Deep-ensemble and multifaceted behavioral malware variant detection model
Every day, hundreds of thousands of new malware programs are developed and spread worldwide in cyberspace. Most of these malware programs are malware variants such as polymorphic and metamorphic malware, which are created from older versions of malware and able to change their structures and functio...
Saved in:
| Main Authors: | , , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Institute of Electrical and Electronics Engineers Inc.
2022
|
| Subjects: | |
| Online Access: | http://eprints.utm.my/104359/1/FuadAbdulgaleel2022_DeepEnsembleandMultifacetedBehavioralMalware.pdf http://eprints.utm.my/104359/ http://dx.doi.org/10.1109/ACCESS.2022.3168794 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my.utm.104359 |
|---|---|
| record_format |
eprints |
| spelling |
my.utm.1043592024-02-04T09:33:44Z http://eprints.utm.my/104359/ Deep-ensemble and multifaceted behavioral malware variant detection model Al-Hashmi, Asma A. Ghaleb, Fuad A. Al-Marghilani, A. Yahya, Abdulsamad E. Ebad, Shouki A. Muhammad Saqib, M. S. Darem, Abdulbasit A. QA75 Electronic computers. Computer science Every day, hundreds of thousands of new malware programs are developed and spread worldwide in cyberspace. Most of these malware programs are malware variants such as polymorphic and metamorphic malware, which are created from older versions of malware and able to change their structures and function flows to circumvent security solutions. The accuracy of malware variant detection is a crucial challenge. Many existing malware variant detections use static features extracted from the physical structure of malware file, such as opcodes and function flows. Unfortunately, the static features are subject to obfuscation and code shelling using simple obfuscation techniques. Although a malware variant can change its structure and function flows, it is widely believed that the malware variant cannot hide its malicious behavioral patterns during the runtime. Accordingly, dynamic, or behavioral analysis-based features were suggested by many studies to detect malware variants accurately. However, most of these studies are solely dependent on application-programmable interface calls (or API calls), which is not enough to accurately distinguish between malware and benign due to API-based obfuscation techniques. Therefore, a malware variant detection model that combines different behavioral activities can improve detection accuracy while reducing the false-negative rate. To this end, this study proposed a Deep-Ensemble and Multifaceted Behavioral Malware Variant Detection Model using Sequential Deep Learning and Extreme Gradient Boosting Techniques. Different behavioral features were extracted from the dynamic analysis environment. Then, a feature extraction algorithm that can automatically extract effective representative patterns has been designed and developed to extract the hidden representative features of the malware variants using a sequential deep learning model. These features have been fed into a developed extreme gradient boosting-based classifier for decision making. Extensive experiments have been carried out to validate the proposed scheme. The results were compared to the other related techniques in the field. The results show that the proposed model is reliable, as it improves the detection rate while reducing the false-negative rate. Institute of Electrical and Electronics Engineers Inc. 2022 Article PeerReviewed application/pdf en http://eprints.utm.my/104359/1/FuadAbdulgaleel2022_DeepEnsembleandMultifacetedBehavioralMalware.pdf Al-Hashmi, Asma A. and Ghaleb, Fuad A. and Al-Marghilani, A. and Yahya, Abdulsamad E. and Ebad, Shouki A. and Muhammad Saqib, M. S. and Darem, Abdulbasit A. (2022) Deep-ensemble and multifaceted behavioral malware variant detection model. IEEE Access, 10 (NA). pp. 42762-42777. ISSN 2169-3536 http://dx.doi.org/10.1109/ACCESS.2022.3168794 DOI : 10.1109/ACCESS.2022.3168794 |
| institution |
Universiti Teknologi Malaysia |
| building |
UTM Library |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
Universiti Teknologi Malaysia |
| content_source |
UTM Institutional Repository |
| url_provider |
http://eprints.utm.my/ |
| language |
English |
| topic |
QA75 Electronic computers. Computer science |
| spellingShingle |
QA75 Electronic computers. Computer science Al-Hashmi, Asma A. Ghaleb, Fuad A. Al-Marghilani, A. Yahya, Abdulsamad E. Ebad, Shouki A. Muhammad Saqib, M. S. Darem, Abdulbasit A. Deep-ensemble and multifaceted behavioral malware variant detection model |
| description |
Every day, hundreds of thousands of new malware programs are developed and spread worldwide in cyberspace. Most of these malware programs are malware variants such as polymorphic and metamorphic malware, which are created from older versions of malware and able to change their structures and function flows to circumvent security solutions. The accuracy of malware variant detection is a crucial challenge. Many existing malware variant detections use static features extracted from the physical structure of malware file, such as opcodes and function flows. Unfortunately, the static features are subject to obfuscation and code shelling using simple obfuscation techniques. Although a malware variant can change its structure and function flows, it is widely believed that the malware variant cannot hide its malicious behavioral patterns during the runtime. Accordingly, dynamic, or behavioral analysis-based features were suggested by many studies to detect malware variants accurately. However, most of these studies are solely dependent on application-programmable interface calls (or API calls), which is not enough to accurately distinguish between malware and benign due to API-based obfuscation techniques. Therefore, a malware variant detection model that combines different behavioral activities can improve detection accuracy while reducing the false-negative rate. To this end, this study proposed a Deep-Ensemble and Multifaceted Behavioral Malware Variant Detection Model using Sequential Deep Learning and Extreme Gradient Boosting Techniques. Different behavioral features were extracted from the dynamic analysis environment. Then, a feature extraction algorithm that can automatically extract effective representative patterns has been designed and developed to extract the hidden representative features of the malware variants using a sequential deep learning model. These features have been fed into a developed extreme gradient boosting-based classifier for decision making. Extensive experiments have been carried out to validate the proposed scheme. The results were compared to the other related techniques in the field. The results show that the proposed model is reliable, as it improves the detection rate while reducing the false-negative rate. |
| format |
Article |
| author |
Al-Hashmi, Asma A. Ghaleb, Fuad A. Al-Marghilani, A. Yahya, Abdulsamad E. Ebad, Shouki A. Muhammad Saqib, M. S. Darem, Abdulbasit A. |
| author_facet |
Al-Hashmi, Asma A. Ghaleb, Fuad A. Al-Marghilani, A. Yahya, Abdulsamad E. Ebad, Shouki A. Muhammad Saqib, M. S. Darem, Abdulbasit A. |
| author_sort |
Al-Hashmi, Asma A. |
| title |
Deep-ensemble and multifaceted behavioral malware variant detection model |
| title_short |
Deep-ensemble and multifaceted behavioral malware variant detection model |
| title_full |
Deep-ensemble and multifaceted behavioral malware variant detection model |
| title_fullStr |
Deep-ensemble and multifaceted behavioral malware variant detection model |
| title_full_unstemmed |
Deep-ensemble and multifaceted behavioral malware variant detection model |
| title_sort |
deep-ensemble and multifaceted behavioral malware variant detection model |
| publisher |
Institute of Electrical and Electronics Engineers Inc. |
| publishDate |
2022 |
| url |
http://eprints.utm.my/104359/1/FuadAbdulgaleel2022_DeepEnsembleandMultifacetedBehavioralMalware.pdf http://eprints.utm.my/104359/ http://dx.doi.org/10.1109/ACCESS.2022.3168794 |
| _version_ |
1792147698289213440 |
| score |
13.211869 |