IDEAS home Printed from https://ideas.repec.org/a/plo/pone00/0211373.html
   My bibliography  Save this article

Homology analysis of malware based on ensemble learning and multifeatures

Author

Listed:
  • Di Xue
  • Jingmei Li
  • Weifei Wu
  • Qiao Tian
  • JiaXiang Wang

Abstract

With the exponential increase in malware, homology analysis has become a hot research topic in the malware detection field. This paper proposes MHAS, a malware homology analysis system based on ensemble learning and multifeatures. MHAS generates grayscale images from malware binary files and then uses the opcode tool IDA Pro to extract opcode sequences and system call graphs. Thus, RGB images and M-images are generated on the image matrix. Then, MHAS uses convolutional neural networks (CNNs) as base learners to perform bagging ensemble learning to learn features from the grayscale images, RGB images and M-images. Next, MHAS integrates the nine base learners using voting, learning and selective ensemble (in that order) and maps the integration results to the result matrix. Finally, the result matrix is again integrated using the learning method to obtain the final malware classification result. To verify the accuracy of MHAS, we performed a malware family classification experiment, that included samples of 10 malware families. The results showed that MHAS can reach an accuracy rate of 99.17%, meaning that it can effectively analyze and identify malware families.

Suggested Citation

  • Di Xue & Jingmei Li & Weifei Wu & Qiao Tian & JiaXiang Wang, 2019. "Homology analysis of malware based on ensemble learning and multifeatures," PLOS ONE, Public Library of Science, vol. 14(8), pages 1-23, August.
    • Handle: RePEc:plo:pone00:0211373
    DOI: 10.1371/journal.pone.0211373
    as

    Download full text from publisher

    File URL: https://journals.plos.org/plosone/article?id=10.1371/journal.pone.0211373
    Download Restriction: no
    File URL: https://journals.plos.org/plosone/article/file?id=10.1371/journal.pone.0211373&type=printable
    Download Restriction: no
    File URL: https://libkey.io/10.1371/journal.pone.0211373?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    References listed on IDEAS

    as
    1. Stefano Merler & Giuseppe Jurman, 2013. "A Combinatorial Model of Malware Diffusion via Bluetooth Connections," PLOS ONE, Public Library of Science, vol. 8(3), pages 1-12, March.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Yong Fang & Yuetian Zeng & Beibei Li & Liang Liu & Lei Zhang, 2020. "DeepDetectNet vs RLAttackNet: An adversarial method to improve deep learning-based static malware detection model," PLOS ONE, Public Library of Science, vol. 15(4), pages 1-32, April.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.

      More about this item

      Statistics

      Access and download statistics

      Corrections

      All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:plo:pone00:0211373. See general information about how to correct material in RePEc.

      If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

      If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

      If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

      For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: plosone (email available below). General contact details of provider: https://journals.plos.org/plosone/ .

      Please note that corrections may take a couple of weeks to filter through the various RePEc services.

      IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.