Deep-Ensemble and Multifaceted Behavioral Malware Variant Detection Model
Every day, hundreds of thousands of new malware programs are developed and spread worldwide in cyberspace. Most of these malware programs are malware variants such as polymorphic and metamorphic malware, which are created from older versions of malware and able to change their structures and functio...
Saved in:
| Published in | IEEE access Vol. 10; pp. 42762 - 42777 |
|---|---|
| Main Authors | , , , , , , |
| Format | Journal Article |
| Language | English |
| Published |
Piscataway
IEEE
2022
The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
| Subjects | |
| Online Access | Get full text |
Cover
Loading…
| Abstract | Every day, hundreds of thousands of new malware programs are developed and spread worldwide in cyberspace. Most of these malware programs are malware variants such as polymorphic and metamorphic malware, which are created from older versions of malware and able to change their structures and function flows to circumvent security solutions. The accuracy of malware variant detection is a crucial challenge. Many existing malware variant detections use static features extracted from the physical structure of malware file, such as opcodes and function flows. Unfortunately, the static features are subject to obfuscation and code shelling using simple obfuscation techniques. Although a malware variant can change its structure and function flows, it is widely believed that the malware variant cannot hide its malicious behavioral patterns during the runtime. Accordingly, dynamic, or behavioral analysis-based features were suggested by many studies to detect malware variants accurately. However, most of these studies are solely dependent on application-programmable interface calls (or API calls), which is not enough to accurately distinguish between malware and benign due to API-based obfuscation techniques. Therefore, a malware variant detection model that combines different behavioral activities can improve detection accuracy while reducing the false-negative rate. To this end, this study proposed a Deep-Ensemble and Multifaceted Behavioral Malware Variant Detection Model using Sequential Deep Learning and Extreme Gradient Boosting Techniques. Different behavioral features were extracted from the dynamic analysis environment. Then, a feature extraction algorithm that can automatically extract effective representative patterns has been designed and developed to extract the hidden representative features of the malware variants using a sequential deep learning model. These features have been fed into a developed extreme gradient boosting-based classifier for decision making. Extensive experiments have been carried out to validate the proposed scheme. The results were compared to the other related techniques in the field. The results show that the proposed model is reliable, as it improves the detection rate while reducing the false-negative rate. |
|---|---|
| AbstractList | Every day, hundreds of thousands of new malware programs are developed and spread worldwide in cyberspace. Most of these malware programs are malware variants such as polymorphic and metamorphic malware, which are created from older versions of malware and able to change their structures and function flows to circumvent security solutions. The accuracy of malware variant detection is a crucial challenge. Many existing malware variant detections use static features extracted from the physical structure of malware file, such as opcodes and function flows. Unfortunately, the static features are subject to obfuscation and code shelling using simple obfuscation techniques. Although a malware variant can change its structure and function flows, it is widely believed that the malware variant cannot hide its malicious behavioral patterns during the runtime. Accordingly, dynamic, or behavioral analysis-based features were suggested by many studies to detect malware variants accurately. However, most of these studies are solely dependent on application-programmable interface calls (or API calls), which is not enough to accurately distinguish between malware and benign due to API-based obfuscation techniques. Therefore, a malware variant detection model that combines different behavioral activities can improve detection accuracy while reducing the false-negative rate. To this end, this study proposed a Deep-Ensemble and Multifaceted Behavioral Malware Variant Detection Model using Sequential Deep Learning and Extreme Gradient Boosting Techniques. Different behavioral features were extracted from the dynamic analysis environment. Then, a feature extraction algorithm that can automatically extract effective representative patterns has been designed and developed to extract the hidden representative features of the malware variants using a sequential deep learning model. These features have been fed into a developed extreme gradient boosting-based classifier for decision making. Extensive experiments have been carried out to validate the proposed scheme. The results were compared to the other related techniques in the field. The results show that the proposed model is reliable, as it improves the detection rate while reducing the false-negative rate. |
| Author | Darem, Abdulbasit A. Al-Hashmi, Asma A. Ghaleb, Fuad A. Al-Marghilani, A. Ebad, Shouki A. M.S., Muhammad Saqib Yahya, Abdulsamad E. |
| Author_xml | – sequence: 1 givenname: Asma A. orcidid: 0000-0001-7871-7069 surname: Al-Hashmi fullname: Al-Hashmi, Asma A. email: asma.alhashmi@nbu.edu.sa organization: Department of Computer Science, Northern Border University, Arar, Saudi Arabia – sequence: 2 givenname: Fuad A. orcidid: 0000-0002-1468-0655 surname: Ghaleb fullname: Ghaleb, Fuad A. organization: School of Computing, University Teknologi Malaysia (UTM), Johor Bahru, Johor, Malaysia – sequence: 3 givenname: A. surname: Al-Marghilani fullname: Al-Marghilani, A. organization: College of Computer Science & Information Technology, Northern Border University, Arar, Saudi Arabia – sequence: 4 givenname: Abdulsamad E. surname: Yahya fullname: Yahya, Abdulsamad E. organization: College of Computer Science & Information Technology, Northern Border University, Arar, Saudi Arabia – sequence: 5 givenname: Shouki A. surname: Ebad fullname: Ebad, Shouki A. organization: Department of Computer Science, Northern Border University, Arar, Saudi Arabia – sequence: 6 givenname: Muhammad Saqib surname: M.S. fullname: M.S., Muhammad Saqib organization: Department of Computer Science, Northern Border University, Arar, Saudi Arabia – sequence: 7 givenname: Abdulbasit A. orcidid: 0000-0002-5650-1838 surname: Darem fullname: Darem, Abdulbasit A. organization: Department of Computer Science, Northern Border University, Arar, Saudi Arabia |
| BookMark | eNqFUUtv2zAMFoYWWJf2F_RiYGdnetiSdezSdAuQoIc-rgIt0ZsCx8pkZUP__ZQ5KIZeygsJ4nsQ_D6RsyEMSMg1o3PGqP5ys1gsHx7mnHI-F0w2SlcfyAVnUpeiFvLsv_kjuRrHLc3V5FWtLsjqFnFfLocRd22PBQyu2Bz65DuwmNAVX_En_PYhQl9soP8DEYtniB6GVNxmgE0-DMUmOOwvyXkH_YhXpz4jT3fLx8X3cn3_bbW4WZe2ok0qG-ioAA1tnQeg4BzjymkqK8GhqrREa2Wn0OnOKce5o9gJYJYrK2twtZiR1aTrAmzNPvodxBcTwJt_ixB_GIjJ2x4NMt5pyVrbCFkpxVvgXCgFFNuWZqOs9XnS2sfw64BjMttwiEM-33BZ51dWqqYZJSaUjWEcI3avroyaYwRmisAcIzCnCDJLv2FZn-D4rxTB9-9wryeuR8RXN60kFQ0XfwH1MJX8 |
| CODEN | IAECCG |
| CitedBy_id | crossref_primary_10_1109_ACCESS_2024_3486094 crossref_primary_10_1109_ACCESS_2024_3491185 crossref_primary_10_3390_computers11110160 crossref_primary_10_32604_cmc_2023_041038 crossref_primary_10_3390_math11132944 crossref_primary_10_3390_math11020416 crossref_primary_10_32604_cmc_2024_048036 crossref_primary_10_1109_ACCESS_2024_3376682 crossref_primary_10_1016_j_engappai_2023_106030 |
| Cites_doi | 10.1016/j.jnca.2020.102753 10.1145/2490428.2490454 10.1016/j.future.2018.07.052 10.1155/2019/1043794 10.1109/ACCESS.2020.3019282 10.1016/j.cose.2019.101682 10.1109/SP.2012.14 10.1049/iet-ifs.2018.5268 10.1016/j.engappai.2016.12.016 10.1109/TIFS.2018.2806891 10.1109/AsiaJCIS.2019.00-10 10.1109/TR.2019.2924677 10.18517/ijaseit.8.4-2.6827 10.1631/FITEE.1601325 10.1016/j.cosrev.2019.01.002 10.1109/ACCESS.2020.3012674 10.1145/3073559 10.1002/sec.869 10.1016/j.cose.2019.02.007 10.1155/2019/9629381 10.1109/TPAMI.2004.75 10.1109/TII.2018.2822680 10.1016/j.jpdc.2020.03.012 10.1016/j.procs.2019.09.358 10.1016/j.cose.2019.04.005 10.1109/TIFS.2016.2646641 10.1109/ACCESS.2021.3093366 10.1016/j.future.2020.10.002 10.1016/j.eswa.2018.06.012 10.1109/ACCESS.2018.2835654 10.1016/j.csi.2020.103443 10.1145/1774088.1774303 10.1145/2568225.2568301 10.1109/ACCESS.2021.3094517 10.1016/j.jnca.2019.102526 |
| ContentType | Journal Article |
| Copyright | Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2022 |
| Copyright_xml | – notice: Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2022 |
| DBID | 97E ESBDL RIA RIE AAYXX CITATION 7SC 7SP 7SR 8BQ 8FD JG9 JQ2 L7M L~C L~D DOA |
| DOI | 10.1109/ACCESS.2022.3168794 |
| DatabaseName | IEEE All-Society Periodicals Package (ASPP) 2005–Present IEEE Xplore Open Access Journals IEEE All-Society Periodicals Package (ASPP) 1998–Present IEEE Electronic Library (IEL) CrossRef Computer and Information Systems Abstracts Electronics & Communications Abstracts Engineered Materials Abstracts METADEX Technology Research Database Materials Research Database ProQuest Computer Science Collection Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Academic Computer and Information Systems Abstracts Professional DOAJ Open Access Full Text |
