Nothing Special   »   [go: up one dir, main page]
Skip to main content
SpringerLink
Log in

A Novel Intrusion Detection System for Malware Based on Time-Series Meta-learning

  • Conference paper
  • First Online:
Machine Learning for Cyber Security (ML4CS 2020)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12486))

Included in the following conference series:

Abstract

In recent years, frequent occurrence of network security incidents indicates that host security is more and more fragile. However, current protection tools leads to reduce the efficiency of CPU or GPU. Meanwhile, they give up active defense and increase the security risk. Unfortunately, the existing intrusion detection systems seldom adjust the defense policy according to the host’s performance and the time when the attack might occur. Thus, different from traditional intrusion detection systems, our system is capable of intelligently detecting and predicting threats. Firstly, our system converts the malware into gray-scale images according to the instruction execution logic. Secondly, the system uses a computer vision method to identify the signature of the gray-scale images. Finally, the proposed system classifies malware family. Specifically, the system can also predict the time when a host faces a severe threat using time-series datasets and create a multi-neural network task for defending the threat. Then, a meta-learning framework is utilized to improve malware detection accuracy and defend against attacks effectively. The experimental results show that our system can accurately classify 15 malware families, and we compare our detection results with that of other IDSs, which proves that our system achieves a better performance.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Datastes available at https://www.kaggle.com/c/malware-classification and https://www.virustotal.com/.

References

  1. Vinayakumar, R., Alazab, M., Soman, K.P., Poornachandran, P., Al-Nemrat, A., Venkatraman, S.: Deep learning approach for intelligent intrusion detection system. IEEE Access 7(10), 41525–41550 (2019)

    Google Scholar 

  2. Mazini, M., Shirazi, B., Mahdavi, I.: Anomaly network-based intrusion detection system using a reliable hybrid artificial bee colony and AdaBoost algorithms. J. King Saud Univ.-Comput. Inf. Scie. 31(4), 541–553 (2019). https://doi.org/0.1016/j.jksuci.2018.03.011

  3. Bao, Y., Wu, M., Chang, S., Barzilay, R.: Few-shot text classification with distributional signatures. In: International Conference on Learning Representations 2020, Addis Ababa, Ethiopia. IEEE Press (2020). http://arxiv.org/abs/1908.06039

  4. Finn, C., Abbeel, P., Levine, S.: Model-agnostic meta-learning for fast adaptation of deep networks. In: Proceedings of the 34th International Conference on Machine Learning, Sydney, NSW, Australia, pp. 1126–1135. IEEE Press (2017)

    Google Scholar 

  5. Lin, Y., Wang, J., Tu, Y., Chen, L., Dou, Z.: Time-related network intrusion detection model: a deep learning method. In: 2019 IEEE Global Communications Conference (GLOBECOM), Waikoloa, pp. 1–6. IEEE Press (2019)

    Google Scholar 

  6. Mishra, P., Varadharajan, V., Tupakula, U.: A detailed investigation and analysis of using machine learning techniques for intrusion detection. IEEE Commun. Surv. Tutor. 21(1), 686–728 (2018)

    Article  Google Scholar 

  7. Vigna, G., Kemmerer, R.A.: NetSTAT: a network-based intrusion detection approach. In: Proceedings 14th Annual Computer Security Applications Conference, Phoenix, pp. 25–34. IEEE Press (1998)

    Google Scholar 

  8. Bivens, A., Palagiri, C., Smith, R.: Network-based intrusion detection using neural networks. Intell. Eng. Syst. Artif. Neural Netw. 12(1), 579–584 (2002)

    Google Scholar 

  9. Karatas, G., Sahingoz, O.K.: Neural network based intrusion detection systems with different training functions. In: 2018 6th International Symposium on Digital Forensic and Security (ISDFS), Antalya, Turkey, pp. 1–6. IEEE Press (2018)

    Google Scholar 

  10. Labonne, M., Olivereau, A., Polve, B., Zeghlache, D.: A Cascade-structured meta-specialists approach for neural network-based intrusion detection. In: 2019 16th IEEE Annual Consumer Communications & Networking Conference (CCNC), Las Vegas, pp. 1–6. IEEE Press (2019)

    Google Scholar 

  11. Yeung, D.Y., Ding, Y.: Host-based intrusion detection using dynamic and static behavioral models. Pattern Recogn. 36(1), 229–243 (2003)

    Article  Google Scholar 

  12. Rahmatian, M., Kooti, H., Harris, I.G., Bozorgzadeh, E.: Hardware-assisted detection of malicious software in embedded systems. IEEE Embed. Syst. Lett. 4(4), 94–97 (2012)

    Article  Google Scholar 

  13. Chawla, A., Lee, B., Fallon, S., Jacob, P.: Host based intrusion detection system with combined CNN/RNN model. In: Alzate, C., et al. (eds.) ECML PKDD 2018. LNCS (LNAI), vol. 11329, pp. 149–158. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-13453-2_12

    Chapter  Google Scholar 

  14. Besharati, E., Naderan, M., Namjoo, E.: LR-HIDS: logistic regression host-based intrusion detection system for cloud environments. J. Ambient Intell. Humaniz. Comput. 10(9), 3669–3692 (2018). https://doi.org/10.1007/s12652-018-1093-8

    Article  Google Scholar 

  15. Lake, B.M., Salakhutdinov, R., Tenenbaum, J.B.: Human-level concept learning through probabilistic program induction. Science 350(6266), 1332–1338 (2015)

    Article  MathSciNet  Google Scholar 

  16. Sun, Q., Liu, Y., Chua, T.S., et al.: Meta-transfer learning for few-shot learning. In: The IEEE Conference on Computer Vision and Pattern Recognition (CVPR), Long Beach, pp. 403–412. IEEE Press (2019)

