Skip to main content
SpringerLink
Log in

Using Four Modalities for Malware Detection Based on Feature Level and Decision Level Fusion

  • Conference paper
  • First Online:
Advanced Information Networking and Applications (AINA 2020)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1151))

Abstract

This paper is focused on multimodal approaches to malware detection, which have not been explored widely in related works. We use static code-based features and dynamic power-based, network traffic-based, and system log-based features, and propose multimodal approaches that use feature level and decision level fusion. Our findings include: (1) For all considered learners, power-based features alone were very good predictors; some learners performed well using only network traffic-based features. (2) For most standard supervised learning algorithms, feature level fusion improved all performance metrics. If Recall is the highest priority, Random Forest or J48 with feature level fusion should be selected. (3) The proposed deep neural network with decision level fusion had lower Recall, but higher Precision and (1-FPR) values, which led to comparable F-score and better G-score than the Random Forest with feature level fusion. In addition to improving classification performance, multimodal approaches make malware evasion of detection much harder.

This work was done while Jarilyn Hernández Jiménez was affiliated with West Virginia University and is included in her Ph.D. dissertation [1].

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Hernández Jiménez, J.: Multimodal approach for malware detection. Ph.D. thesis, West Virginia University, Morgantown, WV (April 2019)

    Google Scholar 

  2. Shijo, P., Salim, A.: Integrated static and dynamic analysis for malware detection. Procedia Comput. Sci. 46, 804–811 (2015)

    Article  Google Scholar 

  3. Ahmadi, M., et al.: Malware detection by behavioural sequential patterns. Comput. Fraud Secur. J. 2013, 11–19 (2013)

    Article  Google Scholar 

  4. Baltrušaitis, T., et al.: Multimodal machine learning: a survey and taxonomy. IEEE Trans. Pattern Anal. Mach. Intell. 41, 423–443 (2019)

    Article  Google Scholar 

  5. Atrey, P.K., Hossain, M.A., El Saddik, A., Kankanhalli, M.S.: Multimodal fusion for multimedia analysis: a survey. Multimed. Syst. 16, 345–379 (2010)

    Article  Google Scholar 

  6. Yan, P., Yan, Z.: A survey on dynamic mobile malware detection. Softw. Qual. J. 26, 891–919 (2018)

    Article  Google Scholar 

  7. Ye, Y., et al.: A survey on malware detection using data mining techniques. ACM CSUR 50, 41:1–41:40 (2017)

    Google Scholar 

  8. Hernández Jiménez, J., et al.: Malware detection on general-purpose computers using power consumption monitoring: a proof of concept and case study. arXiv preprint arXiv:1705.01977 (2017)

  9. Hernández Jiménez, J., Goseva-Popstojanova, K.: The effect on network flows-based features and training set size on malware detection. In: 17th IEEE International Symposium on NCA, pp. 1–9 (2018)

    Google Scholar 

  10. Hernández Jiménez, J., Goseva-Popstojanova, K.: Malware detection using power consumption and network traffic data. In: 2nd International Conference on Data Intelligence and Security (ICDIS), pp. 53–59. IEEE (2019)

    Google Scholar 

  11. Dawson, J.A., et al.: Rootkit detection through phase-space analysis of power voltage measurements. In: 12th International Conference on MALWARE, pp. 19–27 (2017)

    Google Scholar 

  12. Luckett, P., et al.: Identifying stealth malware using CPU power consumption and learning algorithms. J. Comput. Secur. 26, 589–613 (2018)

    Article  Google Scholar 

  13. Bridges, R., Hernández Jiménez, J., et al.: Towards malware detection via CPU power consumption: data collection design and analytics. In: 17th IEEE International Conference on TrustCom, pp. 1680–1684 (2018)

    Google Scholar 

  14. Wei, S., Aysu, A., Orshansky, M., Gerstlauer, A., Tiwari, M.: Using power-anomalies to counter evasive micro-architectural attacks in embedded systems. In: 2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), pp. 111–120. IEEE (2019)

    Google Scholar 

  15. Dollah, R.F.M., et al.: Machine learning for HTTP botnet detection using classifier algorithms. J. Telecommun. Electron. Comput. Eng. 10, 27–30 (2018)

    Google Scholar 

  16. Bekerman, D., et al.: Unknown malware detection using network traffic classification. In: IEEE Conference on CNS, pp. 134–142 (2015)

    Google Scholar 

  17. Prasse, P., et al.: Malware detection by analysing encrypted network traffic with neural networks. In: ECML PKDD, pp. 73–88 (2017)

    Google Scholar 

  18. Palmieri, F., Fiore, U., Castiglione, A.: A distributed approach to network anomaly detection based on independent component analysis. Concurr. Comput. Pract. Exp. 26, 1113–1129 (2014)

    Article  Google Scholar 

  19. Sainju, A.M., Atkison, T.: An experimental analysis of Windows log events triggered by malware. In: ACM SouthEast Conference, pp. 195–198 (2017)

    Google Scholar 

  20. Ozsoy, M., et al.: Malware-aware processors: a framework for efficient online malware detection. In: International Symposium on HPCA, pp. 651–661 (2015)

    Google Scholar 

  21. De Lorenzo, A., Martinelli, F., Medvet, E., Mercaldo, F., Santone, A.: Visualizing the outcome of dynamic analysis of Android malware with VizMal. J. Inf. Secur. Appl. 50, 102423 (2020)

    Google Scholar 

  22. Fraley, J.B., Figueroa, M.: Polymorphic malware detection using topological feature extraction with data mining. In: IEEE SoutheastCon, pp. 1–7 (2016)

    Google Scholar 

  23. Khan, R.U., et al.: Analysis of ResNet and GoogleNet models for malware detection. J. Comput. Virol. Hacking Tech. 15, 29–37 (2018)

