Presentation is loading. Please wait.

Presentation is loading. Please wait.

Technische Universität München Yulia Gembarzhevskaya LARGE-SCALE MALWARE CLASSIFICATON USING RANDOM PROJECTIONS AND NEURAL NETWORKS Technische Universität.

Published byLester Caldwell Modified over 8 years ago

Similar presentations

Presentation on theme: "Technische Universität München Yulia Gembarzhevskaya LARGE-SCALE MALWARE CLASSIFICATON USING RANDOM PROJECTIONS AND NEURAL NETWORKS Technische Universität."— Presentation transcript:

1 Technische Universität München Yulia Gembarzhevskaya LARGE-SCALE MALWARE CLASSIFICATON USING RANDOM PROJECTIONS AND NEURAL NETWORKS Technische Universität München Large Scale Malware Analysis Master’s Seminar SS 2016 Presented by Yulia Gembarzhevskaya 10.05.2016 LARGE-SCALE MALWARE CLASSIFICATION USING RANDOM PROJECTIONS AND NEURAL NETWORKS

2 Technische Universität München Yulia Gembarzhevskaya LARGE-SCALE MALWARE CLASSIFICATON USING RANDOM PROJECTIONS AND NEURAL NETWORKS Problem: automated malware detection 2 Retrieved from http://mediad.publicbroadcasting.net/p/krcb/files/styles/x_large/public/201407/antivirus- protection.jpg

3 Technische Universität München Yulia Gembarzhevskaya LARGE-SCALE MALWARE CLASSIFICATON USING RANDOM PROJECTIONS AND NEURAL NETWORKS Solution: 3 Retrieved from http://www.kdnuggets.com/wp-content/uploads/Machine-Learning1.jpg

4 Technische Universität München Yulia Gembarzhevskaya LARGE-SCALE MALWARE CLASSIFICATON USING RANDOM PROJECTIONS AND NEURAL NETWORKS Challenges: Low false positive rate Low false negative rate Malware family Huge number of features 4

5 Technische Universität München Yulia Gembarzhevskaya LARGE-SCALE MALWARE CLASSIFICATON USING RANDOM PROJECTIONS AND NEURAL NETWORKS The contributions of this paper: 5

6 Technische Universität München Yulia Gembarzhevskaya LARGE-SCALE MALWARE CLASSIFICATON USING RANDOM PROJECTIONS AND NEURAL NETWORKS A large-scale system Implementation of a system that is able to classify unknown files with random projections and neural networks The contributions of this paper: 6

7 Technische Universität München Yulia Gembarzhevskaya LARGE-SCALE MALWARE CLASSIFICATON USING RANDOM PROJECTIONS AND NEURAL NETWORKS Random projections are used to reduce the dimensionality of the input space. PCA via random projections The contributions of this paper: 7

8 Technische Universität München Yulia Gembarzhevskaya LARGE-SCALE MALWARE CLASSIFICATON USING RANDOM PROJECTIONS AND NEURAL NETWORKS 8 The contributions of this paper:

9 Technische Universität München Yulia Gembarzhevskaya LARGE-SCALE MALWARE CLASSIFICATON USING RANDOM PROJECTIONS AND NEURAL NETWORKS 9 Neural Network Classifier Random Projections Labeled Data Malware Classifier:

10 Technische Universität München Yulia Gembarzhevskaya LARGE-SCALE MALWARE CLASSIFICATON USING RANDOM PROJECTIONS AND NEURAL NETWORKS 10 Dataset: 2.6 million files 1,843,359 malicious 817,485 benign 134 malware families generic malware class

11 Technische Universität München Yulia Gembarzhevskaya LARGE-SCALE MALWARE CLASSIFICATON USING RANDOM PROJECTIONS AND NEURAL NETWORKS 11 3 types of features > 50 million possible features 179 thousand sparse binary features All of the distinct combinations of the three attribute sets Feature selection using mutual information Features: “Mutual information measures how much information the presence/absence of a term contributes to making the correct classification decision” [4]

