Cargando…
FILM: Filtering and Machine Learning for Malware Detection in Edge Computing
Machine learning with static-analysis features extracted from malware files has been adopted to detect malware variants, which is desirable for resource-constrained edge computing and Internet-of-Things devices with sensors; however, this learned model suffers from a misclassification problem becaus...
Autores principales: | , , |
---|---|
Formato: | Online Artículo Texto |
Lenguaje: | English |
Publicado: |
MDPI
2022
|
Materias: | |
Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8949034/ https://www.ncbi.nlm.nih.gov/pubmed/35336322 http://dx.doi.org/10.3390/s22062150 |
_version_ | 1784674797824770048 |
---|---|
author | Kim, Young Jae Park, Chan-Hyeok Yoon, MyungKeun |
author_facet | Kim, Young Jae Park, Chan-Hyeok Yoon, MyungKeun |
author_sort | Kim, Young Jae |
collection | PubMed |
description | Machine learning with static-analysis features extracted from malware files has been adopted to detect malware variants, which is desirable for resource-constrained edge computing and Internet-of-Things devices with sensors; however, this learned model suffers from a misclassification problem because some malicious files have almost the same static-analysis features as benign ones. In this paper, we present a new detection method for edge computing that can utilize existing machine learning models to classify a suspicious file into either benign, malicious, or unpredictable categories while existing models make only a binary decision of either benign or malicious. The new method can utilize any existing deep learning models developed for malware detection after appending a simple sigmoid function to the models. When interpreting the sigmoid value during the testing phase, the new method determines if the model is confident about its prediction; therefore, the new method can take only the prediction of high accuracy, which reduces incorrect predictions on ambiguous static-analysis features. Through experiments on real malware datasets, we confirm that the new scheme significantly enhances the accuracy, precision, and recall of existing deep learning models. For example, the accuracy is enhanced from 0.96 to 0.99, while some files are classified as unpredictable that can be entrusted to the cloud for further dynamic or human analysis. |
format | Online Article Text |
id | pubmed-8949034 |
institution | National Center for Biotechnology Information |
language | English |
publishDate | 2022 |
publisher | MDPI |
record_format | MEDLINE/PubMed |
spelling | pubmed-89490342022-03-26 FILM: Filtering and Machine Learning for Malware Detection in Edge Computing Kim, Young Jae Park, Chan-Hyeok Yoon, MyungKeun Sensors (Basel) Article Machine learning with static-analysis features extracted from malware files has been adopted to detect malware variants, which is desirable for resource-constrained edge computing and Internet-of-Things devices with sensors; however, this learned model suffers from a misclassification problem because some malicious files have almost the same static-analysis features as benign ones. In this paper, we present a new detection method for edge computing that can utilize existing machine learning models to classify a suspicious file into either benign, malicious, or unpredictable categories while existing models make only a binary decision of either benign or malicious. The new method can utilize any existing deep learning models developed for malware detection after appending a simple sigmoid function to the models. When interpreting the sigmoid value during the testing phase, the new method determines if the model is confident about its prediction; therefore, the new method can take only the prediction of high accuracy, which reduces incorrect predictions on ambiguous static-analysis features. Through experiments on real malware datasets, we confirm that the new scheme significantly enhances the accuracy, precision, and recall of existing deep learning models. For example, the accuracy is enhanced from 0.96 to 0.99, while some files are classified as unpredictable that can be entrusted to the cloud for further dynamic or human analysis. MDPI 2022-03-10 /pmc/articles/PMC8949034/ /pubmed/35336322 http://dx.doi.org/10.3390/s22062150 Text en © 2022 by the authors. https://creativecommons.org/licenses/by/4.0/Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/). |
spellingShingle | Article Kim, Young Jae Park, Chan-Hyeok Yoon, MyungKeun FILM: Filtering and Machine Learning for Malware Detection in Edge Computing |
title | FILM: Filtering and Machine Learning for Malware Detection in Edge Computing |
title_full | FILM: Filtering and Machine Learning for Malware Detection in Edge Computing |
title_fullStr | FILM: Filtering and Machine Learning for Malware Detection in Edge Computing |
title_full_unstemmed | FILM: Filtering and Machine Learning for Malware Detection in Edge Computing |
title_short | FILM: Filtering and Machine Learning for Malware Detection in Edge Computing |
title_sort | film: filtering and machine learning for malware detection in edge computing |
topic | Article |
url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8949034/ https://www.ncbi.nlm.nih.gov/pubmed/35336322 http://dx.doi.org/10.3390/s22062150 |
work_keys_str_mv | AT kimyoungjae filmfilteringandmachinelearningformalwaredetectioninedgecomputing AT parkchanhyeok filmfilteringandmachinelearningformalwaredetectioninedgecomputing AT yoonmyungkeun filmfilteringandmachinelearningformalwaredetectioninedgecomputing |