Araştırma Makalesi
BibTex RIS Kaynak Göster

Melez Özelliklerin Modellenmesi ile Zararlı Yazılım Tespiti

Yıl 2019, Cilt: 12 Sayı: 2, 50 - 63, 17.12.2019

Öz

Zararlı yazılımlar sahip oldukları
yeteneklerden ötürü bilgisayar ve sistemlere büyük tehlike oluşturmaktadır.
Etkin tespit sistemlerinin gelişmesinden aynı şekilde etkilenerek daha
tehlikeli ve donanımlı hale gelmektedirler. Otomatik bir tespit sistemi
geliştirmek için, zararlı yazılımlar iyi analiz edilmeli ve gelişim meyilleri
doğru tespit edilmelidir. Zararlı yazılımların çalıştığı bilgisayarda yarattığı
etkiler ve kod yapısı ayrıntılı incelenmeli ve öyle önlem alınmalıdır. Bu
çalışmada önerilen tespit sistemi, zararlı yazılımın hem davranış hem kod
yapısı bilgisini kullanarak Markov zinciri yöntemi ile istatistiksel bir anlam
çıkarmaktadır. Daha sonra derin öğrenme teknikleri ile temellendirilmiş model
melez veri kaynağı ile eğitilmiş ve tespit ortamı hazırlanmıştır. Yaptığımız
testler sonucunda önerilen tespit yöntemi %96,8’lik doğruluk göstermiştir.

Kaynakça

  • [1] MalwareBytes-Labs. 2019 State of Malware, 2019. https://blog.malwarebytes.com/malwarebytes-news/ctnt-report (accessed April 15, 2019).
  • [2] AV-Test-Institute. 2019 New Malware, 2019. https://https://www.av-test.org/en/statistics/malware/(accessed April 15, 2019).
  • [3] Rajeswaran, D., Di Troia, F., Austin, T. H., & Stamp, M. (2018). Function call graphs versus machine learning for malware detection. In Guide to Vulnerability Analysis for Computer Networks and Systems (pp. 259-279). Springer, Cham.
  • [4] Pektaş, A., & Acarman, T. (2017). Malware classification based on API calls and behaviour analysis. IET Information Security, 12(2), 107-117.
  • [5] Vemparala, S., Di Troia, F., Corrado, V. A., Austin, T. H., & Stamo, M. (2016, March). Malware detection using dynamic birthmarks. In Proceedings of the 2016 ACM on International Workshop on Security And Privacy Analytics (pp. 41-46). ACM.
  • [6] Safa, H., Nassar, M., & Al Orabi, W. A. R. (2019, June). Benchmarking Convolutional and Recurrent Neural Networks for Malware Classification. In 2019 15th International Wireless Communications & Mobile Computing Conference (IWCMC) (pp. 561-566). IEEE.
  • [7] Afianian, A., Niksefat, S., Sadeghiyan, B., & Baptiste, D. (2018). Malware Dynamic Analysis Evasion Techniques: A Survey. arXiv preprint arXiv:1811.01190.
  • [8] Sartea, R., & Farinelli, A. (2018, July). Detection of Intelligent Agent Behaviors Using Markov Chains. In Proceedings of the 17th International Conference on Autonomous Agents and MultiAgent Systems (pp. 2064-2066). International Foundation for Autonomous Agents and Multiagent Systems.
  • [9] Martín, A., Rodríguez-Fernández, V., & Camacho, D. (2018). CANDYMAN: Classifying Android malware families by modelling dynamic traces with Markov chains. Engineering Applications of Artificial Intelligence, 74, 121-133.
  • [10] Anderson, B., Storlie, C., & Lane, T. (2012, October). Improving malware classification: bridging the static/dynamic gap. In Proceedings of the 5th ACM workshop on Security and artificial intelligence (pp. 3-14). ACM.
  • [11] Kolosnjaji, B., Demontis, A., Biggio, B., Maiorca, D., Giacinto, G., Eckert, C., & Roli, F. (2018, September). Adversarial malware binaries: Evading deep learning for malware detection in executables. In 2018 26th European Signal Processing Conference (EUSIPCO) (pp. 533-537). IEEE.
  • [12] Demetrio, L., Biggio, B., Lagorio, G., Roli, F., & Armando, A. (2019). Explaining Vulnerabilities of Deep Learning to Adversarial Malware Binaries. arXiv preprint arXiv:1901.03583.
  • [13] Biggio, B., Rieck, K., Ariu, D., Wressnegger, C., Corona, I., Giacinto, G., & Roli, F. (2014, November). Poisoning behavioral malware clustering. In Proceedings of the 2014 workshop on artificial intelligent and security workshop (pp. 27-36). ACM.
  • [14] Garetto, M., Gong, W., & Towsley, D. (2003, March). Modeling malware spreading dynamics. In IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No. 03CH37428) (Vol. 3, pp. 1869-1879). IEEE.
  • [15] Chen, Z., & Ji, C. (2005). Spatial-temporal modeling of malware propagation in networks. IEEE Transactions on Neural networks, 16(5), 1291-1303.
  • [16] Karyotis, V. (2010). Markov random fields for malware propagation: the case of chain networks. IEEE Communications Letters, 14(9), 875-877.
  • [17] Zhang, J., Qin, Z., Yin, H., Ou, L., & Zhang, K. (2019). A feature-hybrid malware variants detection using CNN based opcode embedding and BPNN based API embedding. Computers & Security, 84, 376-392.
  • [18] Xiao, X., Wang, Z., Li, Q., Xia, S., & Jiang, Y. (2016). Back-propagation neural network on Markov chains from system call sequences: a new approach for detecting Android malware with system call sequences. IET Information Security, 11(1), 8-15.
  • [19] Onwuzurike, L., Mariconti, E., Andriotis, P., Cristofaro, E. D., Ross, G., & Stringhini, G. (2019). MaMaDroid: Detecting android malware by building markov chains of behavioral models (extended version). ACM Transactions on Privacy and Security (TOPS), 22(2), 14.
  • [20] Xiao, F., Lin, Z., Sun, Y., & Ma, Y. (2019). Malware Detection Based on Deep Learning of Behavior Graphs. Mathematical Problems in Engineering, 2019.
  • [21] Ndibanje, B., Kim, K. H., Kang, Y. J., Kim, H. H., Kim, T. Y., & Lee, H. J. (2019). Cross-Method-Based Analysis and Classification of Malicious Behavior by API Calls Extraction. Applied Sciences, 9(2), 239.
  • [22] Alsulami, B., & Mancoridis, S. (2018, October). Behavioral Malware Classification using Convolutional Recurrent Neural Networks. In 2018 13th International Conference on Malicious and Unwanted Software (MALWARE) (pp. 103-111). IEEE.
  • [23] Sun, G., & Qian, Q. (2018). Deep learning and visualization for identifying malware families. IEEE Transactions on Dependable and Secure Computing.
  • [24] Le, Q., Boydell, O., Mac Namee, B., & Scanlon, M. (2018). Deep learning at the shallow end: Malware classification for non-domain experts. Digital Investigation, 26, S118-S126.
  • [25] Kolosnjaji, B., Demontis, A., Biggio, B., Maiorca, D., Giacinto, G., Eckert, C., & Roli, F. (2018, September). Adversarial malware binaries: Evading deep learning for malware detection in executables. In 2018 26th European Signal Processing Conference (EUSIPCO) (pp. 533-537). IEEE.
  • [26] Kolosnjaji, B., Zarras, A., Webster, G., & Eckert, C. (2016, December). Deep learning for classification of malware system call sequences. In Australasian Joint Conference on Artificial Intelligence (pp. 137-149). Springer, Cham.
  • [27] Kakisim, A. G., Nar, M., Carkaci, N., & Sogukpinar, I. (2018, November). Analysis and Evaluation of Dynamic Feature-Based Malware Detection Methods. In International Conference on Security for Information Technology and Communications (pp. 247-258). Springer, Cham.
  • [28] VxHeaven. Computer virus collection, 2014. http://83.133.184.251/virensimulation.org/(accessed April 15, 2019).
  • [29] Chollet, F. Keras (2015) GitHub repository. https://github.com/fchollet/keras
  • [30] Eibe Frank, Mark A. Hall, and Ian H. Witten (2016). The WEKA Workbench. Online Appendix for "Data Mining: Practical Machine Learning Tools and Techniques", Morgan Kaufmann, Fourth Edition, 2016.
  • [31] Chollet, F. (2018). Deep Learning mit Python und Keras: Das Praxis-Handbuch vom Entwickler der Keras-Bibliothek. MITP-Verlags GmbH & Co. KG.

Malware Detection by Using Markov Models of Hybrid Features

Yıl 2019, Cilt: 12 Sayı: 2, 50 - 63, 17.12.2019

Öz

Malware poses a great danger to
computers and systems due to their capabilities. They are also affected by the
development of effective detection systems and become more dangerous and
equipped. In order to develop an automated detection system, malware must be
well analyzed, and inclination of their evolution should be accurately understood.
The runtime
effects of malicious software on the computer and code structure should be
examined in detail and precautions should be taken. The detection system
proposed in this study makes a statistical meaning with Markov chain method
using both behavior and code structure knowledge of malware. Then the model
based on deep learning techniques is trained with the hybrid data source and
detection environment is prepared. As a result of the tests we performed, the
accuracy of the detection method was 96.8%.

Kaynakça

  • [1] MalwareBytes-Labs. 2019 State of Malware, 2019. https://blog.malwarebytes.com/malwarebytes-news/ctnt-report (accessed April 15, 2019).
  • [2] AV-Test-Institute. 2019 New Malware, 2019. https://https://www.av-test.org/en/statistics/malware/(accessed April 15, 2019).
  • [3] Rajeswaran, D., Di Troia, F., Austin, T. H., & Stamp, M. (2018). Function call graphs versus machine learning for malware detection. In Guide to Vulnerability Analysis for Computer Networks and Systems (pp. 259-279). Springer, Cham.
  • [4] Pektaş, A., & Acarman, T. (2017). Malware classification based on API calls and behaviour analysis. IET Information Security, 12(2), 107-117.
  • [5] Vemparala, S., Di Troia, F., Corrado, V. A., Austin, T. H., & Stamo, M. (2016, March). Malware detection using dynamic birthmarks. In Proceedings of the 2016 ACM on International Workshop on Security And Privacy Analytics (pp. 41-46). ACM.
  • [6] Safa, H., Nassar, M., & Al Orabi, W. A. R. (2019, June). Benchmarking Convolutional and Recurrent Neural Networks for Malware Classification. In 2019 15th International Wireless Communications & Mobile Computing Conference (IWCMC) (pp. 561-566). IEEE.
  • [7] Afianian, A., Niksefat, S., Sadeghiyan, B., & Baptiste, D. (2018). Malware Dynamic Analysis Evasion Techniques: A Survey. arXiv preprint arXiv:1811.01190.
  • [8] Sartea, R., & Farinelli, A. (2018, July). Detection of Intelligent Agent Behaviors Using Markov Chains. In Proceedings of the 17th International Conference on Autonomous Agents and MultiAgent Systems (pp. 2064-2066). International Foundation for Autonomous Agents and Multiagent Systems.
  • [9] Martín, A., Rodríguez-Fernández, V., & Camacho, D. (2018). CANDYMAN: Classifying Android malware families by modelling dynamic traces with Markov chains. Engineering Applications of Artificial Intelligence, 74, 121-133.
  • [10] Anderson, B., Storlie, C., & Lane, T. (2012, October). Improving malware classification: bridging the static/dynamic gap. In Proceedings of the 5th ACM workshop on Security and artificial intelligence (pp. 3-14). ACM.
  • [11] Kolosnjaji, B., Demontis, A., Biggio, B., Maiorca, D., Giacinto, G., Eckert, C., & Roli, F. (2018, September). Adversarial malware binaries: Evading deep learning for malware detection in executables. In 2018 26th European Signal Processing Conference (EUSIPCO) (pp. 533-537). IEEE.
  • [12] Demetrio, L., Biggio, B., Lagorio, G., Roli, F., & Armando, A. (2019). Explaining Vulnerabilities of Deep Learning to Adversarial Malware Binaries. arXiv preprint arXiv:1901.03583.
  • [13] Biggio, B., Rieck, K., Ariu, D., Wressnegger, C., Corona, I., Giacinto, G., & Roli, F. (2014, November). Poisoning behavioral malware clustering. In Proceedings of the 2014 workshop on artificial intelligent and security workshop (pp. 27-36). ACM.
