MALWARE DETECTION AND CLASSIFICATION USING COMMUNITY DETECTION AND SOCIAL NETWORK ANALYSIS

Despite the efforts of antivirus vendors and researchers to overcome the threat of malware and its growth, malware remains a rampant problem causing significant economic and intellectual property loss. Malware developers evade commercial detection tools by introducing minor code changes and obfuscation, leading to the creation of variants of known malware families. The volume of malware variants being introduced is increasing every day, resulting in the need for new methods to detect and classify malware with high scalability in less time. To this end, we propose a novel technique that exploits community detection properties and social network analysis concepts. The proposed method is based on system call graphs obtained by extracting the system calls found in the execution of the malware files. To study the inherent characteristics of different malware families, we extract features conforming to community and social network properties and use them for classification. A set of 5 models ranging from using only OS-level actions, to the model that includes community-level features and social network features have been presented. The highest performance has been shown to arise when community-level features and social network features were used in combination with malware class-level features. A suite of 9 machine learning algorithms have been used, and the results have been compared. Our evaluation results demonstrate that our combined approach outperforms many previously used methods in malware detection and classification, being able to achieve precision, recall, and accuracy of more than 0.97 using Multilayer Perceptron and k-Nearest Neighbors.

-->

DOWNLOADS

> Paper

> GitHub

> Ucci, D., L. Aniello, and R. Baldoni, “Survey of machine learning techniques for malware analysis”, Computers & Security, 2019. 81: p. 123-147.

> Souri A., Hosseini R., “A state-of-the-art survey of malware detection approaches using data mining techniques", Hum. Cent. Comput. Inf. Sci. 8, 3 (2018).

> Harsha Latha, P. and R. Mohanasundaram, “Classification of Malware detection using Machine Learning Algorithms- A Survey”, International Journal of Scientific Research and Technology, Vol.9, Issue 02, pp 1796-1802, Feb. 2020.

> Gibert D. C. Mateu and J. Planes, “The rise of machine learning for detection and classification of malware: research developments, trends and challenges”, Journal of Network and Computer Applications, Vol. 153, 102526, 1 March 2020

> Hye Min Kim, Hyun Min Song, Jae Woo Seo, Huy Kang Kim, "Andro-simnet: android malware family classification using social network analysis". 2018 16th Annual Conference on Privacy, Security and Trust (PST). 2018. IEEE

> Jae-wook Jang, Jiyoung Woo, Aziz Mohaisen, Jaesung Yun, Huy Kang Kim, "Mal-Netminer: malware classification approach based on social network analysis of system call graph", Mathematical Problems in Engineering, vol 2015, Article ID 769624, 20 pages

> Jiyong Jang, David Brumley, Shobha Venkataraman, “BitShred: feature hashing malware for scalable triage and semantic analysis”, CCS '11: Proceedings of the 18th ACM conference on Computer and communications security

> Yangfang Ye, Tao Li, Donald Adjeroh, S. Sitharama Iyengar, "A survey on malware detection using data mining techniques". ACM Computing Surveys 50, 3, Article 21 June 2017, 40 pages.