TY - GEN
T1 - A Malware Classification Method Based on the Capsule Network
AU - Wang, Ziyu
AU - Han, Weijie
AU - Lu, Yue
AU - Xue, Jingfeng
N1 - Publisher Copyright:
© 2020, Springer Nature Switzerland AG.
PY - 2020
Y1 - 2020
N2 - Malware has become a serious threat to network security. Traditional static analysis methods usually cannot effectively detect packers, obfuscations, and variants. Dynamic analysis is not efficient when dealing with large amounts of malware. Aiming at the shortcomings of the existing methods, this paper proposes a method for analyzing malware based on the capsule network. It uses a supervised learning method to train the capsule network with a large number of malware samples with existing category labels. In the process of constructing features, this paper adopts a method of combining static features and dynamic features to extract the operation code information based on static analysis, and extract the API call sequence information based on general analysis. Both characteristics can well represent the structure and behavior of malware. Then use N-Gram to construct sequence features, visualize the N-Gram sequence, generate malware images, and finally use the capsule network for classification detection. In addition, this paper improves the original capsule network and verifies the effect of the improved model.
AB - Malware has become a serious threat to network security. Traditional static analysis methods usually cannot effectively detect packers, obfuscations, and variants. Dynamic analysis is not efficient when dealing with large amounts of malware. Aiming at the shortcomings of the existing methods, this paper proposes a method for analyzing malware based on the capsule network. It uses a supervised learning method to train the capsule network with a large number of malware samples with existing category labels. In the process of constructing features, this paper adopts a method of combining static features and dynamic features to extract the operation code information based on static analysis, and extract the API call sequence information based on general analysis. Both characteristics can well represent the structure and behavior of malware. Then use N-Gram to construct sequence features, visualize the N-Gram sequence, generate malware images, and finally use the capsule network for classification detection. In addition, this paper improves the original capsule network and verifies the effect of the improved model.
KW - API
KW - Capsule network
KW - Malware
KW - N-Gram
UR - http://www.scopus.com/inward/record.url?scp=85097150367&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-62223-7_4
DO - 10.1007/978-3-030-62223-7_4
M3 - Conference contribution
AN - SCOPUS:85097150367
SN - 9783030622220
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 35
EP - 49
BT - Machine Learning for Cyber Security - Third International Conference, ML4CS 2020, Proceedings
A2 - Chen, Xiaofeng
A2 - Yan, Hongyang
A2 - Yan, Qiben
A2 - Zhang, Xiangliang
PB - Springer Science and Business Media Deutschland GmbH
T2 - 3rd International Conference on Machine Learning for Cyber Security, ML4CS 2020
Y2 - 8 October 2020 through 10 October 2020
ER -