Cuckoo-based Malware Dynamic Analysis

doi:10.23940/ijpe.19.03.p6.772781

Int J Performability Eng ›› 2019, Vol. 15 ›› Issue (3): 772-781.doi: 10.23940/ijpe.19.03.p6.772781

Previous Articles Next Articles

Cuckoo-based Malware Dynamic Analysis

Lele Wang^a, Binqiang Wang^a, Jiangang Liu^b, Qiguang Miao^c, and Jianhui Zhang^{a, *}

a National Digital Switching System Engineering and Technological Research Center, Zhengzhou, 450002, China;
b Nanjing Information Technology Institute, Nanjing, 210000, China;
c Department of Computer Science, Xidian University, Xi'an, 710071, China

Submitted on ; Revised on ;
Contact: ndsczjh@163.com
About author:Lele Wang is a Ph.D. student at the National Digital Switching System Engineering and Technology Research Center whose main research direction is information security.Binqiang Wang is a professor and doctoral tutor at the National Digital Switching System Engineering and Technology Research Center. His research interests include network security and broadband information networks.Jiangang Liu is a researcher at the Nanjing Information Technology Institute whose main research direction is information security.Qiguang Miao is a professor and Ph.D. supervisor in the School of Computer Science at Xidian University as well as a director of the China Computer Federation (CCF), chairman of CCF YOCSEF, member of the CCF Artificial Intelligence and Pattern Recognition Committee, standing committee member of the CCF Computer Vision Committee, and IEEE senior member. His main research directions include intelligent image processing, machine learning, and high performance computing.Jianhui Zhang is an associate research fellow at the National Digital Switching System Engineering and Technology Research Center whose main research direction is broadband information networks.

Abstract

Abstract: Aiming at the problems of the huge number of malware currently in the big data environment, the insufficient ability of automatic malware analysis available, and the inefficiency of the classification of malicious attributes, in this paper, we propose a Cuckoo-based malware dynamic analysis system that can be extended, analyzed quickly, and has application value. The system proposes a semantic feature model based on deep learning, uses a deep recursive neural network model to describe the multi-layered aggregation relationship of program semantics, and builds a malware semantic aggregation model. The model can automatically complete the acquisition and analysis of behavioural features of unknown program samples and perform attribute discrimination on unknown program samples efficiently and accurately.

Key words: cuckoo, dynamic analysis, deep learning

Lele Wang, Binqiang Wang, Jiangang Liu, Qiguang Miao, and Jianhui Zhang. Cuckoo-based Malware Dynamic Analysis [J]. Int J Performability Eng, 2019, 15(3): 772-781.

Add to citation manager EndNote|Reference Manager|ProCite|BibTeX|RefWorks

References

1. J. R. Xue, J. W. Fang, and P. Zhang, “A Survey of Scene Understanding by Event Reasoning in Autonomous Driving,” nternational Journal of Automation and Computing , Vol. 15, No. 3, pp. 1-18, 2018
2. G. Hinton, S. Osindero, M. Welling,Y. W. Teh, “Unsupervised Discovery of Nonlinear Structure using Contrastive Backpropagation,” Cognitive Science, Vol. 30, No. 4, pp. 725-731, 2006
3. J. R. Bai, J. F. Wang,Z. Q. Zhao, “Malware Detection Approach based on Structural Feature of PE File,” Computer Science, Vol. 40, No. 1, pp. 122-126, 2013
4. A. Moser, C. Kruegel,E. Kirda, “Limits of Static Analysis for Malware Detection,” inProceedings of Twenty-third Annual Computer Security Applications Conference, pp. 421-430, 2007
5. M. Egele, T. Scholte, E. Kirda,C. Kruegel, “A Survey on Automated Dynamic Malware-Analysis Techniques and Tools,” ACM Computing Surveys, Vol. 44, No. 2, pp. 1-42, 2012
6. U. Bayer, A. Moser, C. Kruegel,E. Kirda, “Dynamic Analysis of Malicious Code,” Journal in Computer Virology, Vol. 2, No. 1, pp. 67-77, 2006
7. C. Willems, T. Holz,F. Freiling, “Toward Automated Dynamic Malware Analysis using CWsandbox,” IEEE Security & Privacy, Vol. 5, No. 2, pp. 32-39, 2007
8. F. Ahmed, H. Hameed, M. Z. Shafiq,M. Farooq, “Using Spatio-Temporal Information in API Calls with Machine Learning Algorithms for Malware Detection,” inProceedings of ACM Workshop on Security and Artificial Intelligence, pp. 55-62, 2009
9. J. Ouellette, A. Pfeffer,A. Lakhotia, “Countering Malware Evolution using Cloud-Based Learning,” inProceedings of International Conference on Malicious and Unwanted Software, pp. 85-94, 2013
10. W. Rui, D. G. Feng, Y. Yi,S. U.Pu-Rui, “Semantics-based Malware Behavior Signature Extraction and Detection Method,” Journal of Software, Vol. 23, No. 2, pp. 378-393, 2012
11. Y. Li, R. Ma,R. Jiao, “A Hybrid Malicious Code Detection Method based on Deep Learning,” International Journal of Software Engineering and its Applications, Vol. 9, No. 5, pp. 205-216, 2015
12. L. I.Chun-Lin, Y. J. Huang, H. Wang, and C. X. Niu, “Detection of Network Intrusion based on Deep Learning,” inProceedings of Information Security & Communications Privacy
13. J. Watson, “VirtualBox: Bits and Bytes Masquerading as Machines,” Linux Journal, Vol. 2008, No. 166, 2008
14. F. Bellard, “QEMU, A Fast and Portable Dynamic Translator,” in Proceedings of USENIX Annual Technical Conference, FREENIX Track, pp. 41-44, 2005
15. C. Guarnieri, A. Tanasi, J. Bremer,M. Schloesser, “The Cuckoo Sandbox,” (http://cuckoosandbox.org, 2012
16. J. Choi, H. Kim, C. Choi,P. Kim, “Efficient Malicious Code Detection using N-gram Analysis and SVM,” inProceedings of the 14th International Conference on Network-based Information Systems, Vol. 16, pp. 618-621, 2011
17. E. Raff, R. Zak, R. Cox, J. Sylvester, P. Yacci, R. Ward, et al., “An Investigation of Byte N-gram Features for Malware Classification,” Journal of Computer Virology and Hacking Techniques, Vol. 14, No. 1, pp. 1-20, 2018
18. R. Moskovitch, C. Feher, N. Tzachar, E. Berger, M. Gitelman, S. Dolev, et al., “Unknown Malcode Detection using OPCODE Representation,” inProceedings of the First European Conference on Intelligence and Security Informatics, Vol. 5376, pp. 204-215, 2008
19. A. A. E.Elhadi, M. A. Maarof, and A. H. Osman, “Malware Detection based on Hybrid Signature Behaviour Application Programming interface Call Graph,” American Journal of Applied Sciences, Vol. 9, No. 3, pp. 283-288, 2012
20. P. Faruki, V. Laxmi, M. S. Gaur,P. Vinod, “Mining Control Flow Graph as API Call-Grams to Detect Portable Executable Malware,” inProceedings of the Fifth International Conference on Security of Information and Networks, pp. 130-137, ACM, October, 2012
21. B. Anderson, D. Quist, J. Neil, C. Storlie,T. Lane, “Graph-based Malware Detection using Dynamic Analysis,” Journal in Computer Virology, Vol. 7, No. 4, pp. 247-258, 2011
22. S. Alam, I. Traore,I. Sogukpinar, “Annotated Control Flow Graph for Metamorphic Malware Detection.,” The Computer Journal, Vol. 58, No. 10, pp. 2608-2621, 2015
23. Y. Cao, Q. Miao, J. Liu,L. Gao, “Abstracting Minimal Security-Relevant Behaviors for Malware Analysis,” Journal of Computer Virology and Hacking Techniques, Vol. 9, No. 4, pp. 193-204, 2013
24. G. E. Hinton, “Learning Distributed Representations of Concepts,” in Proceedings of the Eighth Annual Conference of the Cognitive Science Society, Vol. 1, pp. 12, 1986
25. A. Mnih and G. Hinton, “Three New Graphical Models for Statistical Language Modeling,” inProceedings of International Conference on Machine Learning, pp. 641-648, ACM, 2007
26. A. Mnih and G. E. Hinton, “A Scalable Hierarchical Distributed Language Model,”Advances in Neural Information Processing Systems, pp. 1081-1088, 2009
27. R. Socher, C. D. Manning,A. Y. Ng, “Learning Continuous Phrase Representations and Syntactic Parsing with Recursive Neural Networks,” inProceedings of the NIPS-2010 Deep Learning and Unsupervised Feature Learning Workshop, Vol. 2010, pp. 1-9, 2010
28. R. Socher, A. Perelygin, J. Wu, J. Chuang, C. D. Manning, A. Ng, et al., “Recursive Deep Models for Semantic Compositionality over a Sentiment Treebank,” in Proceedings of the 2013 Conference on Empirical Methods in Natural Language Processing, pp. 1631-1642, 2013

