Multi-Model Deep Learning Ensemble Approach for Detection of Malicious Executables

Due to the growing significance of the Internet in many facets of our lives, the World Wide Web, which end-users access via web browsers, is evolving into the next platform for those who want to engage in illegal activity for either their own or another person's financial or personal benefit. Among the reported types of attacks, attacks through malicious executables files are still one of the prevalent challenges. Different static and dynamic analysis approaches have been proposed to detect such executables. The challenge with these approaches is that they failed to detect novel attack types in malicious executables. With the dawn of Machine learning, the detection of novel attacks in malicious executables was possible to detect with high accuracy. Deep learning, which is a part of machine learning that works similarly to human neurons, provides a way to achieve much greater accuracy compared to machine learning. In this study, we propose a stacking-based ensemble approach combining CNN, LSTM, and GRU models to detect malicious executables. The experiment results demonstrate that an accuracy of 99.02% was achieved, which is very high compared to individual deep-learning models. 

[1]   Patil, B. P., Kharade, K. G., & Kamat, R. K. (2020). Investigation on data security threats & solutions. International Journal of Innovative Science and Research Technology, 5(1), 79-83.

[2]  Kapoor, A., Gupta, A., Gupta, R., Tanwar, S., Sharma, G., & Davidson, I. E. (2021). Ransomware detection, avoidance, and mitigation scheme: a review and future directions. Sustainability, 14(1), 8.

[3]  Khan, N., Abdullah, J., & Khan, A. S. (2017). Defending malicious script attacks using machine learning classifiers. Wireless Communications and Mobile Computing, 2017.Thambi-Rajah, T., & Jahankhani, H. (2021). The Role of Deep Neural Network in the Detection of Malware and APTs. In Challenges in the IoT and Smart Environments (pp. 161-188). Springer, Cham.

[4]  Khan, N., Johari, A., & Adnan, S. (2017). A Taxonomy Study of XSS Vulnerabilities. Asian J. Inf. Technol, 16, 169-177.

[5]  Case, A., Jalalzai, M. M., Firoz-Ul-Amin, M., Maggio, R. D., Ali-Gombe, A., Sun, M., & Richard III, G. G. (2019). HookTracer: A system for automated and accessible API hooks analysis. Digital Investigation, 29, S104-S112.

[6]  Khan, N., Abdullah, J., & Khan, A. S. (2015, August). Towards vulnerability prevention model for web browser using interceptor approach. In 2015 9th International Conference on IT in Asia (CITA) (pp. 1-5). IEEE.

[7]  Rathore, H., Sahay, S. K., Nikam, P., & Sewak, M. (2021). Robust android malware detection system against adversarial attacks using q-learning. Information Systems Frontiers, 23(4), 867-882.

[8] Schultz M, Eskin E, Zadok F, Stolfo S. Data mining methods for detection of new malicious executables. In: Proceedings of the IEEE computer society symposium on research in security and privacy; 2001, pp. 38–49.

[9]  Shabtai A, Moskovitch R, Elovici Y, Glezer C. Detection of malicious code by applying machine learning classifiers on static features: A state-of-the-art survey. Inf Secur Tech Rep. 2009;14(1):16–29.

[10]                      Firdausi I, lim C, Erwin A, Nugroho AS. Analysis of machine learning techniques used in behavior-based malware detection. In: Second international conference on advances in computing, control, and telecommunication technologies, Jakarta; 2010, pp. 201–203.

[11]                       Ahmadi, M., Ulyanov, D., Semenov, S., Trofimov, M., & Giacinto, G. (2016, March). Novel feature extraction, selection and fusion for effective malware family classification. In Proceedings of the sixth ACM conference on data and application security and privacy (pp. 183-194).

[12]                      Rathore, H., Agarwal, S., Sahay, S. K., & Sewak, M. (2018, December). Malware detection using machine learning and deep learning. In International Conference on Big Data Analytics (pp. 402-411). Springer, Cham.

[13]                      Nataraj, L., Karthikeyan, S., Jacob, G., & Manjunath, B. S. (2011, July). Malware images: visualization and automatic classification. In Proceedings of the 8th international symposium on visualization for cyber security (pp. 1-7).

[14]                      Yajamanam, S., Selvin, V. R. S., Di Troia, F., & Stamp, M. (2018, January). Deep Learning versus Gist Descriptors for Image-based Malware Classification. In Icissp (pp. 553-561).

[15]                       Bhodia, N., Prajapati, P., Di Troia, F., & Stamp, M. (2019). Transfer learning for image-based malware classification. arXiv preprint arXiv:1903.11551.

