended version coq implementation), Technical Report YALEU/DCS/TR-1379, 2007

[7] Wei Y., Zheng Z., Nirwan A., “Revealing packed malware”, IEEE Security Privacy, 6:5 (2008), 65–69

[8] Jacob G., Comparetti P. M., Neugschwandtner M., et al., “A static, packer-agnostic filter to detect similar malware samples”, LNCS, 7591, 2013, 102–122

[9] Linn C., Debray S., “Obfuscation of executable code to improve resistance to static disassembly”, Proc. CCS'03 (Washington, USA, 2003), 290–299

[10] Golovkin M., Systems and methods for detecting obfuscated malware, Patent U.S. 9087195, 2015

[11] Solomon I. A., Jatain A., Bajaj S. B., “Neural network based intrusion detection: State of the art”, Proc. Intern. Conf. SUSCOM (Amity University Rajasthan, Jaipur-India, February 26–28, 2019)

[12] Bonfante G., Kaczmarek M., Marion J., “On abstract computer virology from a recursion theoretic perspective”, J. Computer Virology, 5:3 (2009), 263–270

[13] Narayanan A., Chandramohan M., Chen L., et al., Subgraph2vec: Learning Distributed Representations of Rooted Sub-graphs from Large Graphs, 2016, arXiv: 1606.08928

[14] Burnap P., French R., Turner F., Jones K., “Malware classification using self organising feature maps and machine activity data”, Computers Security, 73 (2018), 399–410

[15] Ahmed F., Hameed H., Shafiq M. Z., Farooq M., “Using spatio-temporal information in API calls with machine learning algorithms for malware detection”, Proc. AISec'09 (Chicago, Illinois, USA, 2009), 55–62

[16] Carpenter G. A., Grossberg S., “ART 2: self-organization of stable category recognition codes for analog input patterns”, Appl. Opt., 26:23 (1987), 4919–4930

[17] Kurmangaleev SH. F., Dolgorukova K. YU., Savchenko V. V., et al., “About methods of programs deobfuscation”, Proc. Ivannikov Institute for System Programming of the RAS, 24 (2013), 145–160 (in Russian)

[18] Bukhanov D. G., Polyakov V. M., “Adaptive resonance theory network with multilevel memory”, Nauchnye Vedomosti BelSU, 45:4 (2018), 709–717 (in Russian)