12 Technische Universität München Yulia Gembarzhevskaya LARGE-SCALE MALWARE CLASSIFICATON USING RANDOM PROJECTIONS AND NEURAL NETWORKS 12 Random projections: = P X R n k k d d n [ 1 ] “An approximate algorithm for estimating distances between pairs of points in a high-dimensional vector space” [3]

13 Technische Universität München Yulia Gembarzhevskaya LARGE-SCALE MALWARE CLASSIFICATON USING RANDOM PROJECTIONS AND NEURAL NETWORKS 13 Classifiers: Logistic regression Neural networks All features Random projections With pre- training Without pre- training One-Layer NN Three-Layer NN Two-Layer NN One-Layer NN Two-Layer NN

14 Technische Universität München Yulia Gembarzhevskaya LARGE-SCALE MALWARE CLASSIFICATON USING RANDOM PROJECTIONS AND NEURAL NETWORKS 14 179 000 Sparse Binary Inputs 4000 Linear Units Sigmoid Hidden Units 136-Way Softmax Output Proposed Neural Network Architecture for Malware Classification Training

15 Technische Universität München Yulia Gembarzhevskaya LARGE-SCALE MALWARE CLASSIFICATON USING RANDOM PROJECTIONS AND NEURAL NETWORKS 15 Experimental results: [2] Method Test Error, % Test Two- Class Error,% FPR, % FNR, % Training Time(min) Logistic Regression All features 11.70.861.490.601872 Logistic Regression Random projections 12.371.272.410.80105.7 One-Layer NN without Pre- training 9.530.490.830.35167.1 One-Layer NN with Pre-training 9.760.500.900.34287.0 Two-Layer NN without Pre- training 9.550.500.850.35244.0 Two-Layer NN with Pre-training 9.830.540.980.36402.3 Three-Layer NN without Pre- training 9.740.510.870.36215.0

16 Technische Universität München Yulia Gembarzhevskaya LARGE-SCALE MALWARE CLASSIFICATON USING RANDOM PROJECTIONS AND NEURAL NETWORKS 16 Error rates with Different Random Projection Sizes: Logistic regression Neural networks [2]

17 Technische Universität München Yulia Gembarzhevskaya LARGE-SCALE MALWARE CLASSIFICATON USING RANDOM PROJECTIONS AND NEURAL NETWORKS 17 Error Rates for Neural Networks with Number of Hidden Units: [2]

18 Technische Universität München Yulia Gembarzhevskaya LARGE-SCALE MALWARE CLASSIFICATON USING RANDOM PROJECTIONS AND NEURAL NETWORKS 18 Conclusion: Novel, large-scale malware classification system utilizes random projections 43% reduction in the error rate compared to logistic regression with all features 0.49% two-class error rate for one-layer NN and 0.42% for the ensemble of NN < 3 hours to train 2.6 million examples no benefits by employing pre-training and adding additional hidden layers

19 Technische Universität München Yulia Gembarzhevskaya LARGE-SCALE MALWARE CLASSIFICATON USING RANDOM PROJECTIONS AND NEURAL NETWORKS References 19 [1]http://www.tellusa.net/index.php/tellusa/article/viewFile/25274/36301/138 957 [2] George E. Dahl and Jack W. Stokes, Li Deng, Dong Yu, “Large-scale malware classification using random projections and neural networks”, 2013. 2013 IEEE International Conference on Acoustics, Speech and Signal Processing, 26-31 May 2013, pp. 3422-3426 2013. 2013 IEEE International Conference on Acoustics, Speech and Signal Processing [3] Ping Li, Trevor J. Hastie, and Kenneth W. Church, “Very sparse random projections,” in Proceedings of the 12th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (2006), 2006, pp. 287–296. [4] Christopher D. Manning, Prabhakar Raghavan, and Hinrich Schutze, An Introduction to Information Retrieval, Cambridge University Press, 2009.

Download ppt "Technische Universität München Yulia Gembarzhevskaya LARGE-SCALE MALWARE CLASSIFICATON USING RANDOM PROJECTIONS AND NEURAL NETWORKS Technische Universität."

