Abstract
In recent years, frequent occurrence of network security incidents indicates that host security is more and more fragile. However, current protection tools leads to reduce the efficiency of CPU or GPU. Meanwhile, they give up active defense and increase the security risk. Unfortunately, the existing intrusion detection systems seldom adjust the defense policy according to the host’s performance and the time when the attack might occur. Thus, different from traditional intrusion detection systems, our system is capable of intelligently detecting and predicting threats. Firstly, our system converts the malware into gray-scale images according to the instruction execution logic. Secondly, the system uses a computer vision method to identify the signature of the gray-scale images. Finally, the proposed system classifies malware family. Specifically, the system can also predict the time when a host faces a severe threat using time-series datasets and create a multi-neural network task for defending the threat. Then, a meta-learning framework is utilized to improve malware detection accuracy and defend against attacks effectively. The experimental results show that our system can accurately classify 15 malware families, and we compare our detection results with that of other IDSs, which proves that our system achieves a better performance.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Datastes available at https://www.kaggle.com/c/malware-classification and https://www.virustotal.com/.
References
Vinayakumar, R., Alazab, M., Soman, K.P., Poornachandran, P., Al-Nemrat, A., Venkatraman, S.: Deep learning approach for intelligent intrusion detection system. IEEE Access 7(10), 41525–41550 (2019)
Mazini, M., Shirazi, B., Mahdavi, I.: Anomaly network-based intrusion detection system using a reliable hybrid artificial bee colony and AdaBoost algorithms. J. King Saud Univ.-Comput. Inf. Scie. 31(4), 541–553 (2019). https://doi.org/0.1016/j.jksuci.2018.03.011
Bao, Y., Wu, M., Chang, S., Barzilay, R.: Few-shot text classification with distributional signatures. In: International Conference on Learning Representations 2020, Addis Ababa, Ethiopia. IEEE Press (2020). http://arxiv.org/abs/1908.06039
Finn, C., Abbeel, P., Levine, S.: Model-agnostic meta-learning for fast adaptation of deep networks. In: Proceedings of the 34th International Conference on Machine Learning, Sydney, NSW, Australia, pp. 1126–1135. IEEE Press (2017)
Lin, Y., Wang, J., Tu, Y., Chen, L., Dou, Z.: Time-related network intrusion detection model: a deep learning method. In: 2019 IEEE Global Communications Conference (GLOBECOM), Waikoloa, pp. 1–6. IEEE Press (2019)
Mishra, P., Varadharajan, V., Tupakula, U.: A detailed investigation and analysis of using machine learning techniques for intrusion detection. IEEE Commun. Surv. Tutor. 21(1), 686–728 (2018)
Vigna, G., Kemmerer, R.A.: NetSTAT: a network-based intrusion detection approach. In: Proceedings 14th Annual Computer Security Applications Conference, Phoenix, pp. 25–34. IEEE Press (1998)
Bivens, A., Palagiri, C., Smith, R.: Network-based intrusion detection using neural networks. Intell. Eng. Syst. Artif. Neural Netw. 12(1), 579–584 (2002)
Karatas, G., Sahingoz, O.K.: Neural network based intrusion detection systems with different training functions. In: 2018 6th International Symposium on Digital Forensic and Security (ISDFS), Antalya, Turkey, pp. 1–6. IEEE Press (2018)
Labonne, M., Olivereau, A., Polve, B., Zeghlache, D.: A Cascade-structured meta-specialists approach for neural network-based intrusion detection. In: 2019 16th IEEE Annual Consumer Communications & Networking Conference (CCNC), Las Vegas, pp. 1–6. IEEE Press (2019)
Yeung, D.Y., Ding, Y.: Host-based intrusion detection using dynamic and static behavioral models. Pattern Recogn. 36(1), 229–243 (2003)
Rahmatian, M., Kooti, H., Harris, I.G., Bozorgzadeh, E.: Hardware-assisted detection of malicious software in embedded systems. IEEE Embed. Syst. Lett. 4(4), 94–97 (2012)
Chawla, A., Lee, B., Fallon, S., Jacob, P.: Host based intrusion detection system with combined CNN/RNN model. In: Alzate, C., et al. (eds.) ECML PKDD 2018. LNCS (LNAI), vol. 11329, pp. 149–158. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-13453-2_12
Besharati, E., Naderan, M., Namjoo, E.: LR-HIDS: logistic regression host-based intrusion detection system for cloud environments. J. Ambient Intell. Humaniz. Comput. 10(9), 3669–3692 (2018). https://doi.org/10.1007/s12652-018-1093-8