  • [14] Garetto, M., Gong, W., & Towsley, D. (2003, March). Modeling malware spreading dynamics. In IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No. 03CH37428) (Vol. 3, pp. 1869-1879). IEEE.
  • [15] Chen, Z., & Ji, C. (2005). Spatial-temporal modeling of malware propagation in networks. IEEE Transactions on Neural networks, 16(5), 1291-1303.
  • [16] Karyotis, V. (2010). Markov random fields for malware propagation: the case of chain networks. IEEE Communications Letters, 14(9), 875-877.
  • [17] Zhang, J., Qin, Z., Yin, H., Ou, L., & Zhang, K. (2019). A feature-hybrid malware variants detection using CNN based opcode embedding and BPNN based API embedding. Computers & Security, 84, 376-392.
  • [18] Xiao, X., Wang, Z., Li, Q., Xia, S., & Jiang, Y. (2016). Back-propagation neural network on Markov chains from system call sequences: a new approach for detecting Android malware with system call sequences. IET Information Security, 11(1), 8-15.
  • [19] Onwuzurike, L., Mariconti, E., Andriotis, P., Cristofaro, E. D., Ross, G., & Stringhini, G. (2019). MaMaDroid: Detecting android malware by building markov chains of behavioral models (extended version). ACM Transactions on Privacy and Security (TOPS), 22(2), 14.
  • [20] Xiao, F., Lin, Z., Sun, Y., & Ma, Y. (2019). Malware Detection Based on Deep Learning of Behavior Graphs. Mathematical Problems in Engineering, 2019.
  • [21] Ndibanje, B., Kim, K. H., Kang, Y. J., Kim, H. H., Kim, T. Y., & Lee, H. J. (2019). Cross-Method-Based Analysis and Classification of Malicious Behavior by API Calls Extraction. Applied Sciences, 9(2), 239.
  • [22] Alsulami, B., & Mancoridis, S. (2018, October). Behavioral Malware Classification using Convolutional Recurrent Neural Networks. In 2018 13th International Conference on Malicious and Unwanted Software (MALWARE) (pp. 103-111). IEEE.
  • [23] Sun, G., & Qian, Q. (2018). Deep learning and visualization for identifying malware families. IEEE Transactions on Dependable and Secure Computing.
  • [24] Le, Q., Boydell, O., Mac Namee, B., & Scanlon, M. (2018). Deep learning at the shallow end: Malware classification for non-domain experts. Digital Investigation, 26, S118-S126.
  • [25] Kolosnjaji, B., Demontis, A., Biggio, B., Maiorca, D., Giacinto, G., Eckert, C., & Roli, F. (2018, September). Adversarial malware binaries: Evading deep learning for malware detection in executables. In 2018 26th European Signal Processing Conference (EUSIPCO) (pp. 533-537). IEEE.
  • [26] Kolosnjaji, B., Zarras, A., Webster, G., & Eckert, C. (2016, December). Deep learning for classification of malware system call sequences. In Australasian Joint Conference on Artificial Intelligence (pp. 137-149). Springer, Cham.
  • [27] Kakisim, A. G., Nar, M., Carkaci, N., & Sogukpinar, I. (2018, November). Analysis and Evaluation of Dynamic Feature-Based Malware Detection Methods. In International Conference on Security for Information Technology and Communications (pp. 247-258). Springer, Cham.
  • [28] VxHeaven. Computer virus collection, 2014. http://83.133.184.251/virensimulation.org/(accessed April 15, 2019).
  • [29] Chollet, F. Keras (2015) GitHub repository. https://github.com/fchollet/keras
  • [30] Eibe Frank, Mark A. Hall, and Ian H. Witten (2016). The WEKA Workbench. Online Appendix for "Data Mining: Practical Machine Learning Tools and Techniques", Morgan Kaufmann, Fourth Edition, 2016.
  • [31] Chollet, F. (2018). Deep Learning mit Python und Keras: Das Praxis-Handbuch vom Entwickler der Keras-Bibliothek. MITP-Verlags GmbH & Co. KG.
Toplam 31 adet kaynakça vardır.