| DatabaseTitle | CrossRef Materials Research Database Engineered Materials Abstracts Technology Research Database Computer and Information Systems Abstracts – Academic Electronics & Communications Abstracts ProQuest Computer Science Collection Computer and Information Systems Abstracts Advanced Technologies Database with Aerospace METADEX Computer and Information Systems Abstracts Professional |
| DatabaseTitleList | Materials Research Database |
| Database_xml | – sequence: 1 dbid: DOA name: DOAJ Directory of Open Access Journals url: https://www.doaj.org/ sourceTypes: Open Website – sequence: 2 dbid: RIE name: IEEE Electronic Library (IEL) url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Engineering |
| EISSN | 2169-3536 |
| EndPage | 42777 |
| ExternalDocumentID | oai_doaj_org_article_e12f961bc8364772ba22377a0ebb06ec 10_1109_ACCESS_2022_3168794 9760382 |
| Genre | orig-research |
| GrantInformation_xml | – fundername: Deputyship for Research and Innovation, Ministry of Education, Saudi Arabia grantid: 1385 |
| GroupedDBID | 0R~ 4.4 5VS 6IK 97E AAJGR ABAZT ABVLG ACGFS ADBBV AGSQL ALMA_UNASSIGNED_HOLDINGS BCNDV BEFXN BFFAM BGNUA BKEBE BPEOZ EBS EJD ESBDL GROUPED_DOAJ IPLJI JAVBF KQ8 M43 M~E O9- OCL OK1 RIA RIE RNS AAYXX CITATION RIG 7SC 7SP 7SR 8BQ 8FD JG9 JQ2 L7M L~C L~D |
| ID | FETCH-LOGICAL-c408t-8af03a9ab5af0a0add127d906432a4496ecc6f7ed9fd7d22d0ef3a1c27c65ad53 |
| IEDL.DBID | RIE |
| ISSN | 2169-3536 |
| IngestDate | Wed Aug 27 01:25:24 EDT 2025 Mon Jun 30 06:31:29 EDT 2025 Thu Apr 24 23:06:38 EDT 2025 Tue Jul 01 04:21:06 EDT 2025 Wed Aug 27 02:40:28 EDT 2025 |
| IsDoiOpenAccess | true |
| IsOpenAccess | true |
| IsPeerReviewed | true |
| IsScholarly | true |
| Language | English |
| License | https://creativecommons.org/licenses/by/4.0/legalcode |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-c408t-8af03a9ab5af0a0add127d906432a4496ecc6f7ed9fd7d22d0ef3a1c27c65ad53 |
| Notes | ObjectType-Article-1 SourceType-Scholarly Journals-1 ObjectType-Feature-2 content type line 14 |
| ORCID | 0000-0002-5650-1838 0000-0002-1468-0655 0000-0001-7871-7069 |
| OpenAccessLink | https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/document/9760382 |
| PQID | 2656874750 |
| PQPubID | 4845423 |
| PageCount | 16 |
| ParticipantIDs | doaj_primary_oai_doaj_org_article_e12f961bc8364772ba22377a0ebb06ec proquest_journals_2656874750 crossref_citationtrail_10_1109_ACCESS_2022_3168794 ieee_primary_9760382 crossref_primary_10_1109_ACCESS_2022_3168794 |
| ProviderPackageCode | CITATION AAYXX |
| PublicationCentury | 2000 |
| PublicationDate | 20220000 2022-00-00 20220101 2022-01-01 |
| PublicationDateYYYYMMDD | 2022-01-01 |
| PublicationDate_xml | – year: 2022 text: 20220000 |
| PublicationDecade | 2020 |
| PublicationPlace | Piscataway |
| PublicationPlace_xml | – name: Piscataway |
| PublicationTitle | IEEE access |
| PublicationTitleAbbrev | Access |
| PublicationYear | 2022 |
| Publisher | IEEE The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