Lake, B.M., Salakhutdinov, R., Tenenbaum, J.B.: Human-level concept learning through probabilistic program induction. Science 350(6266), 1332–1338 (2015)
Sun, Q., Liu, Y., Chua, T.S., et al.: Meta-transfer learning for few-shot learning. In: The IEEE Conference on Computer Vision and Pattern Recognition (CVPR), Long Beach, pp. 403–412. IEEE Press (2019)
Adam, K., Smagulova, K., James, A.: Memristive LSTM network hardware architecture for time-series predictive modeling problems. In: 2018 IEEE Asia Pacific Conference on Circuits and Systems (APCCAS), Chengdu, pp. 459–462. IEEE Press (2018)
Fei, N., Lu, Z., Gao, Y., Xiang, T., Wen J.: Meta-learning across meta-tasks for few-shot learning. arXiv preprint arXiv:2002.04274 (2020)
Ma, J., Zhao, Z., Yi, X., Chen, J., Hong, L., Chi, E.H.: Modeling task relationships in multi-task learning with multi-gate mixture-of-experts. In: The 24th ACM SIGKDD International Conference, London, pp. 1930–1939. ACM Press (2018)
Gers, F.A., Eck, D., Schmidhuber, J.: Applying LSTM to time series predictable through time-window approaches. In: Tagliaferri, R., Marinaro, M. (eds.) International Conference on Artificial Neural Networks, pp. 193–200. Springer, Berlin (2001). https://doi.org/10.1007/978-1-4471-0219-9_20
Ramos, J.: Using TF-IDF to determine word relevance in document queries. In: Proceedings of the First Instructional Conference on Machine Learning, Washington DC, pp. 133–142. IEEE Press (2013)
Pagliardini, M., Gupta, P., Jaggi, M.: Unsupervised learning of sentence embeddings using compositional n-gram features. arXiv preprint arXiv:1703.02507 (2017)
Aloysius, N., Geetha, M.: A review on deep convolutional neural networks. In: 2017 International Conference on Communication and Signal Processing (ICCSP), Chennai, pp. 588–592. IEEE Press (2017)
Koch, G., Zemel, R., Salakhutdinov, R.: Siamese neural networks for one-shot image recognition. In: ICML Deep Learning Workshop, Lille, pp. 1–27. Elsevier Press (2015)
Shazeer, N., Mirhoseini, A., Maziarz, K., David A.: Outrageously large neural networks: the sparsely-gated mixture-of-experts layer. arXiv preprint arXiv:1701.06538 (2017)
Eigen, D., Ranzato, M.A., Sutskever, I.: Learning factored representations in a deep mixture of experts. arXiv preprint arXiv:1312.4314 (2013)
Nair, V., Hinton, G.E.: Rectified linear units improve restricted Boltzmann machines. In: Proceedings of the 27th International Conference on Machine Learning (ICML 2010), Haifa, pp. 807–814. IEEE Press (2010)
Asadi, K., Littman, M.L.: An alternative softmax operator for reinforcement learning. In: Proceedings of the 34th International Conference on Machine Learning-Volume, Sydney, Australia, vol. 79, pp. 243–252. JMLR Press (2017)
Bottou, L.: Stochastic gradient descent tricks. In: Montavon, G., Orr, G.B., Müller, K.-R. (eds.) Neural Networks: Tricks of the Trade. LNCS, vol. 7700, pp. 421–436. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-35289-8_25
Eskandari, R., Shajari, M., Ghahfarokhi, M.M.: ERES: an extended regular expression signature for polymorphic worm detection. J. Comput. Virol. Hacking Tech. 15(3), 177–194 (2019). https://doi.org/10.1007/s11416-019-00330-1
Ng, C.K., Jiang, F., Zhang, L., Zhou, W.: Static malware clustering using enhanced deep embedding method. Concurr. Comput.: Pract. Exp. 31(19), 1–16 (2019)
Acknowledgments
This work was supported by the National Natural Science Foundation of China under Grants No. 61572170, Program for Hundreds of Outstanding Innovative Talents in Higher Education Institutions of Hebei Province (III) under Grant No. SLRC2017042, and Natural Science Foundation of Hebei Province of China under Grant No. F2019205163, and department of Human Resoueces and Social Security of Hebei Province under Grant No. 201901028.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Wang, F., Yang, S., Wang, C., Li, Q. (2020). A Novel Intrusion Detection System for Malware Based on Time-Series Meta-learning. In: Chen, X., Yan, H., Yan, Q., Zhang, X. (eds) Machine Learning for Cyber Security. ML4CS 2020. Lecture Notes in Computer Science(), vol 12486. Springer, Cham. https://doi.org/10.1007/978-3-030-62223-7_5
Download citation
DOI: https://doi.org/10.1007/978-3-030-62223-7_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-62222-0
Online ISBN: 978-3-030-62223-7
eBook Packages: Computer ScienceComputer Science (R0)