Research of Obfuscated Malware with a Capsule Neural Network
DOI:
https://doi.org/10.51408/1963-0094Keywords:
Capsule neural network, Context triggered piecewise hashing, Edit distance, Intrusion detection system, Transfer learningAbstract
The paper presents the results of a research of using transfer training of the capsule neural network to detect malware. The research was carried out on the basis of the source code of malware using the context-triggered piecewise hashing method. The source codes of malware were obtained from public sources of software. Verification of the capsule neural network learning results was carried out using a trained convolutional neural network, and publicly available sources of test to malware. The research was conducted on six types of malware. Software source code, part of capsule neural network training datasets, pre-trained capsule neural network, and full research are publicly available at https://github.com/T-JN.
References
D. Ashok Kumar and S. R.Venugopalan, “Intrusion Detection Systems: A Review” International Journal of Advanced Research in Computer Science, vol. 8, no 8, pp.356--370, 2017.
O. Shelukhin, D. Sakalema and A.Filinov, Detection of intrusions into computer networks. Hot line-Telecom, 2018.
S. Survey and D. Usha, “A survey of intrusion detection system in IoT devices”, International Journal of Advanced Research (IJAR), vol 6, pp. 23-31, 2018.
H.Hindy et al., “A taxonomy of network threats and the effect of current datasets on intrusion detection system”, arXiv preprint arXiv:1806.03517, 2020.
Tuan-Hong Chua and Iftektar Salam, “Evaluation of machine learning algorithms in network-based intrusion detection system”, arXiv preprint arXiv:2203.05232, 2022.
Snort intrusion detection and prevention system official website. [Online]. Available https://www.snort.org/
Suricata intrusion detection and prevention system official website. [Online]. Available https://suricata.io/
Zeek an open source Network Security Monitoring tool system official website. [Online]. Available https://zeek.org/
Cisco NGIPS system web pages. [Online]. Available https://www.cisco.com/c/ru_ru/products/security/ngips/index.html
F.Maymi and S.Harrris, CISSP, Exam Guide, Ninth Edition, Mc Graw Hill, New York, San Prancisco, Singapore, Sydney, Toronto, 2022.
C. Chio and D. Freeman, Machine Learning and Security, O`Reilly®, Boston•Sebastopol• Tokyo, 2020.
M. Collins, Network Security. Through Data Analysis, O`Reilly® (DMK press), 2020.
ISO/IEC 7498-1, Second edition 1994-11-15. Corrected and reprinted, 1996.
MITRE ATT&CK® official website. [Online]. Available https://attack.mitre.org/matrices/enterprise/
CVE cybersecurity web pages. [Online]. Available https://cve.mitre.org/index.html
OWASP Cheat Sheet Series. [Online].Available https://cheatsheetseries.owasp.org/cheatsheets/Attack_Surface_Analysis_Cheat_Sheet.html
A. Cheremushkin, “Cryptographig protocols: Main properties and vulnerabilites”, PDM , vol.2 appendix, pp.115-150, 2009.
T. V. Jamgharyan and V.H.Ispiryan, “Model of generative network attack” Proceedings of 13th International Conference on Computer Science and Information Technologies (CSIT), Yerevan, Armenia, pp. 90-94, 2021.
A. Ul Haq et al, “Addressing tactic volatility in self-adaptive systems using evolved recurrent neural networks and uncertainty reductions tactics”, arXiv preprint arXiv:2204.10308v1, 2022.
S. Das, “FGAN: Federated generative adversarial networks for anomaly detection in network traffic”, arXiv preprint arXiv:2203.11106v1, 2022.
Sk.Tanzir Mehedi, “Dependable intrusion detection system for iot: a deep transfer learning –based approach”, arXiv preprint arXiv:2204.0483v1,2022.
I. Panagiotis et al, “Securing the Smart Grid: A Comprehensive Compilation of Intrusion Detection and Prevention Systems”, DOI 10.1109/Access, 2017.
A. S. Dina et al , “Effect of balancing data using synhthetic data on the performance machine learning classifiers for intrusion detection in computer networks”, arXiv preprint arXiv:2204.00144v1,2022.
T.Nathuya and G.Suseendram, An Effective Hybrid Intrusion Detection System for Use in Security Monitoring in the Virtual Network Layer of Cloud Computing Technology, Springer Nature, Singapore, 2019.
E.Pelofske, “A robust cubersecurity topic classification tool”, International Journal of Network Security & Its Application (IJNSA), vol.14, № 1, pp. 1-25, 2022.
G.Renjith et al, “GANG-MAM: GAN based enGine for modifying android malware” arXiv preprint arXiv: 2109.13297, 2021.
F.Zhong et al, “MalFox: Camouflaged adversarial malware example generation based on Conv-GANs againist black—box detectors”, arXiv preprint arXiv: 2011.01509, 2021.
B.E.Zolbayar et al, “Generating practical adversarial network traffic flows using NIDSGAN”, arXiv preprint arXiv: 2203.06694v1, 2022.
Md.Ariful Haqua, R.Palit, “ A review on deep neural network for computer network traffic classification”, arXiv preprint arXiv: 2205.10830v1, 2022.
D. Kus et al, “A false sense of security? Revisting the state of machine learning-based industrial intrusion system”, arXiv preprint arXiv: 2205.09199v1, 2022.
S.Layeghy and M. Portmann, “On generalisibility of mashnine learning-based network intrusion detection systems”, arXiv preprint arXiv: 2205.041112v1,2022.
S.Sohail et al, “Explainable and optimally configured artifical neural networks for attack detections in smart homes”, arXiv preprint arXiv:2205.080443v1,2202.
T. Jamgharyan, “Research of the data preparation algorithm for training generative-adversarial network”, Bulletin of High Technology, no. 19, pp. 40-50, 2022.
Kaggle datasets base website. [Online]. Available https://www.kaggle.com/datasets
Registry of Open Data on AWS website. [Online]. Available https://registry.opendata.aws/
Public data sets for testing and prototyping. [Online]. Available https://docs.microsoft.com/en-us/azure/azure-sql/public-data-sets?view=azuresql
Datasets base website. [Online]. Available http://apolloscape.auto/
Datasets of overhead imagery. [Online]. Available http://xviewdataset.org/#dataset
Google open images dataset. [Online]. Available https://ai.googleblog.com/2016/09/introducing-open-images-dataset.html
MalwareBazaar Database. [Online]. Available https://bazaar.abuse.ch/browse/
Malware database. [Online]. Available http://vxvault.net/ViriList.php
A free malware repository for researches. [Online]. Available https://malshare.com/
Malware repository. [Online]. Available https://avcaesar.malware.lu/
Malware repository. [Online]. Available https://www.virusign.com/
Viruses repository. [Online]. Available https://virusshare.com/
A live malware repository. [Online]. Available https://github.com/ytisf/theZoo
F.Wang et al, “An efficient unsupervised domain adaptation deep learning model for unknown malware detection”, International conference on security and privacy in new computing environments (SPNCE ), vol. 423, pp. 64 -76, 2022.
G. Pitolli et al, “MalFamAware: automatic family identification and malware classification through online clustering”, International Journal of information security vol. 20, pp. 371-386, 2021.
S. David, R. Anand, V. Jeyakrishnan and M Niranjanamurthy, “Security issues and privacy concerns in industry 4.0 applications”, Wiley, Beverly, 2021.
I. Priyadarshimi and R.Sharma, “Artifical Intelligency and Cybersecurity”, CRC Press Taylor&Francis Group, New York, 2022.
Encyclopedia by Kasperky. [Online].Available https://encyclopedia.kaspersky.ru/glossary/indicator-of-compromise-ioc/
Nettitude labs web site. [Online].Available https://labs.nettitude.com/blog/context-triggered-piecewise-hashing-to-detect-malware-similarity/
S.Kumar and Sudhakar, “MCFT-CNN: Malware classification with-tune convolutional neural networks using traditional and transfer learning in IoT”, DOI 10.1016 Future Generation Computer systems, vol.25 pp. 334-351, 2021.
C.Rong et al, “TransNet: Unseen malware variants detection using deep transfer learning”, International Conference on Security and Privacy in communication systems (LNICST) vol.336, pp.84-101, 2020.
R.Mortier et al, “Distributed data analysis”, arXiv preprint arXiv:.2203.14088.2021.
D.Pogorelov et al, “Comparative analysis of the Levenstein and Dameray-Levenstein edit distance algorithms”, Processing of Moscow State University after N.Bauman, vol. 31, pp. 803-811, 2019.
ssdeep software project website. [Online].Available https://ssdeep-project.github.io/ssdeep/index.html Professional information and analytical resource dedicated to machine learning, pattern recognition and data mining. [Online].Available http://www.machinelearning.ru/wiki/index.php?title=%D0%9A%D0%BE%D1%80%D1%80%D0%B5%D0%BB%D1%8F%D1%86%D0%B8%D1%8F_%D0%9C%D1%8D%D1%82%D1%8C%D1%8E%D1%81%D0%B0
Capsule networks paperspace. [Online]. Available https://blog.paperspace.com/capsule- networks/
Free service that analyzes malware. [Online].Available https://www.virustotal.com/
Malware scanning platform. [Online].Available https://www.herdprotect.com/
“Dotfuscator” software web pages. [Online].Available https://docs.microsoft.com/ru-ru/visualstudio/ide/dotfuscator/capabilities?view=vs-2022
“Guardsquare” software web site. [Online]. Available https://www.guardsquare.com/proguard
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2022 Timur V. Jamgharyan
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.