Evolutionary Triplet Network of Learning Disentangled Malware Space for Malware Classification

Kyoung Won Park; Seok Jun Bu; Sung Bae Cho

doi:10.1007/978-3-031-15471-3_27

Evolutionary Triplet Network of Learning Disentangled Malware Space for Malware Classification

Kyoung Won Park, Seok Jun Bu, Sung Bae Cho

College of Computing

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

With the advent of sophisticated deep learning models, various methods for classifying malware from structural features of source codes have been devised. Nevertheless, recent advanced detection-avoidance techniques actively imitate structural features of benign programs and share vulnerable subroutines, making it difficult to distinguish malicious attacks. Therefore, a method to distinguish and classify similar malicious attacks is urgent and significant. In this paper, we propose a method based on a triplet network of learning the disentangled malware space from assembly-level features beyond the structural characteristics of malware. The method comprises two major components, which are 1) triplet loss-trained network to disentangle deep representation between malware being close in the latent vector space, and 2) genetic optimization of assembly-level features to resolve collisions between thousands of assembly-level features. Experiments with the assembly and binary code dataset released from Microsoft show that the proposed method outperforms existing methods based on structural features, achieving the highest performance in 10-fold cross-validation. Moreover, we demonstrate the superiority of disentangled representation for malware classification by visualizing the latent space and ROC curves.

Original language	English
Title of host publication	Hybrid Artificial Intelligent Systems - 17th International Conference, HAIS 2022, Proceedings
Editors	Pablo García Bringas, Hilde Pérez García, Francisco Javier Martínez de Pisón, José Ramón Villar Flecha, Alicia Troncoso Lora, Enrique A. de la Cal, Alvaro Herrero, Francisco Martínez Álvarez, Giuseppe Psaila, Hector Quintián, Emilio Corchado
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	311-322
Number of pages	12
ISBN (Print)	9783031154706
DOIs	https://doi.org/10.1007/978-3-031-15471-3_27
Publication status	Published - 2022
Event	17th International Conference on Hybrid Artificial Intelligence Systems, HAIS 2022 - Salamancaa, Spain Duration: 2022 Sept 5 → 2022 Sept 7

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	13469 LNAI
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	17th International Conference on Hybrid Artificial Intelligence Systems, HAIS 2022
Country/Territory	Spain
City	Salamancaa
Period	22/9/5 → 22/9/7

Bibliographical note

Funding Information:
Acknowledgements. This work was supported by an IITP grant funded by the Korean government (MSIT) (No.2020-0-01361, Artificial Intelligence Graduate School Program (Yonsei University)) and an ETRI grant funded by the Korean government (22ZS1100, Core Technology Research for Self-Improving Integrated Artificial Intelligence System).

Publisher Copyright:
© 2022, Springer Nature Switzerland AG.

All Science Journal Classification (ASJC) codes

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-031-15471-3_27

Cite this

Park, K. W., Bu, S. J., & Cho, S. B. (2022). Evolutionary Triplet Network of Learning Disentangled Malware Space for Malware Classification. In P. García Bringas, H. Pérez García, F. J. Martínez de Pisón, J. R. Villar Flecha, A. Troncoso Lora, E. A. de la Cal, A. Herrero, F. Martínez Álvarez, G. Psaila, H. Quintián, & E. Corchado (Eds.), Hybrid Artificial Intelligent Systems - 17th International Conference, HAIS 2022, Proceedings (pp. 311-322). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13469 LNAI). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-15471-3_27

Park, Kyoung Won ; Bu, Seok Jun ; Cho, Sung Bae. / Evolutionary Triplet Network of Learning Disentangled Malware Space for Malware Classification. Hybrid Artificial Intelligent Systems - 17th International Conference, HAIS 2022, Proceedings. editor / Pablo García Bringas ; Hilde Pérez García ; Francisco Javier Martínez de Pisón ; José Ramón Villar Flecha ; Alicia Troncoso Lora ; Enrique A. de la Cal ; Alvaro Herrero ; Francisco Martínez Álvarez ; Giuseppe Psaila ; Hector Quintián ; Emilio Corchado. Springer Science and Business Media Deutschland GmbH, 2022. pp. 311-322 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{a57ea8132d4d436eb8f05c099d80acd9,