    Google Scholar 

  17. Adam, K., Smagulova, K., James, A.: Memristive LSTM network hardware architecture for time-series predictive modeling problems. In: 2018 IEEE Asia Pacific Conference on Circuits and Systems (APCCAS), Chengdu, pp. 459–462. IEEE Press (2018)

    Google Scholar 

  18. Fei, N., Lu, Z., Gao, Y., Xiang, T., Wen J.: Meta-learning across meta-tasks for few-shot learning. arXiv preprint arXiv:2002.04274 (2020)

  19. Ma, J., Zhao, Z., Yi, X., Chen, J., Hong, L., Chi, E.H.: Modeling task relationships in multi-task learning with multi-gate mixture-of-experts. In: The 24th ACM SIGKDD International Conference, London, pp. 1930–1939. ACM Press (2018)

    Google Scholar 

  20. Gers, F.A., Eck, D., Schmidhuber, J.: Applying LSTM to time series predictable through time-window approaches. In: Tagliaferri, R., Marinaro, M. (eds.) International Conference on Artificial Neural Networks, pp. 193–200. Springer, Berlin (2001). https://doi.org/10.1007/978-1-4471-0219-9_20

    Chapter  Google Scholar 

  21. Ramos, J.: Using TF-IDF to determine word relevance in document queries. In: Proceedings of the First Instructional Conference on Machine Learning, Washington DC, pp. 133–142. IEEE Press (2013)

    Google Scholar 

  22. Pagliardini, M., Gupta, P., Jaggi, M.: Unsupervised learning of sentence embeddings using compositional n-gram features. arXiv preprint arXiv:1703.02507 (2017)

  23. Aloysius, N., Geetha, M.: A review on deep convolutional neural networks. In: 2017 International Conference on Communication and Signal Processing (ICCSP), Chennai, pp. 588–592. IEEE Press (2017)

    Google Scholar 

  24. Koch, G., Zemel, R., Salakhutdinov, R.: Siamese neural networks for one-shot image recognition. In: ICML Deep Learning Workshop, Lille, pp. 1–27. Elsevier Press (2015)

    Google Scholar 

  25. Shazeer, N., Mirhoseini, A., Maziarz, K., David A.: Outrageously large neural networks: the sparsely-gated mixture-of-experts layer. arXiv preprint arXiv:1701.06538 (2017)

  26. Eigen, D., Ranzato, M.A., Sutskever, I.: Learning factored representations in a deep mixture of experts. arXiv preprint arXiv:1312.4314 (2013)

  27. Nair, V., Hinton, G.E.: Rectified linear units improve restricted Boltzmann machines. In: Proceedings of the 27th International Conference on Machine Learning (ICML 2010), Haifa, pp. 807–814. IEEE Press (2010)

    Google Scholar 

  28. Asadi, K., Littman, M.L.: An alternative softmax operator for reinforcement learning. In: Proceedings of the 34th International Conference on Machine Learning-Volume, Sydney, Australia, vol. 79, pp. 243–252. JMLR Press (2017)

    Google Scholar 

  29. Bottou, L.: Stochastic gradient descent tricks. In: Montavon, G., Orr, G.B., Müller, K.-R. (eds.) Neural Networks: Tricks of the Trade. LNCS, vol. 7700, pp. 421–436. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-35289-8_25

    Chapter  Google Scholar 

  30. Eskandari, R., Shajari, M., Ghahfarokhi, M.M.: ERES: an extended regular expression signature for polymorphic worm detection. J. Comput. Virol. Hacking Tech. 15(3), 177–194 (2019). https://doi.org/10.1007/s11416-019-00330-1

    Article  Google Scholar 

  31. Ng, C.K., Jiang, F., Zhang, L., Zhou, W.: Static malware clustering using enhanced deep embedding method. Concurr. Comput.: Pract. Exp. 31(19), 1–16 (2019)

    Article  Google Scholar 

Download references

Acknowledgments

This work was supported by the National Natural Science Foundation of China under Grants No. 61572170, Program for Hundreds of Outstanding Innovative Talents in Higher Education Institutions of Hebei Province (III) under Grant No. SLRC2017042, and Natural Science Foundation of Hebei Province of China under Grant No. F2019205163, and department of Human Resoueces and Social Security of Hebei Province under Grant No. 201901028.

Author information

Authors and Affiliations

  1. Lab of Network and Information Security of Hebei Province, Hebei Normal University, Shijiazhuang, 050024, China

    Fangwei Wang, Changguang Wang & Qingru Li

  2. College of Computer and Cyber Security, Hebei Normal University, Shijiazhuang, 050024, China

    Fangwei Wang, Shaojie Yang, Changguang Wang & Qingru Li

Authors
  1. Fangwei Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shaojie Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Changguang Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Qingru Li
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Qingru Li .

Editor information

Editors and Affiliations

  1. Xidian University, Xi'an, China

    Xiaofeng Chen

  2. Guangzhou University, Guangzhou, China

    Hongyang Yan

  3. Michigan State University, East Lansing, MI, USA

    Qiben Yan

  4. Division of Computer, Electrical and Mathematical Sciences and Engineering, King Abdullah University of Science, Thuwal, Saudi Arabia

    Xiangliang Zhang

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Wang, F., Yang, S., Wang, C., Li, Q. (2020). A Novel Intrusion Detection System for Malware Based on Time-Series Meta-learning. In: Chen, X., Yan, H., Yan, Q., Zhang, X. (eds) Machine Learning for Cyber Security. ML4CS 2020. Lecture Notes in Computer Science(), vol 12486. Springer, Cham. https://doi.org/10.1007/978-3-030-62223-7_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-62223-7_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-62222-0

  • Online ISBN: 978-3-030-62223-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation