MalOSDF: An Opcode Slice-Based Malware Detection Framework Using Active and Ensemble Learning-Reference-Cited by-同舟云学术

MalOSDF: An Opcode Slice-Based Malware Detection Framework Using Active and Ensemble Learning

Published:2024-01-15 Issue:2 Volume:13 Page:359
ISSN:2079-9292
Container-title:Electronics
language:en
Short-container-title:Electronics

Author:

Guo Wenjie¹,Xue Jingfeng¹,Meng Wenheng¹,Han Weijie²,Liu Zishu¹,Wang Yong¹^ORCID,Li Zhongjun¹

Affiliation:

1. School of Computer Science and Technology, Beijing Institute of Technology, Beijing 100081, China

2. School of Space Information, Space Engineering University, Beijing 101416, China

Abstract

The evolution of malware poses significant challenges to the security of cyberspace. Machine learning-based approaches have demonstrated significant potential in the field of malware detection. However, such methods are partially limited, such as having tremendous feature space, data inequality, and high cost of labeling. In response to these aforementioned bottlenecks, this paper presents an Opcode Slice-Based Malware Detection Framework Using Active and Ensemble Learning (MalOSDF). Inspired by traditional code slicing technology, this paper proposes a feature engineering method based on opcode slice for malware detection to better capture malware characteristics. To address the challenges of high expert costs and unbalanced sample distribution, this paper proposes the SSEAL (Semi-supervised Ensemble Active Learning) algorithm. Specifically, the semi-supervised learning module reduces data labeling costs, the active learning module enables knowledge mining from informative samples, and the ensemble learning module ensures model reliability. Furthermore, five experiments are conducted using the Kaggle dataset and DataWhale to validate the proposed framework. The experimental results demonstrate that our method effectively represents malware features. Additionally, SSEAL achieves its intended goal by training the model with only 13.4% of available data.

Funder

Major Scientific and Technological Innovation Projects of Shandong Province

National Natural Science Foundation of China

Publisher

MDPI AG

Link

https://www.mdpi.com/2079-9292/13/2/359/pdf

Reference38 articles.

1. (2023, November 10). Kaspersky Cyber Security Solutions for Home and Business|Kaspersky. Available online: https://usa.kaspersky.com/.

2. Hu, Y., Wang, S., Li, W., Peng, J., Wu, Y., Zou, D., and Jin, H. (2023, January 18–20). Interpreters for GNN-Based Vulnerability Detection: Are We There Yet?. Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis, Seattle, WA, USA.

3. Li, H., Cheng, Z., Wu, B., Yuan, L., Gao, C., Yuan, W., and Luo, X. (2023). Black-box Adversarial Example Attack towards FCG Based Android Malware Detection under Incomplete Feature Information. arXiv.

4. Hu, P., Liang, R., Cao, Y., Chen, K., and Zhang, R. (2023, January 9–11). {AURC}: Detecting Errors in Program Code and Documentation. Proceedings of the 32nd USENIX Security Symposium (USENIX Security 23), Anaheim, CA, USA.

5. A survey on malware detection using data mining techniques;Ye;ACM Comput. Surv. (CSUR),2017