| Publisher_xml | – name: IEEE – name: The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
| References | ref13 ref35 ref12 ref34 ref15 ref37 ref14 ref31 ref30 ref11 ref33 ref10 ref32 ref2 ref17 ref39 ref16 ref38 ref19 ref18 Kang (ref5) 2020; 16 ref24 ref23 ref26 ref25 ref20 ref22 ref21 ref28 ref27 ref29 ref8 ref7 (ref1) 2020 ref9 ref4 ref3 Sikorski (ref36) 2012 Lonas (ref6) 2018 |
| References_xml | – ident: ref9 doi: 10.1016/j.jnca.2020.102753 – ident: ref20 doi: 10.1145/2490428.2490454 – ident: ref38 doi: 10.1016/j.future.2018.07.052 – volume-title: Malware Statistics and Trends Report year: 2020 ident: ref1 – ident: ref26 doi: 10.1155/2019/1043794 – ident: ref7 doi: 10.1109/ACCESS.2020.3019282 – ident: ref14 doi: 10.1016/j.cose.2019.101682 – ident: ref29 doi: 10.1109/SP.2012.14 – ident: ref17 doi: 10.1049/iet-ifs.2018.5268 – ident: ref19 doi: 10.1016/j.engappai.2016.12.016 – ident: ref32 doi: 10.1109/TIFS.2018.2806891 – ident: ref22 doi: 10.1109/AsiaJCIS.2019.00-10 – volume-title: Practical Malware Analysis the Hands-On Guide to Dissecting Malicious Software year: 2012 ident: ref36 – ident: ref3 doi: 10.1109/TR.2019.2924677 – ident: ref23 doi: 10.18517/ijaseit.8.4-2.6827 – ident: ref31 doi: 10.1631/FITEE.1601325 – ident: ref18 doi: 10.1016/j.cosrev.2019.01.002 – volume-title: Threat Report, in Webroot Smarter Cybersecurity year: 2018 ident: ref6 – ident: ref34 doi: 10.1109/ACCESS.2020.3012674 – ident: ref35 doi: 10.1145/3073559 – ident: ref24 doi: 10.1002/sec.869 – ident: ref28 doi: 10.1016/j.cose.2019.02.007 – ident: ref30 doi: 10.1155/2019/9629381 – ident: ref33 doi: 10.1109/TPAMI.2004.75 – ident: ref16 doi: 10.1109/TII.2018.2822680 – ident: ref11 doi: 10.1016/j.jpdc.2020.03.012 – ident: ref15 doi: 10.1016/j.procs.2019.09.358 – ident: ref4 doi: 10.1016/j.cose.2019.04.005 – ident: ref2 doi: 10.1109/TIFS.2016.2646641 – volume: 16 start-page: 882 issue: 4 year: 2020 ident: ref5 article-title: A study on variant malware detection techniques using static and dynamic features publication-title: J. Inf. Process. Syst. – ident: ref25 doi: 10.1109/ACCESS.2021.3093366 – ident: ref8 doi: 10.1016/j.future.2020.10.002 – ident: ref12 doi: 10.1016/j.eswa.2018.06.012 – ident: ref13 doi: 10.1109/ACCESS.2018.2835654 – ident: ref10 doi: 10.1016/j.csi.2020.103443 – ident: ref21 doi: 10.1145/1774088.1774303 – ident: ref27 doi: 10.1145/2568225.2568301 – ident: ref37 doi: 10.1109/ACCESS.2021.3094517 – ident: ref39 doi: 10.1016/j.jnca.2019.102526 |
| SSID | ssj0000816957 |
| Score | 2.3255017 |
| Snippet | Every day, hundreds of thousands of new malware programs are developed and spread worldwide in cyberspace. Most of these malware programs are malware variants... |
| SourceID | doaj proquest crossref ieee |
| SourceType | Open Website Aggregation Database Enrichment Source Index Database Publisher |
| StartPage | 42762 |
| SubjectTerms | Algorithms Boosting Cybersecurity Decision making deep ensemble learning Deep learning Feature extraction Heuristic algorithms Internet Machine learning Malware Malware detection malware variants multifaceted behavioral features Security sequential deep learning Static analysis |