[1]	Janarthanan Sekar and Ganesh Kumar T. Hyperparameter Tuning in Deep Learning-Based Image Classification to Improve Accuracy using Adam Optimization [J]. Int J Performability Eng, 2023, 19(9): 579-586.
[2]	Sanjay Razdan, Himanshu Gupta, and Ashish Seth. D-SVM: A Deep Support Vector Machine Model with Different Kernel Types for Improved Intrusion Detection Performance [J]. Int J Performability Eng, 2023, 19(9): 598-606.
[3]	Aashita Rajput, Muskan Yadav, Sachin Yadav, Megha Chhabra, and Arun Prakash Agarwal. Patch-Based Breast Cancer Histopathological Image Classification using Deep Learning [J]. Int J Performability Eng, 2023, 19(9): 607-623.
[4]	Kavita Pandey, and Dhiraj Pandey. Real-Time Crop Disease Detection and Remedial Suggestion through Deep Learning-based Smartphone Application [J]. Int J Performability Eng, 2023, 19(8): 491-498.
[5]	Savita Khurana, Gaurav Sharma, and Bhawna Sharma. Hybrid Machine Learning Model for Load Prediction in Cloud Environment [J]. Int J Performability Eng, 2023, 19(8): 507-515.
[6]	Manvi Khatri and Ajay Sharma. Deep Learning Approach based on Iris, Face, and Palmprint Fusion for Multimodal Biometric Recognition System [J]. Int J Performability Eng, 2023, 19(6): 407-416.
[7]	Shreshtha Singh and Arun Sharma. State of the Art Convolutional Neural Networks [J]. Int J Performability Eng, 2023, 19(5): 342-349.
[8]	Vaishali Arya and Tapas Kumar. Boosting X-Ray Scans Feature for Enriched Diagnosis of Pediatric Pneumonia using Deep Learning Models [J]. Int J Performability Eng, 2023, 19(3): 175-183.
[9]	Shikha Choudhary and Bhawna Saxena. Image-Based Crop Disease Detection using Machine Learning Approaches: A Survey [J]. Int J Performability Eng, 2023, 19(2): 122-132.
[10]	Pavneet Singh, Jigyasa Chopra, Amandeep Singh, Nikita Nijhawan, and Kritika. Deep Learning Innovations for Enhanced Drusen Detection in Retinal Images [J]. Int J Performability Eng, 2023, 19(12): 779-787.
[11]	Mansi Mahendru and Sanjay Kumar Dubey. Portable Learning Approach towards Capturing Social Intimidating Activities using Big Data and Deep Learning Technologies [J]. Int J Performability Eng, 2022, 18(9): 668-678.
[12]	Sandhya Alagarsamy and Visumathi James. RNN LSTM-based Deep Hybrid Learning Model for Text Classification using Machine Learning Variant XGBoost [J]. Int J Performability Eng, 2022, 18(8): 545-551.
[13]	K. Lavanya, Smrithi Prakash, Yash Gedam, Altamash Aijaz, and L. Ramanathan. Real Time Digital Face Mask Detection using MobileNet-V2 and SSD with Apache Spark [J]. Int J Performability Eng, 2022, 18(8): 598-604.
[14]	Rajan Prasad Tripathi, Sunil Kumar Khatri, and Darelle Van Greunen. Relative Examination of Breast Malignant Growth Analysis Utilizing Different Machine Learning Algorithms [J]. Int J Performability Eng, 2022, 18(6): 417-425.
[15]	Poonam Narang, Ajay Vikram Singh, and Himanshu Monga. Hybrid Metaheuristic Approach for Detection of Fake News on Social Media [J]. Int J Performability Eng, 2022, 18(6): 434-443.

Cuckoo-based Malware Dynamic Analysis

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended 0