Ayrıntılar

Birincil Dil Türkçe
Bölüm Makaleler(Araştırma)
Yazarlar

Mert Nar 0000-0002-6103-2909

İbrahim Soğukpınar Bu kişi benim 0000-0002-0408-0277

Yayımlanma Tarihi 17 Aralık 2019
Yayımlandığı Sayı Yıl 2019 Cilt: 12 Sayı: 2

Kaynak Göster

APA Nar, M., & Soğukpınar, İ. (2019). Melez Özelliklerin Modellenmesi ile Zararlı Yazılım Tespiti. Türkiye Bilişim Vakfı Bilgisayar Bilimleri Ve Mühendisliği Dergisi, 12(2), 50-63.
AMA Nar M, Soğukpınar İ. Melez Özelliklerin Modellenmesi ile Zararlı Yazılım Tespiti. TBV-BBMD. Aralık 2019;12(2):50-63.
Chicago Nar, Mert, ve İbrahim Soğukpınar. “Melez Özelliklerin Modellenmesi Ile Zararlı Yazılım Tespiti”. Türkiye Bilişim Vakfı Bilgisayar Bilimleri Ve Mühendisliği Dergisi 12, sy. 2 (Aralık 2019): 50-63.
EndNote Nar M, Soğukpınar İ (01 Aralık 2019) Melez Özelliklerin Modellenmesi ile Zararlı Yazılım Tespiti. Türkiye Bilişim Vakfı Bilgisayar Bilimleri ve Mühendisliği Dergisi 12 2 50–63.
IEEE M. Nar ve İ. Soğukpınar, “Melez Özelliklerin Modellenmesi ile Zararlı Yazılım Tespiti”, TBV-BBMD, c. 12, sy. 2, ss. 50–63, 2019.
ISNAD Nar, Mert - Soğukpınar, İbrahim. “Melez Özelliklerin Modellenmesi Ile Zararlı Yazılım Tespiti”. Türkiye Bilişim Vakfı Bilgisayar Bilimleri ve Mühendisliği Dergisi 12/2 (Aralık 2019), 50-63.
JAMA Nar M, Soğukpınar İ. Melez Özelliklerin Modellenmesi ile Zararlı Yazılım Tespiti. TBV-BBMD. 2019;12:50–63.
MLA Nar, Mert ve İbrahim Soğukpınar. “Melez Özelliklerin Modellenmesi Ile Zararlı Yazılım Tespiti”. Türkiye Bilişim Vakfı Bilgisayar Bilimleri Ve Mühendisliği Dergisi, c. 12, sy. 2, 2019, ss. 50-63.
Vancouver Nar M, Soğukpınar İ. Melez Özelliklerin Modellenmesi ile Zararlı Yazılım Tespiti. TBV-BBMD. 2019;12(2):50-63.

https://i.creativecommons.org/l/by-nc/4.0Makale Kabulü

 

Çevrimiçi makale yüklemesi yapmak için kullanıcı kayıt/girişini kullanınız.

Dergiye gönderilen makalelerin kabul süreci şu aşamalardan oluşmaktadır:

1.       Gönderilen her makale ilk aşamada en az iki hakeme gönderilmektedir.

2.       Hakem ataması, dergi editörleri tarafından yapılmaktadır. Derginin hakem havuzunda yaklaşık 200 hakem bulunmaktadır ve bu hakemler ilgi alanlarına göre sınıflandırılmıştır. Her hakeme ilgilendiği konuda makale gönderilmektedir. Hakem seçimi menfaat çatışmasına neden olmayacak biçimde yapılmaktadır.

3.       Hakemlere gönderilen makalelerde yazar adları kapatılmaktadır.

4.       Hakemlere bir makalenin nasıl değerlendirileceği açıklanmaktadır ve aşağıda görülen değerlendirme formunu doldurmaları istenmektedir.

5.       İki hakemin olumlu görüş bildirdiği makaleler editörler tarafından benzerlik incelemesinden geçirilir. Makalelerdeki benzerliğin %25’ten küçük olması beklenir.

6.       Tüm aşamaları geçmiş olan bir bildiri dil ve sunuş açısından editör tarafından incelenir ve gerekli düzeltme ve iyileştirmeler yapılır. Gerekirse yazarlara durum bildirilir.

 88x31.png   Bu eser Creative Commons Atıf-GayriTicari 4.0 Uluslararası Lisansı ile lisanslanmıştır.