On the Evaluation of Restricted Boltzmann Machines for Malware Identification

Year 2016, Volume: 5 Issue: 3, 69 - 81, 01.09.2016

Kelton Costa Luis Silva Guilherme Martins Gustavo Rosa Rafael Pires Joao Papa

Abstract

In the last years, tablets and smartphones have been widely used with the very same purpose as desktop computers: web browsing, social networking, banking and others, just to name a few. However, we are often facing the problem of keeping our information protected and trustworthy. As a result of their popularity and functionality, mobile devices are a growing target for malicious activities. In such context, mobile malwares have gained significant ground since the emergence and growth of smartphones and handheld devices, thus becoming a real threat. In this paper, we evaluated Restricted Boltzmann Machines RBMs for unsupervised feature learning in the context of malware identification, which turns out to be the main contribution of this work. In order to evaluate the results, we employed two supervised pattern recognition techniques, say that Optimum-Path Forest and Support Vector Machines, as well as a classification approach based on RBMs.

Keywords

—Optimum-Path Forest, Restricted Boltzmann Machines, Malware Detection

References

• [1] D.H. Ackley, G.E. Hinton, and T. J. Sejnowski. A learning algorithm for boltzmann machines. In D. Waltz and J.A. Feldman, editors, Connectionist Models and Their Implications: Readings from Cognitive Science, pages 285–307. Ablex Publishing Corp., Norwood, NJ, USA, 1988.
• [2] A. Arora, S. Garg, and S.K. Peddoju. Malware detection using network traffic analysis in android based mobile devices. In International Conference on Next Generation Mobile Apps, Services and Technologies (NGMAST), 2014 Eighth, pages 66–71, Sept 2014.
• [3] C.-C. Chang and C.-J. Lin. LIBSVM: A library for support vector machines. ACM Transactions on Intelligent Systems and Technology, 2:27:1–27:27, 2011. Software available at http://www.csie.ntu.edu.tw/∼cjlin/libsvm.
• [4] K. A. P. Costa, L. A. M. Pereira, R. Y. M. Nakamura, C. R. Pereira, J. P. Papa, and A. X. Falc˜ao. A nature-inspired approach to speed up optimum-path forest clustering and its application to intrusion detection in computer networks. Information Sciences, 294(10):95– 108, 2015. Innovative Applications of Artificial Neural Networks in Engineering.
• [5] K. A. P. Costa, L. A. Silva, G. B. Martins, G. H. Rosa, C. R. Pereira, and J. P. Papa. Malware detection in android-based mobile environments using optimum-path forest. In 2015 IEEE 14th International Conference on Machine Learning and Applications, ICMLA’15, pages 754–759, 2015.
• [6] Gavrilut D., Cimpoesu M., Anton D., and Ciortuz L. Malware detection using perceptrons and support vector machines. In Computation World: Future Computing, Service Computation, Cognitive, Adaptive, Content, Patterns, pages 283–288, 2009.
• [7] A. P. Felt, M. Finifter, E. Chin, S. Hanna, and D. Wagner. A survey of mobile malware in the wild. In Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM ’11, pages 3–14, New York, NY, USA, 2011. ACM.
• [8] D. Fernandes, K. A. P. Costa, T. A. Almeida, and J. P. Papa. Sms spam filtering through optimum-path forest-based classifiers. In 14th IEEE International Conference on Machine Learning and Applications, ICMLA’15, pages 133–137, 2015.
• [9] U. Fiore, F. Palmieri, A. Castiglione, and A. Santis. Network anomaly detection with the restricted boltzmann machine. Neurocomputing, 122:13–23, 2013. Advances in cognitive and ubiquitous computingSelected papers from the Sixth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS-2012).
• [10] Z. W. Geem. Music-Inspired Harmony Search Algorithm: Theory and Applications. Springer Publishing Company, Incorporated, 1st edition, 2009.
• [11] Z. W. Geem and K.-B. Sim. Parameter-settingfree harmony search algorithm. Applied Mathematics and Computation, 217(8):3881 – 3889, 2010.
• [12] D. F. Guo, A. Sui, and T. Guo. A behavior analysis based mobile malware defense system. In International Conference on Signal Processing and Communication Systems, pages 1–6, 2012.
• [13] J. Haifeng, C. Baojiang, and W. Jianxin. Mining mobile internet packets for malware detection. In Ninth International Conference on P2P, Parallel, Grid, Cloud and Internet Computing, pages 481–486, 2014.
• [14] J. Hamada. New android threat gives phone a root canal. 2011. Available at http://www.symantec.com/connect/blogs/ newandroid-threat-gives-phone-root-canal. [15] G. E. Hinton. Training products of experts by minimizing contrastive divergence. Neural Computation, 14(8):1771–1800, 2002.
• [16] G.E. Hinton. A practical guide to training restricted boltzmann machines. In G. Montavon, G.B. Orr, and K.-R. M ¨uller, editors, Neural Networks: Tricks of the Trade, volume 7700 of Lecture Notes in Computer Science, pages 599–619. Springer Berlin Heidelberg, 2012.
• [17] S. Huda, J. Abawajy, M. Alazab, M. Abdollalihian, R. Islam, and J. Yearwood. Hybrids of support vector machine wrapper and filter based framework for malware detection. Future Generation Computer Systems, pages –, 2014.
• [18] Hyunjae Kang, Jae Wook Jang, Aziz Mohaisen, and Huy Kang Kim. Detecting and Classifying Android Malware using Static Analysis along with Creator Information. International Journal of Distributed Sensor Networks, 2015.