[16]                      Kalash, M., Rochan, M., Mohammed, N., Bruce, N. D., Wang, Y., & Iqbal, F. (2018, February). Malware classification with deep convolutional neural networks. In 2018 9th IFIP international conference on new technologies, mobility and security (NTMS) (pp. 1-5). IEEE.

[17]                       Choi, S., Jang, S., Kim, Y., & Kim, J. (2017, October). Malware detection using malware image and deep learning. In 2017 International Conference on Information and Communication Technology Convergence (ICTC) (pp. 1193-1195). IEEE.

[18]                      Pascanu, R., Stokes, J. W., Sanossian, H., Marinescu, M., & Thomas, A. (2015, April). Malware classification with recurrent networks. In 2015 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP) (pp. 1916-1920). IEEE.

[19]                      Lu, R. (2019). Malware detection with lstm using opcode language. arXiv preprint arXiv:1906.04593.

[20]                     Mikolov, T., Chen, K., Corrado, G., & Dean, J. (2013). Efficient estimation of word representations in vector space. arXiv preprint arXiv:1301.3781.

[21]                      Yan, J., Qi, Y., & Rao, Q. (2018). Detecting malware with an ensemble method based on deep neural network. Security and Communication Networks, 2018.

[22]                     https://www.kaggle.com/datasets/piyushrumao/malware-executable-detection

[23]                     Sharpe, D. (2015). Chi-square test is statistically significant: Now what?. Practical Assessment, Research, and Evaluation, 20(1), 8.

[24]                     Weka 3: Machine Learning Software in Java: https://www.cs.waikato.ac.nz/ml/weka/

[25]                      Abiyev, R. H., & Ma’aitaH, M. K. S. (2018). Deep convolutional neural networks for chest diseases detection. Journal of healthcare engineering, 2018.

[26]                     MK Gurucharan, Basic CNN Architecture: Explaining 5 Layers of Convolutional Neural Network Available at: https://www.upgrad.com/blog/basic-cnn-architecture/

[27]                      Sak, H., Senior, A. W., & Beaufays, F. (2014). Long short-term memory recurrent neural network architectures for large scale acoustic modeling.

[28]                     Fan, B., Wang, L., Soong, F. K., & Xie, L. (2015, April). Photo-real talking head with deep bidirectional LSTM. In 2015 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP) (pp. 4884-4888). IEEE.

[29]                     Chandra, R., Jain, A., & Singh Chauhan, D. (2022). Deep learning via LSTM models for COVID-19 infection forecasting in India. PloS one, 17(1), e0262708.

[30]                     Patil, S. A., Raj, L. A., & Singh, B. K. (2021). Prediction of IoT traffic using the gated recurrent unit neural network-(GRU-NN-) based predictive model. Security and Communication Networks, 2021.

[31]                      Hamayel, M. J., & Owda, A. Y. (2021). A Novel Cryptocurrency Price Prediction Model Using GRU, LSTM and bi-LSTM Machine Learning Algorithms. AI, 2(4), 477-496.

[32]                     Gaurav Singhal, LSTM versus GRU Units in RNN, Available at: https://www.pluralsight.com/guides/lstm-versus-gru-units-in-rnn

[33]                     Ganaie, M. A., & Hu, M. (2021). Ensemble deep learning: A review. arXiv preprint arXiv:2104.02395.

[34]                     Wang, Y., Pan, Z., Yuan, X., Yang, C., & Gui, W. (2020). A novel deep learning based fault diagnosis approach for chemical process with extended deep belief network. ISA transactions, 96, 457-467.

[35]                      Ko, J., Baldassano, S. N., Loh, P. L., Kording, K., Litt, B., & Issadore, D. (2018). Machine learning to detect signatures of disease in liquid biopsies–a user's guide. Lab on a Chip, 18(3), 395-405.

[36]                     Sesmero, M. P., Ledezma, A. I., & Sanchis, A. (2015). Generating ensembles of heterogeneous classifiers using stacked generalization. Wiley interdisciplinary reviews: data mining and knowledge discovery, 5(1), 21-34.

[37]                      Pfahringer, B., Bensusan, H., & Giraud-Carrier, C. G. (2000, June). Meta-Learning by Landmarking Various Learning Algorithms. In ICML (pp. 743-750).

[38]                     Yao, H., Liu, Y., Wei, Y., Tang, X., & Li, Z. (2019, May). Learning from multiple cities: A meta-learning approach for spatial-temporal prediction. In The World Wide Web Conference (pp. 2181-2191).