Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

A Computer Virus Detection Method Based on Information from PE Structure of Files Combined with Deep Learning Models

  • Conference paper
  • First Online:
Future Data and Security Engineering. Big Data, Security and Privacy, Smart City and Industry 4.0 Applications (FDSE 2020)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1306))

Included in the following conference series:

  • 1315 Accesses

Abstract

In this paper, we demonstrate a new approach to virus detection. Extract information from a file’s Portable Executable (PE) structure to save storage costs compared to other types of features such as signatures, opcodes, or file strings, while still detect unknown malicious code. Use a deep learning network, namely the Deep Belief Network (DBN) model to classify and train data. The results show that the accuracy of the method is quite high, can reach over 97% for ten properties and over 95% for 15 properties, respectively.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Vu, T.N., Nguyen, T.T., Phan Trung, H., Do Duy, T., Van, K.H., Le, T.D.: Metamorphic malware detection by PE analysis with the longest common sequence. In: Dang, T.K., Wagner, R., Küng, J., Thoai, N., Takizawa, M., Neuhold, E.J. (eds.) FDSE 2017. LNCS, vol. 10646, pp. 262–272. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70004-5_18

    Chapter  Google Scholar 

  2. Tobiyama, S., Yamaguchi, Y., Shimada, H., Ikuse, T., Yagi, T.: Malware detection with deep neural network using process behavior. In: 2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC), vol. 2, pp. 577–582. IEEE (2016)

    Google Scholar 

  3. Saxe, J., Berlin, K.: Deep neural network based malware detection using two dimensional binary program features. In: 2015 10th International Conference on Malicious and Unwanted Software, Fajardo, Puerto Rico, pp. 11–20 (2015)

    Google Scholar 

  4. Jung, W., Kim, S., Choi, S.: Deep learning for zero-day flash malware detection. In: In 36th, IEEE Symposium on Security and Privacy (2015)

    Google Scholar 

  5. Bai, J., Wang, J., Zou, G.: A malware detection scheme based on mining format information. Hindawi Sci. World J. 2014 (2014). Article ID 260905

    Google Scholar 

  6. Kop, L.M.: Bức tranh toàn cảnh vụ tấn công đòi tiền chuộc WannaCry đang làm đau đầu giới bảo mật trên toàn thế giới, 14 May 2017. http://cafef.vn/buc-tranh-toan-canh-vu-tan-cong-doi-tien-chuoc-wannacry-dang-lam-dau-dau-gioi-bao-mat-tren-toan-the-gioi-20170514212143119.chn. Accessed 8 July 2017

  7. Wikipedia: Máy học (2016). https://vi.wikipedia.org/wiki/Học_máy

  8. Veen, F.V.: The Nơ-ron Network Zoo, 14 September 2016. http://www.asimovinstitute.org/nơ-ron-network-zoo. Accessed 28 Oct 2016

  9. Sejnowski, T.J., Hinton, G.E.: Learning, and relearning in Boltzmann machines (1986)

    Google Scholar 

  10. Bengio, Y., Lamblin, P., Popovici, D., Larochelle, H.: Greedy layer-wise training of deep networks (2007)

    Google Scholar 

  11. He, K., Zhang, X., Ren, S., Sun, J.: Deep residual learning for image recognition (2015)

    Google Scholar 

  12. Brownlee, J.: Classification accuracy is not enough: more performance measures you can use, 21 March 2014. http://machinelearningmastery.com/classification-accuracy-is-not-enough-more-performance-measures-you-can-use/. Accessed 8 July 2017

  13. Antonio, N., Zubair, R.M., Juan, C.: The MALICIA dataset: identification and analysis of drive-by download operations. Int. J. Inf. Secur. 14, 15–33 (2015)

    Article  Google Scholar 

  14. Microsoft Corporation: Desktop App Technologies. Microsoft Corporation (2017). https://msdn.microsoft.com/library/windows/desktop/bg126469.aspx. Accessed 2 Jan 2018

  15. Wikipedia: x86 Disassesembly/Windows Excuteable Files. Wikipedia (2017). https://en.wikibooks.org/wiki/X86_Disassembly/Windows_Executable_Files. Accessed 2 Jan 2018

Download references

Author information

Authors and Affiliations

  1. Ho Chi Minh City University of Food Industry, Ho Chi Minh City, Vietnam

    Vu Thanh Nguyen

  2. Ho Chi Minh City University of Technology, Ho Chi Minh City, Vietnam

    Vu Thanh Hien

  3. Long an University of Economics and Industry, Tan an, Long an Province, Vietnam

    Le Dinh Tuan

  4. Academy of Cryptography Techniques, Ho Chi Minh City, Vietnam

    Mai Viet Tiep

  5. Ho Chi Minh City Tax Department, Ho Chi Minh City, Vietnam

    Nguyen Hoang Anh

  6. Sai Gon University, Ho Chi Minh City, Vietnam

    Pham Thi Vuong

Authors
  1. Vu Thanh Nguyen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vu Thanh Hien
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Le Dinh Tuan
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Mai Viet Tiep
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Nguyen Hoang Anh
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Pham Thi Vuong
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Vu Thanh Nguyen or Nguyen Hoang Anh .

Editor information

Editors and Affiliations

  1. Ho Chi Minh City University of Technology, Ho Chi Minh City, Vietnam

    Tran Khanh Dang

  2. Johannes Kepler University of Linz, Linz, Austria

    Josef Küng

  3. Hosei University, Tokyo, Japan

    Makoto Takizawa

  4. Sungkyunkwan University, Suwon, Korea (Republic of)

    Tai M. Chung

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Nguyen, V.T., Hien, V.T., Tuan, L.D., Tiep, M.V., Anh, N.H., Vuong, P.T. (2020). A Computer Virus Detection Method Based on Information from PE Structure of Files Combined with Deep Learning Models. In: Dang, T.K., Küng, J., Takizawa, M., Chung, T.M. (eds) Future Data and Security Engineering. Big Data, Security and Privacy, Smart City and Industry 4.0 Applications. FDSE 2020. Communications in Computer and Information Science, vol 1306. Springer, Singapore. https://doi.org/10.1007/978-981-33-4370-2_9

Download citation

  • DOI: https://doi.org/10.1007/978-981-33-4370-2_9

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-33-4369-6

  • Online ISBN: 978-981-33-4370-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation