• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>IEEE Transactions on Emerging Topics in Computational Intelligence >An Enhanced Stacked LSTM Method With No Random Initialization for Malware Threat Hunting in Safety and Time-Critical Systems
【24h】

An Enhanced Stacked LSTM Method With No Random Initialization for Malware Threat Hunting in Safety and Time-Critical Systems

机译:一种增强的堆叠LSTM方法,对于安全和时间关键系统中的恶意软件威胁狩猎没有随机初始化

获取原文
获取原文并翻译 | 示例
获取外文期刊封面目录资料
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Malware detection is an increasingly important operational focus in cyber security, particularly, given the fast pace of such threats (e.g., new malware variants introduced every day). In recent years, there has been increased interest in exploring the use of machine learning techniques in automating and enhancing the effectiveness of malware detection and analysis. In this paper, we present a deep recurrent neural network solution as a stacked long short-term memory (LSTM) with a pre-training as a regularization method to avoid random network initialization. In our proposed approach, we use global and short dependencies of the inputs. With pre-training, we avoid random initialization and are able to improve the accuracy and robustness of malware threat hunting. The proposed method speeds up the convergence, in comparison to the stacked LSTM, by reducing the length of malware OpCode or bytecode sequences. Hence, the complexity of our final method is reduced. This leads to better accuracy, higher Mattews Correlation Coefficients (MCC), and Area Under the Curve (AUC) in comparison to a standard LSTM with similar detection time. Our proposed method can be applied in real-time malware threat hunting, particularly, for safety critical systems, such as electronic health or Internet of Battlefield / Military of Things, where poor convergence of the model could lead to catastrophic consequences. We evaluate the effectiveness of our proposed method on Windows, Ransomware, Internet of Things (IoT), and Android malware datasets using both static and dynamic analysis. For the IoT malware detection, we also present a comparative summary of the performance on an IoT-specific dataset of our proposed method and the standard stacked LSTM method. More specifically, our proposed method achieves an accuracy of 99.1% in detecting IoT malware samples, with AUC of 0.985 and MCC of 0.95; thus, outperforming standard LSTM-based methods in these key metrics.
机译:恶意软件检测是网络安全越来越重要的焦点,特别是鉴于这种威胁的快速速度(例如,每天推出的新恶意品种)。近年来,探讨了自动化和提高恶意软件检测和分析的有效性的机器学习技术的利益增加了兴趣。在本文中,我们将一个深度经常性神经网络解决方案作为堆叠的长短期存储器(LSTM),具有预先训练作为正则化方法,以避免随机网络初始化。在我们提出的方法中,我们使用输入的全局和短依赖关系。通过预培训,我们避免随机初始化,能够提高恶意软件威胁狩猎的准确性和稳健性。通过减少恶意软件操作码或字节码序列的长度,所提出的方法与堆叠的LSTM相比,加速了收敛。因此,减少了我们最终方法的复杂性。与具有类似检测时间的标准LSTM相比,这导致更好的准确性,更高的Mattews相关系数(MCC)和曲线(AUC)下的区域。我们所提出的方法可以应用于实时恶意软件威胁狩猎,特别是对于安全关键系统,例如电子健康或战场/军队互联网,模型的贫困会导致灾难性后果。我们使用静态和动态分析评估我们提出的方法对Windows,Ransomware,Internet(物联网)和Android恶意软件数据集的有效性。对于IoT恶意软件检测,我们还提供了我们所提出的方法和标准堆叠的LSTM方法的物联网特定数据集的性能的比较摘要。更具体地,我们的提出方法在检测物有所恶意软件样本中达到99.1%的准确性,AUC为0.985和MCC为0.95;因此,在这些关键指标中表现出基于标准的基于LSTM的方法。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号