title = "Evolutionary Triplet Network of Learning Disentangled Malware Space for Malware Classification",

abstract = "With the advent of sophisticated deep learning models, various methods for classifying malware from structural features of source codes have been devised. Nevertheless, recent advanced detection-avoidance techniques actively imitate structural features of benign programs and share vulnerable subroutines, making it difficult to distinguish malicious attacks. Therefore, a method to distinguish and classify similar malicious attacks is urgent and significant. In this paper, we propose a method based on a triplet network of learning the disentangled malware space from assembly-level features beyond the structural characteristics of malware. The method comprises two major components, which are 1) triplet loss-trained network to disentangle deep representation between malware being close in the latent vector space, and 2) genetic optimization of assembly-level features to resolve collisions between thousands of assembly-level features. Experiments with the assembly and binary code dataset released from Microsoft show that the proposed method outperforms existing methods based on structural features, achieving the highest performance in 10-fold cross-validation. Moreover, we demonstrate the superiority of disentangled representation for malware classification by visualizing the latent space and ROC curves.",

author = "Park, {Kyoung Won} and Bu, {Seok Jun} and Cho, {Sung Bae}",

note = "Funding Information: Acknowledgements. This work was supported by an IITP grant funded by the Korean government (MSIT) (No.2020-0-01361, Artificial Intelligence Graduate School Program (Yonsei University)) and an ETRI grant funded by the Korean government (22ZS1100, Core Technology Research for Self-Improving Integrated Artificial Intelligence System). Publisher Copyright: {\textcopyright} 2022, Springer Nature Switzerland AG.; 17th International Conference on Hybrid Artificial Intelligence Systems, HAIS 2022 ; Conference date: 05-09-2022 Through 07-09-2022",

year = "2022",

doi = "10.1007/978-3-031-15471-3_27",

language = "English",

isbn = "9783031154706",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "311--322",

editor = "{Garc{\'i}a Bringas}, Pablo and {P{\'e}rez Garc{\'i}a}, Hilde and {Mart{\'i}nez de Pis{\'o}n}, {Francisco Javier} and {Villar Flecha}, {Jos{\'e} Ram{\'o}n} and {Troncoso Lora}, Alicia and {de la Cal}, {Enrique A.} and Alvaro Herrero and {Mart{\'i}nez {\'A}lvarez}, Francisco and Giuseppe Psaila and Hector Quinti{\'a}n and Emilio Corchado",

booktitle = "Hybrid Artificial Intelligent Systems - 17th International Conference, HAIS 2022, Proceedings",

address = "Germany",

}

Park, KW, Bu, SJ & Cho, SB 2022, Evolutionary Triplet Network of Learning Disentangled Malware Space for Malware Classification. in P García Bringas, H Pérez García, FJ Martínez de Pisón, JR Villar Flecha, A Troncoso Lora, EA de la Cal, A Herrero, F Martínez Álvarez, G Psaila, H Quintián & E Corchado (eds), Hybrid Artificial Intelligent Systems - 17th International Conference, HAIS 2022, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 13469 LNAI, Springer Science and Business Media Deutschland GmbH, pp. 311-322, 17th International Conference on Hybrid Artificial Intelligence Systems, HAIS 2022, Salamancaa, Spain, 22/9/5. https://doi.org/10.1007/978-3-031-15471-3_27

Evolutionary Triplet Network of Learning Disentangled Malware Space for Malware Classification. / Park, Kyoung Won; Bu, Seok Jun; Cho, Sung Bae.

Hybrid Artificial Intelligent Systems - 17th International Conference, HAIS 2022, Proceedings. ed. / Pablo García Bringas; Hilde Pérez García; Francisco Javier Martínez de Pisón; José Ramón Villar Flecha; Alicia Troncoso Lora; Enrique A. de la Cal; Alvaro Herrero; Francisco Martínez Álvarez; Giuseppe Psaila; Hector Quintián; Emilio Corchado. Springer Science and Business Media Deutschland GmbH, 2022. p. 311-322 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13469 LNAI).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Evolutionary Triplet Network of Learning Disentangled Malware Space for Malware Classification

AU - Park, Kyoung Won

AU - Bu, Seok Jun

AU - Cho, Sung Bae

N1 - Funding Information: Acknowledgements. This work was supported by an IITP grant funded by the Korean government (MSIT) (No.2020-0-01361, Artificial Intelligence Graduate School Program (Yonsei University)) and an ETRI grant funded by the Korean government (22ZS1100, Core Technology Research for Self-Improving Integrated Artificial Intelligence System). Publisher Copyright: © 2022, Springer Nature Switzerland AG.

PY - 2022

Y1 - 2022

N2 - With the advent of sophisticated deep learning models, various methods for classifying malware from structural features of source codes have been devised. Nevertheless, recent advanced detection-avoidance techniques actively imitate structural features of benign programs and share vulnerable subroutines, making it difficult to distinguish malicious attacks. Therefore, a method to distinguish and classify similar malicious attacks is urgent and significant. In this paper, we propose a method based on a triplet network of learning the disentangled malware space from assembly-level features beyond the structural characteristics of malware. The method comprises two major components, which are 1) triplet loss-trained network to disentangle deep representation between malware being close in the latent vector space, and 2) genetic optimization of assembly-level features to resolve collisions between thousands of assembly-level features. Experiments with the assembly and binary code dataset released from Microsoft show that the proposed method outperforms existing methods based on structural features, achieving the highest performance in 10-fold cross-validation. Moreover, we demonstrate the superiority of disentangled representation for malware classification by visualizing the latent space and ROC curves.

AB - With the advent of sophisticated deep learning models, various methods for classifying malware from structural features of source codes have been devised. Nevertheless, recent advanced detection-avoidance techniques actively imitate structural features of benign programs and share vulnerable subroutines, making it difficult to distinguish malicious attacks. Therefore, a method to distinguish and classify similar malicious attacks is urgent and significant. In this paper, we propose a method based on a triplet network of learning the disentangled malware space from assembly-level features beyond the structural characteristics of malware. The method comprises two major components, which are 1) triplet loss-trained network to disentangle deep representation between malware being close in the latent vector space, and 2) genetic optimization of assembly-level features to resolve collisions between thousands of assembly-level features. Experiments with the assembly and binary code dataset released from Microsoft show that the proposed method outperforms existing methods based on structural features, achieving the highest performance in 10-fold cross-validation. Moreover, we demonstrate the superiority of disentangled representation for malware classification by visualizing the latent space and ROC curves.

UR - http://www.scopus.com/inward/record.url?scp=85139083363&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85139083363&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-15471-3_27

DO - 10.1007/978-3-031-15471-3_27

M3 - Conference contribution

AN - SCOPUS:85139083363

SN - 9783031154706

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 311

EP - 322

BT - Hybrid Artificial Intelligent Systems - 17th International Conference, HAIS 2022, Proceedings

A2 - García Bringas, Pablo

A2 - Pérez García, Hilde

A2 - Martínez de Pisón, Francisco Javier

A2 - Villar Flecha, José Ramón

A2 - Troncoso Lora, Alicia

A2 - de la Cal, Enrique A.

A2 - Herrero, Alvaro

A2 - Martínez Álvarez, Francisco

A2 - Psaila, Giuseppe

A2 - Quintián, Hector

A2 - Corchado, Emilio

PB - Springer Science and Business Media Deutschland GmbH

T2 - 17th International Conference on Hybrid Artificial Intelligence Systems, HAIS 2022

Y2 - 5 September 2022 through 7 September 2022

ER -

Park KW, Bu SJ, Cho SB. Evolutionary Triplet Network of Learning Disentangled Malware Space for Malware Classification. In García Bringas P, Pérez García H, Martínez de Pisón FJ, Villar Flecha JR, Troncoso Lora A, de la Cal EA, Herrero A, Martínez Álvarez F, Psaila G, Quintián H, Corchado E, editors, Hybrid Artificial Intelligent Systems - 17th International Conference, HAIS 2022, Proceedings. Springer Science and Business Media Deutschland GmbH. 2022. p. 311-322. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-15471-3_27

Evolutionary Triplet Network of Learning Disentangled Malware Space for Malware Classification

Abstract

Publication series

Conference

Bibliographical note

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this