    Article  Google Scholar 

  24. Kapoor, A., Dhavale, S.: Control flow graph based multiclass malware detection using bi-normal separation. Def. Sci. J. 66, 138–145 (2016)

    Article  Google Scholar 

  25. Santos, I., et al.: OPEM: a static-dynamic approach for machine-learning-based malware detection. In: International Joint Conference CISIS Special Sessions, pp. 271–280. Springer (2013)

    Google Scholar 

  26. Anderson, B., et al.: Improving malware classification: bridging the static/dynamic gap. In: Workshop on AISec, pp. 3–14 (2012)

    Google Scholar 

  27. Yan, G., et al.: Exploring discriminatory features for automated malware classification. In: International Conference on DIMVA, pp. 41–61. Springer (2013)

    Google Scholar 

  28. Stiborek, J., et al.: Multiple instance learning for malware classification. Expert Syst. Appl. 93, 346–357 (2018)

    Article  Google Scholar 

  29. Sheen, S., Anitha, R., Natarajan, V.: Android based malware detection using a multifeature collaborative decision fusion approach. Neurocomputing 151, 905–912 (2015)

    Article  Google Scholar 

  30. Chen, L., Hou, S., Ye, Y.: SecureDroid: enhancing security of machine learning-based detection against adversarial Android malware attacks. In: 33rd ACSA Conference, pp. 362–372. ACM (2017)

    Google Scholar 

  31. Yerima, S.Y., Sezer, S.: DroidFusion: a novel multilevel classifier fusion approach for Android malware detection. IEEE Trans. Cybern. 49, 453–466 (2018)

    Article  Google Scholar 

  32. Wang, X., Zhang, D., Su, X., Li, W.: Mlifdect: Android malware detection based on parallel machine learning and information fusion. Secur. Commun. Netw. 2017, 1–14 (2017)

    Google Scholar 

  33. Zhang, Y., et al.: Based on multi-features and clustering ensemble method for automatic malware categorization. In: IEEE Trustcom/BigDataSE/ICESS, pp. 73–82 (2017)

    Google Scholar 

  34. Kim, T., et al.: A multimodal deep learning method for Android malware detection using various features. IEEE Trans. Inf. Forensics Secur. 14, 773–788 (2019)

    Article  Google Scholar 

  35. Wang, C., et al.: A malware detection method based on sandbox, binary instrumentation and multidimensional feature extraction. In: International Conference on BWCCA, pp. 427–438. Springer (2017)

    Google Scholar 

  36. Clevert, D.A., et al.: Fast and accurate deep network learning by exponential linear units. arXiv preprint arXiv:1511.07289 (2015)

  37. Kingma, D.P., Ba, J.: Adam: a method for stochastic optimization. arXiv preprint arXiv:1412.6980 (2014)

  38. Srivastava, N., et al.: Dropout: a simple way to prevent neural networks from overfitting. J. Mach. Learn. Res. 15, 1929–1958 (2014)

    MathSciNet  MATH  Google Scholar 

  39. Hsiao, S.C., Kao, D.Y., Liu, Z.Y., Tso, R.: Malware image classification using one-shot learning with Siamese networks. Procedia Comput. Sci. 159, 1863–1871 (2019)

    Article  Google Scholar 

  40. Feng, S., Zhou, H., Donga, H.: Using deep neural network with small dataset to predict material defects. Mater. Des. 162, 300–310 (2019)

    Article  Google Scholar 

  41. Ghosh, A., et al.: On the robustness of decision tree learning under label noise. In: Pacific-Asia Conference on Knowledge Discovery and Data Mining, pp. 685–697. Springer (2017)

    Google Scholar 

  42. Nettleton, D.F., Orriols-Puig, A., Fornells, A.: A study of the effect of different types of noise on the precision of supervised learning techniques. Artif. Intell. Rev. 33, 275–306 (2010)

    Article  Google Scholar 

Download references

Acknowledgments

This work is funded by the National Science Foundation under the grant CNS-1618629.

Author information

Authors and Affiliations

  1. West Virginia University, Morgantown, WV, USA

    Jarilyn M. Hernández Jiménez & Katerina Goseva-Popstojanova

  2. MIT Lincoln Laboratory, Lexington, MA, USA

    Jarilyn M. Hernández Jiménez

Authors
  1. Jarilyn M. Hernández Jiménez
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Katerina Goseva-Popstojanova
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jarilyn M. Hernández Jiménez .

Editor information

Editors and Affiliations

  1. Department of Information and Communication Engineering, Faculty of Information Engineering, Fukuoka Institute of Technology, Fukuoka, Japan

    Leonard Barolli

  2. Department of Electrical Engineering and Information Technology, University of Naples “Frederico II”, Naples, Italy

    Flora Amato

  3. Department of Political Science, University of Campania “Luigi Vanvitelli”, Caserta, Italy

    Francesco Moscato

  4. Faculty of Business Administration, Rissho University, Tokyo, Japan

    Tomoya Enokido

  5. Department of Advanced Sciences, Faculty of Science and Engineering, Hosei University, Tokyo, Japan

    Makoto Takizawa

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Hernández Jiménez, J.M., Goseva-Popstojanova, K. (2020). Using Four Modalities for Malware Detection Based on Feature Level and Decision Level Fusion. In: Barolli, L., Amato, F., Moscato, F., Enokido, T., Takizawa, M. (eds) Advanced Information Networking and Applications. AINA 2020. Advances in Intelligent Systems and Computing, vol 1151. Springer, Cham. https://doi.org/10.1007/978-3-030-44041-1_117

Download citation

Publish with us

Policies and ethics

Search

Navigation