• [19] M. Kruczkowski and E. N. Szynkiewicz. Support vector machine for malware analysis and classification. In IEEE/WIC/ACM International Joint Conferences on Web Intelligence and Intelligent Agent Technologies, volume 2, pages 415–420, 2014.
• [20] J. Kwon, J. Jeong, J. Lee, and H. Lee. Droidgraph: discovering android malware by analyzing semantic behavior. In IEEE Conference on Communications and Network Security, 2014, pages 498–499, 2014.
• [21] H. Larochelle, M. Mandel, R. Pascanu, and Y. Bengio. Learning algorithms for the classification restricted boltzmann machine. The Journal of Machine Learning Research, 13(1):643– 669, 2012.
• [22] S. Liang and X. Du. Permission-combinationbased scheme for android mobile malware detection. In IEEE International Conference on Communications, 2014, pages 2301–2306, June 2014.
• [23] M. Mahdavi, M. Fesanghary, and E. Damangir. An improved harmony search algorithm for solving optimization problems. Applied Mathematics and Computation, 188(2):1567 – 1579, 2007.
• [24] J. P. Papa, A. X. Falc˜ao, V. H. C. Albuquerque, and J. M. R. S. Tavares. Efficient supervised optimum-path forest classification for large datasets. Pattern Recognition, 45(1):512–520, 2012.
• [25] J. P. Papa, A. X. Falc˜ao, and C. T. N. Suzuki. Supervised pattern classification based on optimum-path forest. International Journal of Imaging Systems and Technology, 19:120– 131, 2009.
• [26] J. P. Papa, A. X. Falc˜ao, and C. T. N. Suzuki. Supervised pattern classification based on optimum-path forest. International Journal of Imaging Systems and Technology, 19(2):120– 131, 2009.
• [27] J. P. Papa, G. H. Rosa, K. A. P. Costa, A. N. Marana, W. Scheirer, and D. D. Cox. On the model selection of bernoulli restricted boltzmann machines through harmony search. In Proceedings of the Genetic and Evolutionary Computation Conference, pages 1449–1450, 2015.
• [28] J. P. Papa, G. H. Rosa, A. N. Marana, W. Scheirer, and D. D. Cox. Model selection for discriminative restricted boltzmann machines through meta-heuristic techniques. Journal of Computational Science, 9:14–18, 2015. Computational Science at the Gates of Nature.
• [29] J. P. Papa, C. T. N. S., and A. X. Falc˜ao. LibOPF: A library for the design of optimumpath forest classifiers, 2014. Software version 2.1 available at http://www.ic.unicamp.br/ ∼afalcao/LibOPF.
• [30] J. P. Papa, W. Scheirer, and D. D. Cox. Finetuning deep belief networks using harmony search. Applied Soft Computing, 46:875–885, 2015.
• [31] N. Penning, M. Hoffman, J. Nikolai, and Yong Wang. Mobile malware security challenges and cloud-based detection. In International Conference on Collaboration Technologies and Systems, pages 181–188, 2014.
• [32] C. R. Pereira, R. Y. M. Nakamura, K. A. P. Costa, and J. P. Papa. An optimum-path forest framework for intrusion detection in computer networks. Engineering Applications of Artificial Intelligence, 25(6):1226–1234, 2012.
• [33] A. Shabtai, L. Tenenboim-Chekina, D. Mimran, L. Rokach, B. Shapira, and Y. Elovici. Mobile malware detection through analysis of deviations in application network behavior. Computers & Security, 43:1—18, 2014.
• [34] L. A. Silva, K. A. P. Costa, P. B. Ribeiro, D. Fernandes, and J. P Papa. On the feasibility of optimum-path forest in the context of internet-of-things-based applications. Recent Patents on Signal Processing, 5(1):52–60, 2015.
• [35] L. A. Silva, K. A. P. da Costa, P. B. Ribeiro, G. H. Rosa, and J. P. Papa. Learning spam features using restricted boltzmann machines. IADIS International Journal on Computer Science and Information Systems, 11(1):99–114, 2015.
• [36] L. A. Silva, P. B. Ribeiro, G. H. Rosa, K. A. P Costa, and J. P. Papa. Parameter settingfree harmony search optimization of restricted boltzmann machines and its applications to spam detection. In 12th International Conference on Applied Computing, 2015. (accepted for publication).
• [37] A. Skovoroda and D. Gamayunov. Review of the mobile malware detection approaches. In Distributed and Network-Based Processing, 2015 23rd Euromicro International Conference on Parallel, pages 600–603, 2015.
• [38] M. Welling, M. Rosen-zvi, and G.E. Hinton. Exponential family harmoniums with an application to information retrieval. In L.K. Saul, Y. Weiss, and L. Bottou, editors, Advances in Neural Information Processing Systems 17, pages 1481–1488. MIT Press, 2005.
• [39] F. Wilcoxon. Individual comparisons by ranking methods. Biometrics Bulletin, 1(6):80–83, 1945.
• [40] S.Y. Yerima, S. Sezer, and G. McWilliams. Analysis of bayesian classification-based approaches for android malware detection. Information Security, IET, 8(1):25–36, Jan 2014.
• [41] Z. Yuan, Y. Lu, Z. Wang, and Y. Xue. Droidsec: Deep learning in android malware detection. ACM SIGCOMM Computer Communication Review, 44(4):371–372, August 2014.
• [42] Z. Yuan, Y. Lu, and Y. Xue. Droiddetector: Android malware characterization and detection using deep learning. Tsinghua Science and Technology, 21(1):371–372, 2016.
• [43] Z. Yuan, Y. Lu, Y. Xue, and Z. Wang. Droidsec: deep learning in android malware detection. In ACM SIGCOMM 2014 Conference, SIGCOMM’14, Chicago, IL, USA, August 17- 22, 2014, pages 371–372, 2014.