Similar presentations

G53MLE | Machine Learning | Dr Guoping Qiu

G53MLE | Machine Learning | Dr Guoping Qiu
ETHEM ALPAYDIN © The MIT Press, 2010 Lecture Slides for.

ETHEM ALPAYDIN © The MIT Press, Lecture Slides for.
For Wednesday Read chapter 19, sections 1-3 No homework.

For Wednesday Read chapter 19, sections 1-3 No homework.
Data Mining Classification: Alternative Techniques

Data Mining Classification: Alternative Techniques
Artificial neural networks

Artificial neural networks
Support Vector Machines

Support Vector Machines
CSCI 347 / CS 4206: Data Mining Module 07: Implementations Topic 03: Linear Models.

CSCI 347 / CS 4206: Data Mining Module 07: Implementations Topic 03: Linear Models.
CVPR2013 Poster Representing Videos using Mid-level Discriminative Patches.

CVPR2013 Poster Representing Videos using Mid-level Discriminative Patches.
On-Line Probabilistic Classification with Particle Filters Pedro Højen-Sørensen, Nando de Freitas, and Torgen Fog, Proceedings of the IEEE International.

On-Line Probabilistic Classification with Particle Filters Pedro Højen-Sørensen, Nando de Freitas, and Torgen Fog, Proceedings of the IEEE International.
AN INVESTIGATION OF DEEP NEURAL NETWORKS FOR NOISE ROBUST SPEECH RECOGNITION Michael L. Seltzer, Dong Yu Yongqiang Wang ICASSP 2013 Presenter : 張庭豪.

AN INVESTIGATION OF DEEP NEURAL NETWORKS FOR NOISE ROBUST SPEECH RECOGNITION Michael L. Seltzer, Dong Yu Yongqiang Wang ICASSP 2013 Presenter : 張庭豪.
1 Learning Semantics-Preserving Distance Metrics for Clustering Graphical Data Aparna S. Varde, Elke A. Rundensteiner, Carolina Ruiz, Mohammed Maniruzzaman.

1 Learning Semantics-Preserving Distance Metrics for Clustering Graphical Data Aparna S. Varde, Elke A. Rundensteiner, Carolina Ruiz, Mohammed Maniruzzaman.
1 Learning to Detect Objects in Images via a Sparse, Part-Based Representation S. Agarwal, A. Awan and D. Roth IEEE Transactions on Pattern Analysis and.

1 Learning to Detect Objects in Images via a Sparse, Part-Based Representation S. Agarwal, A. Awan and D. Roth IEEE Transactions on Pattern Analysis and.
Distributed Representations of Sentences and Documents

Distributed Representations of Sentences and Documents
CSCI 347 / CS 4206: Data Mining Module 04: Algorithms Topic 06: Regression.

CSCI 347 / CS 4206: Data Mining Module 04: Algorithms Topic 06: Regression.
Machine Learning Usman Roshan Dept. of Computer Science NJIT.

Machine Learning Usman Roshan Dept. of Computer Science NJIT.
Automated malware classification based on network behavior

Automated malware classification based on network behavior
Combining Supervised and Unsupervised Learning for Zero-Day Malware Detection © 2013 Narus, Inc. Prakash Comar 1 Lei Liu 1 Sabyasachi (Saby) Saha 2 Pang-Ning.

Combining Supervised and Unsupervised Learning for Zero-Day Malware Detection © 2013 Narus, Inc. Prakash Comar 1 Lei Liu 1 Sabyasachi (Saby) Saha 2 Pang-Ning.
Presented by: Kamakhaya Argulewar Guided by: Prof. Shweta V. Jain

Presented by: Kamakhaya Argulewar Guided by: Prof. Shweta V. Jain
Intrusion Detection Using Hybrid Neural Networks Vishal Sevani (07405010)

Intrusion Detection Using Hybrid Neural Networks Vishal Sevani ( )
Appendix B: An Example of Back-propagation algorithm

Appendix B: An Example of Back-propagation algorithm

Similar presentations

Ads by Google