Ensemble Malware Classifier considering PE Section Information

IF 0.4 4区计算机科学 Q4 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE Ieice Transactions on Fundamentals of Electronics Communications and Computer Sciences Pub Date : 2023-01-01 DOI:10.1587/transfun.2023cip0024

Ren TAKEUCHI, Rikima MITSUHASHI, Masakatsu NISHIGAKI, Tetsushi OHKI

{"title":"Ensemble Malware Classifier considering PE Section Information","authors":"Ren TAKEUCHI, Rikima MITSUHASHI, Masakatsu NISHIGAKI, Tetsushi OHKI","doi":"10.1587/transfun.2023cip0024","DOIUrl":null,"url":null,"abstract":"The war between cyber attackers and security analysts is gradually intensifying. Owing to the ease of obtaining and creating support tools, recent malware continues to diversify into variants and new species. This increases the burden on security analysts and hinders quick analysis. Identifying malware families is crucial for efficiently analyzing diversified malware; thus, numerous low-cost, general-purpose, deep-learning-based classification techniques have been proposed in recent years. Among these methods, malware images that represent binary features as images are often used. However, no models or architectures specific to malware classification have been proposed in previous studies. Herein, we conduct a detailed analysis of the behavior and structure of malware and focus on PE sections that capture the unique characteristics of malware. First, we validate the features of each PE section that can distinguish malware families. Then, we identify PE sections that contain adequate features to classify families. Further, we propose an ensemble learning-based classification method that combines features of highly discriminative PE sections to improve classification accuracy. The validation of two datasets confirms that the proposed method improves accuracy over the baseline, thereby emphasizing its importance.","PeriodicalId":55003,"journal":{"name":"Ieice Transactions on Fundamentals of Electronics Communications and Computer Sciences","volume":null,"pages":null},"PeriodicalIF":0.4000,"publicationDate":"2023-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Ieice Transactions on Fundamentals of Electronics Communications and Computer Sciences","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1587/transfun.2023cip0024","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

The war between cyber attackers and security analysts is gradually intensifying. Owing to the ease of obtaining and creating support tools, recent malware continues to diversify into variants and new species. This increases the burden on security analysts and hinders quick analysis. Identifying malware families is crucial for efficiently analyzing diversified malware; thus, numerous low-cost, general-purpose, deep-learning-based classification techniques have been proposed in recent years. Among these methods, malware images that represent binary features as images are often used. However, no models or architectures specific to malware classification have been proposed in previous studies. Herein, we conduct a detailed analysis of the behavior and structure of malware and focus on PE sections that capture the unique characteristics of malware. First, we validate the features of each PE section that can distinguish malware families. Then, we identify PE sections that contain adequate features to classify families. Further, we propose an ensemble learning-based classification method that combines features of highly discriminative PE sections to improve classification accuracy. The validation of two datasets confirms that the proposed method improves accuracy over the baseline, thereby emphasizing its importance.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

考虑PE截面信息的集成恶意软件分类器

网络攻击者和安全分析师之间的战争正在逐渐加剧。由于易于获取和创建支持工具，最近的恶意软件继续向变体和新物种多样化。这增加了安全分析人员的负担，阻碍了快速分析。识别恶意软件家族是有效分析各种恶意软件的关键;因此，近年来提出了许多低成本、通用、基于深度学习的分类技术。在这些方法中，经常使用将二进制特征表示为图像的恶意软件映像。然而，在以往的研究中，并没有提出针对恶意软件分类的模型或架构。在这里，我们对恶意软件的行为和结构进行了详细的分析，并专注于捕获恶意软件独特特征的PE部分。首先，我们验证了每个PE部分可以区分恶意软件家族的特征。然后，我们确定PE部分包含足够的特征来分类家庭。此外，我们提出了一种基于集成学习的分类方法，该方法结合了高判别性PE截面的特征来提高分类精度。两个数据集的验证证实了所提出的方法比基线提高了精度，从而强调了它的重要性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Ieice Transactions on Fundamentals of Electronics Communications and Computer Sciences 工程技术-工程：电子与电气

CiteScore

1.10

自引率

20.00%

发文量

137

审稿时长

3.9 months

期刊介绍： Includes reports on research, developments, and examinations performed by the Society''s members for the specific fields shown in the category list such as detailed below, the contents of which may advance the development of science and industry: (1) Reports on new theories, experiments with new contents, or extensions of and supplements to conventional theories and experiments. (2) Reports on development of measurement technology and various applied technologies. (3) Reports on the planning, design, manufacture, testing, or operation of facilities, machinery, parts, materials, etc. (4) Presentation of new methods, suggestion of new angles, ideas, systematization, software, or any new facts regarding the above.