Technische Universität München Yulia Gembarzhevskaya LARGE-SCALE MALWARE CLASSIFICATON USING RANDOM PROJECTIONS AND NEURAL NETWORKS Technische Universität.

Slides:



Advertisements
Similar presentations
G53MLE | Machine Learning | Dr Guoping Qiu
Advertisements

ETHEM ALPAYDIN © The MIT Press, Lecture Slides for.
For Wednesday Read chapter 19, sections 1-3 No homework.
Data Mining Classification: Alternative Techniques
Artificial neural networks
Support Vector Machines
CSCI 347 / CS 4206: Data Mining Module 07: Implementations Topic 03: Linear Models.
CVPR2013 Poster Representing Videos using Mid-level Discriminative Patches.
On-Line Probabilistic Classification with Particle Filters Pedro Højen-Sørensen, Nando de Freitas, and Torgen Fog, Proceedings of the IEEE International.
AN INVESTIGATION OF DEEP NEURAL NETWORKS FOR NOISE ROBUST SPEECH RECOGNITION Michael L. Seltzer, Dong Yu Yongqiang Wang ICASSP 2013 Presenter : 張庭豪.
1 Learning Semantics-Preserving Distance Metrics for Clustering Graphical Data Aparna S. Varde, Elke A. Rundensteiner, Carolina Ruiz, Mohammed Maniruzzaman.
1 Learning to Detect Objects in Images via a Sparse, Part-Based Representation S. Agarwal, A. Awan and D. Roth IEEE Transactions on Pattern Analysis and.
Distributed Representations of Sentences and Documents
CSCI 347 / CS 4206: Data Mining Module 04: Algorithms Topic 06: Regression.
Machine Learning Usman Roshan Dept. of Computer Science NJIT.
Automated malware classification based on network behavior
Combining Supervised and Unsupervised Learning for Zero-Day Malware Detection © 2013 Narus, Inc. Prakash Comar 1 Lei Liu 1 Sabyasachi (Saby) Saha 2 Pang-Ning.
Presented by: Kamakhaya Argulewar Guided by: Prof. Shweta V. Jain
Intrusion Detection Using Hybrid Neural Networks Vishal Sevani ( )
Appendix B: An Example of Back-propagation algorithm
Rotation Invariant Neural-Network Based Face Detection
Classification / Regression Neural Networks 2
Introduction to machine learning and data mining 1 iCSC2014, Juan López González, University of Oviedo Introduction to machine learning Juan López González.
COMPARISON OF IMAGE ANALYSIS FOR THAI HANDWRITTEN CHARACTER RECOGNITION Olarik Surinta, chatklaw Jareanpon Department of Management Information System.
ECE738 Advanced Image Processing Face Detection IEEE Trans. PAMI, July 1997.
Exploiting Context Analysis for Combining Multiple Entity Resolution Systems -Ramu Bandaru Zhaoqi Chen Dmitri V.kalashnikov Sharad Mehrotra.
BAGGING ALGORITHM, ONLINE BOOSTING AND VISION Se – Hoon Park.
Linear Discrimination Reading: Chapter 2 of textbook.
Gang WangDerek HoiemDavid Forsyth. INTRODUCTION APROACH (implement detail) EXPERIMENTS CONCLUSION.
Project 11: Determining the Intrinsic Dimensionality of a Distribution Okke Formsma, Nicolas Roussis and Per Løwenborg.
CSSE463: Image Recognition Day 14 Lab due Weds, 3:25. Lab due Weds, 3:25. My solutions assume that you don't threshold the shapes.ppt image. My solutions.
Consensus Group Stable Feature Selection
© Devi Parikh 2008 Devi Parikh and Tsuhan Chen Carnegie Mellon University April 3, ICASSP 2008 Bringing Diverse Classifiers to Common Grounds: dtransform.
CHAPTER 10: Logistic Regression. Binary classification Two classes Y = {0,1} Goal is to learn how to correctly classify the input into one of these two.
Data Mining and Decision Support
Finding τ → μ−μ−μ+ Decays at LHCb with Data Mining Algorithms
Combining multiple learners Usman Roshan. Decision tree From Alpaydin, 2010.
A Parallel Mixture of SVMs for Very Large Scale Problems Ronan Collobert Samy Bengio Yoshua Bengio Prepared : S.Y.C. Neural Information Processing Systems,
Mete Ozay, Fatos T. Yarman Vural —Presented by Tianxiao Jiang
Neural Networks The Elements of Statistical Learning, Chapter 12 Presented by Nick Rizzolo.
Rich feature hierarchies for accurate object detection and semantic segmentation 2014 IEEE Conference on Computer Vision and Pattern Recognition Ross Girshick,
Mining Concept-Drifting Data Streams Using Ensemble Classifiers Haixun Wang Wei Fan Philip S. YU Jiawei Han Proc. 9 th ACM SIGKDD Internal Conf. Knowledge.
Unveiling Zeus Automated Classification of Malware Samples Abedelaziz Mohaisen Omar Alrawi Verisign Inc, VA, USA Verisign Labs, VA, USA
Roughly overview of Support vector machines Reference: 1.Support vector machines and machine learning on documents. Christopher D. Manning, Prabhakar Raghavan.
Machine Learning Usman Roshan Dept. of Computer Science NJIT.
Automatic Classification of Audio Data by Carlos H. L. Costa, Jaime D. Valle, Ro L. Koerich IEEE International Conference on Systems, Man, and Cybernetics.
Usman Roshan Dept. of Computer Science NJIT
Neural networks and support vector machines
Deep Feedforward Networks
Syntax-based Deep Matching of Short Texts
One-layer neural networks Approximation problems
BotCatch: A Behavior and Signature Correlated Bot Detection Approach
Announcements HW4 due today (11:59pm) HW5 out today (due 11/17 11:59pm)
Supervised Learning Seminar Social Media Mining University UC3M
RECURRENT NEURAL NETWORKS FOR VOICE ACTIVITY DETECTION
CAMCOS Report Day December 9th, 2015 San Jose State University
Deep Learning Hierarchical Representations for Image Steganalysis
Deep learning Introduction Classes of Deep Learning Networks
By: Behrouz Rostami, Zeyun Yu Electrical Engineering Department
Adversarial Evasion-Resilient Hardware Malware Detectors
RHMD: Evasion-Resilient Hardware Malware Detectors
Classification Boundaries
Somi Jacob and Christian Bach
Earthen Mounds Recognition Using LiDAR Images
Neural networks (3) Regularization Autoencoder
Machine Learning – a Probabilistic Perspective
Modeling IDS using hybrid intelligent systems
Machine Learning.
Low-Rank Sparse Feature Selection for Patient Similarity Learning
What is Artificial Intelligence?
Presentation transcript:

Technische Universität München Yulia Gembarzhevskaya LARGE-SCALE MALWARE CLASSIFICATON USING RANDOM PROJECTIONS AND NEURAL NETWORKS Technische Universität München Large Scale Malware Analysis Master’s Seminar SS 2016 Presented by Yulia Gembarzhevskaya LARGE-SCALE MALWARE CLASSIFICATION USING RANDOM PROJECTIONS AND NEURAL NETWORKS

Technische Universität München Yulia Gembarzhevskaya LARGE-SCALE MALWARE CLASSIFICATON USING RANDOM PROJECTIONS AND NEURAL NETWORKS Problem: automated malware detection 2 Retrieved from protection.jpg

Technische Universität München Yulia Gembarzhevskaya LARGE-SCALE MALWARE CLASSIFICATON USING RANDOM PROJECTIONS AND NEURAL NETWORKS Solution: 3 Retrieved from

Technische Universität München Yulia Gembarzhevskaya LARGE-SCALE MALWARE CLASSIFICATON USING RANDOM PROJECTIONS AND NEURAL NETWORKS Challenges: Low false positive rate Low false negative rate Malware family Huge number of features 4

Technische Universität München Yulia Gembarzhevskaya LARGE-SCALE MALWARE CLASSIFICATON USING RANDOM PROJECTIONS AND NEURAL NETWORKS The contributions of this paper: 5

Technische Universität München Yulia Gembarzhevskaya LARGE-SCALE MALWARE CLASSIFICATON USING RANDOM PROJECTIONS AND NEURAL NETWORKS A large-scale system Implementation of a system that is able to classify unknown files with random projections and neural networks The contributions of this paper: 6

Technische Universität München Yulia Gembarzhevskaya LARGE-SCALE MALWARE CLASSIFICATON USING RANDOM PROJECTIONS AND NEURAL NETWORKS Random projections are used to reduce the dimensionality of the input space. PCA via random projections The contributions of this paper: 7

Technische Universität München Yulia Gembarzhevskaya LARGE-SCALE MALWARE CLASSIFICATON USING RANDOM PROJECTIONS AND NEURAL NETWORKS 8 The contributions of this paper:

Technische Universität München Yulia Gembarzhevskaya LARGE-SCALE MALWARE CLASSIFICATON USING RANDOM PROJECTIONS AND NEURAL NETWORKS 9 Neural Network Classifier Random Projections Labeled Data Malware Classifier:

Technische Universität München Yulia Gembarzhevskaya LARGE-SCALE MALWARE CLASSIFICATON USING RANDOM PROJECTIONS AND NEURAL NETWORKS 10 Dataset: 2.6 million files 1,843,359 malicious 817,485 benign 134 malware families generic malware class

Technische Universität München Yulia Gembarzhevskaya LARGE-SCALE MALWARE CLASSIFICATON USING RANDOM PROJECTIONS AND NEURAL NETWORKS 11 3 types of features > 50 million possible features 179 thousand sparse binary features All of the distinct combinations of the three attribute sets Feature selection using mutual information Features: “Mutual information measures how much information the presence/absence of a term contributes to making the correct classification decision” [4]

Technische Universität München Yulia Gembarzhevskaya LARGE-SCALE MALWARE CLASSIFICATON USING RANDOM PROJECTIONS AND NEURAL NETWORKS 12 Random projections: = P X R n k k d d n [ 1 ] “An approximate algorithm for estimating distances between pairs of points in a high-dimensional vector space” [3]

Technische Universität München Yulia Gembarzhevskaya LARGE-SCALE MALWARE CLASSIFICATON USING RANDOM PROJECTIONS AND NEURAL NETWORKS 13 Classifiers: Logistic regression Neural networks All features Random projections With pre- training Without pre- training One-Layer NN Three-Layer NN Two-Layer NN One-Layer NN Two-Layer NN

Technische Universität München Yulia Gembarzhevskaya LARGE-SCALE MALWARE CLASSIFICATON USING RANDOM PROJECTIONS AND NEURAL NETWORKS Sparse Binary Inputs 4000 Linear Units Sigmoid Hidden Units 136-Way Softmax Output Proposed Neural Network Architecture for Malware Classification Training

Technische Universität München Yulia Gembarzhevskaya LARGE-SCALE MALWARE CLASSIFICATON USING RANDOM PROJECTIONS AND NEURAL NETWORKS 15 Experimental results: [2] Method Test Error, % Test Two- Class Error,% FPR, % FNR, % Training Time(min) Logistic Regression All features Logistic Regression Random projections One-Layer NN without Pre- training One-Layer NN with Pre-training Two-Layer NN without Pre- training Two-Layer NN with Pre-training Three-Layer NN without Pre- training

Technische Universität München Yulia Gembarzhevskaya LARGE-SCALE MALWARE CLASSIFICATON USING RANDOM PROJECTIONS AND NEURAL NETWORKS 16 Error rates with Different Random Projection Sizes: Logistic regression Neural networks [2]

Technische Universität München Yulia Gembarzhevskaya LARGE-SCALE MALWARE CLASSIFICATON USING RANDOM PROJECTIONS AND NEURAL NETWORKS 17 Error Rates for Neural Networks with Number of Hidden Units: [2]

Technische Universität München Yulia Gembarzhevskaya LARGE-SCALE MALWARE CLASSIFICATON USING RANDOM PROJECTIONS AND NEURAL NETWORKS 18 Conclusion: Novel, large-scale malware classification system utilizes random projections 43% reduction in the error rate compared to logistic regression with all features 0.49% two-class error rate for one-layer NN and 0.42% for the ensemble of NN < 3 hours to train 2.6 million examples no benefits by employing pre-training and adding additional hidden layers

Technische Universität München Yulia Gembarzhevskaya LARGE-SCALE MALWARE CLASSIFICATON USING RANDOM PROJECTIONS AND NEURAL NETWORKS References 19 [1] 957 [2] George E. Dahl and Jack W. Stokes, Li Deng, Dong Yu, “Large-scale malware classification using random projections and neural networks”, IEEE International Conference on Acoustics, Speech and Signal Processing, May 2013, pp IEEE International Conference on Acoustics, Speech and Signal Processing [3] Ping Li, Trevor J. Hastie, and Kenneth W. Church, “Very sparse random projections,” in Proceedings of the 12th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (2006), 2006, pp. 287–296. [4] Christopher D. Manning, Prabhakar Raghavan, and Hinrich Schutze, An Introduction to Information Retrieval, Cambridge University Press, 2009.