Affiliation:
1. School of Electrical Engineering and Computer Science National University of Sciences and Technology Islamabad Pakistan
Abstract
SummaryMalware is a malicious program used for unauthorized access to organizational infrastructure and systems. To overcome challenges of exponential growth of malware, notable research has been made for unsupervised clustering of Windows‐based portable executable (PE). Nevertheless, to the best of our knowledge there has been no research for robust cluster prediction of Windows based PEs using static features. To this end, we proposed an ensemble neural network architecture for unsupervised feature learning and its distribution modeling for robust clustering of PE(s). The novel architecture is a cascaded formation of a deep autoencoder (AE) network and latent distribution modeling (LDM) network. The AE performs feature learning using latent representation and LDM performs the distribution modeling of latent representation using Gaussian approximation. An objective function is also devised for model optimization. The network adjusts the Gaussian components to optimize the distribution modeling. It also performs adjustments for data representations toward related Gaussian centers to make the model behave in adaptive manner. A novel malware dataset has also been collected by employing endpoint security management solution over enterprise network to assess proposed architecture. The dataset contains 21,486 samples including 14,497 malicious and 6989 benign ones. We also performed the evaluation of proposed architecture over publicly available benchmark malware dataset including 138,047 samples comprising 96,742 malicious and 41,323 benign PEs. The experimental results demonstrated that the proposed architecture yielded more than 95% accuracy for cluster prediction. The novel architecture has achieved superior performance and outperformed progressive techniques. The dataset along with implementation are accessible at
bit.ly/3J6ZF8S.
Subject
Computational Theory and Mathematics,Computer Networks and Communications,Computer Science Applications,Theoretical Computer Science,Software
Reference61 articles.
1. TeymourloueiH.Preventative measures in cyber & ransomware attacks for home & small businesses. Paper presented at: Proceedings of the International Conference on Scientific Computing Las Vegas NV; 2016:87‐93.
2. A Comprehensive Review on Malware Detection Approaches
3. A survey of deep learning‐based network anomaly detection;Kwon D;Clust Comput
4. LeeT ModyJJ.Behavioral classification. Paper presented at: Proceedings of the 15th Annual European Institute for Computer Antivirus Research Conference (EICAR) Hamburg Germany; 2006.
5. Behavior-based features model for malware detection