| SummonAdditionalLinks | – databaseName: DOAJ Open Access Full Text dbid: DOA link: http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwrV07T8MwELYQEwyIpygU5IGRgOM4sT22hQqQygSIzTq_phIQLeLvc07SqggJFrYoch7-7nwPy_cdIWdc2SKAYFkMLGYCpZxpxVwGEsAV2juQqVB4cl_dPIq75_J5pdVXOhPW0gO3wF2GnEdd5dapxHQuuQV0aFICC9ayKrhkfdHnrSRTjQ1WeaVL2dEM5UxfDkYjnBEmhJxfpGZNUotvrqhh7O9arPywy42zGW-TrS5KpIP273bIWqh3yeYKd-Aeub0K4S27rmfhxU4DhdrTppg2gsM42NPhsv6eTmD6Ce-BPmFejEDSqzBvDmDVNHVCm-6Tx_H1w-gm6_oiZE4wNc8URFaABlviBTC0UDmXXqfggoMQGlFxVZTB6-il59yzEAvIHZeuKsGXxQFZr1_rcEhowaByUSMamJlEJiyPtlAi-hIXP-RVj_AFRMZ1pOGpd8XUNMkD06bF1SRcTYdrj5wvH3prOTN-Hz5M2C-HJsLr5gaqgenUwPylBj2ylyS3fAlGWaxQvEf6C0mabnHODMcYVmEaVbKj__j0MdlI02n3Zfpkff7-EU4wUpnb00YpvwA_V-J3 priority: 102 providerName: Directory of Open Access Journals |
| Title | Deep-Ensemble and Multifaceted Behavioral Malware Variant Detection Model |
| URI | https://ieeexplore.ieee.org/document/9760382 https://www.proquest.com/docview/2656874750 https://doaj.org/article/e12f961bc8364772ba22377a0ebb06ec |
| Volume | 10 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV3PTxQxFG6Qkx4EROMikh48Mkun86PTIywQMFlPYrg1r-3rxXUgMBsT_3pfO92JqDHemsl00vZrX9_X6fseYx9kZyuEWhQBRShqQrnQnXAFKABXae9AxUDh5af26qb-eNvcbrHjKRYGEdPlM5zHYvqX7-_cOh6VndDWKaqODO4zIm5jrNZ0nhITSOhGZWGhUuiT08WC-kAUUMp5TM-kdP1k80ka_Tmpyh-WOG0vlztsuWnYeKvk63w92Ln78Ztm4_-2fJe9zH4mPx0nxh7bwv4Ve_GL-uA-uz5HvC8u-kf8ZlfIofc8heMGcORJe342RfDzJay-wwPyL8SsCQp-jkO6wtXzmEtt9ZrdXF58XlwVObNC4WrRDUUHQVSgwTZUAEE2rpTK6-ieSKhr3RKwbVDodfDKS-kFhgpKJ5VrG_BN9YZt93c9vmW8EtC6oGl0idsEUVsZbNXVwTdkPqBsZ0xuhty4LDses1-sTKIfQpsRJxNxMhmnGTueKt2Pqhv_fv0sYjm9GiWz0wPCwOQVaLCUQbeldV2UzFfSAnlGSoFAawV1eMb2I27TRzJkM3a4mRkmL-9HI8kL7oiINeLg77XeseexgeNZzSHbHh7W-J68l8EeJdZ_lCbvT-Db7PA |
| linkProvider | IEEE |
| linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1LT9wwELYQPbQ99EWrbqHgQ49kcRwnjo-wgJaW5QQVN2tsjy9sA4KsKvXXM06yUV-qerMiO7L92fOwPd8w9knWrkBQIosoYqYI5czUwmegAXxhggedAoUXF9X8Sn2-Lq832P4YC4OI3eMznKZid5cfbv0qHZUdkOoURU0C9wnp_VL20VrjiUpKIWFKPVAL5cIcHM5mNApyAqWcpgRN2qhf1E_H0j-kVflDFncK5vQlW6y71r8ruZmuWjf1P35jbfzfvr9iLwZLkx_2S-M128DmDXv-E__gFjs7RrzLTpoH_OaWyKEJvAvIjeDJlg78aIzh5wtYfod75F_JtyYw-DG23SOuhqdsasu37Or05HI2z4bcCplXom6zGqIowIArqQCCpFwudTDJQJGglKkI2ipqDCYGHaQMAmMBuZfaVyWEsnjHNpvbBt8zXgiofDQ0u-TdRKGcjK6oVQwlCRDIqwmT6ym3fiAeT_kvlrZzQISxPU424WQHnCZsf2x01_Nu_Lv6UcJyrJpIs7sPhIEd9qDFXEZT5c7XiTRfSwdkG2kNAp0TNOAJ20q4jT8ZIJuwnfXKsMMGf7CS7OCaXLFSfPh7qz32dH65OLfnZxdfttmz1Nn-5GaHbbb3K_xItkzrdrsl_AjObO9F |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Deep-Ensemble+and+Multifaceted+Behavioral+Malware+Variant+Detection+Model&rft.jtitle=IEEE+access&rft.au=Al-Hashmi%2C+Asma+A.&rft.au=Ghaleb%2C+Fuad+A.&rft.au=Al-Marghilani%2C+A.&rft.au=Yahya%2C+Abdulsamad+E.&rft.date=2022&rft.pub=IEEE&rft.eissn=2169-3536&rft.volume=10&rft.spage=42762&rft.epage=42777&rft_id=info:doi/10.1109%2FACCESS.2022.3168794&rft.externalDocID=9760382 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=2169-3536&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=2169-3536&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=2169-3536&client=summon |