Cargando…

FILM: Filtering and Machine Learning for Malware Detection in Edge Computing

Machine learning with static-analysis features extracted from malware files has been adopted to detect malware variants, which is desirable for resource-constrained edge computing and Internet-of-Things devices with sensors; however, this learned model suffers from a misclassification problem becaus...

Descripción completa

Detalles Bibliográficos
Autores principales: Kim, Young Jae, Park, Chan-Hyeok, Yoon, MyungKeun
Formato: Online Artículo Texto
Lenguaje:English
Publicado: MDPI 2022
Materias:
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8949034/
https://www.ncbi.nlm.nih.gov/pubmed/35336322
http://dx.doi.org/10.3390/s22062150
_version_ 1784674797824770048
author Kim, Young Jae
Park, Chan-Hyeok
Yoon, MyungKeun
author_facet Kim, Young Jae
Park, Chan-Hyeok
Yoon, MyungKeun
author_sort Kim, Young Jae
collection PubMed
description Machine learning with static-analysis features extracted from malware files has been adopted to detect malware variants, which is desirable for resource-constrained edge computing and Internet-of-Things devices with sensors; however, this learned model suffers from a misclassification problem because some malicious files have almost the same static-analysis features as benign ones. In this paper, we present a new detection method for edge computing that can utilize existing machine learning models to classify a suspicious file into either benign, malicious, or unpredictable categories while existing models make only a binary decision of either benign or malicious. The new method can utilize any existing deep learning models developed for malware detection after appending a simple sigmoid function to the models. When interpreting the sigmoid value during the testing phase, the new method determines if the model is confident about its prediction; therefore, the new method can take only the prediction of high accuracy, which reduces incorrect predictions on ambiguous static-analysis features. Through experiments on real malware datasets, we confirm that the new scheme significantly enhances the accuracy, precision, and recall of existing deep learning models. For example, the accuracy is enhanced from 0.96 to 0.99, while some files are classified as unpredictable that can be entrusted to the cloud for further dynamic or human analysis.
format Online
Article
Text
id pubmed-8949034
institution National Center for Biotechnology Information
language English
publishDate 2022
publisher MDPI
record_format MEDLINE/PubMed
spelling pubmed-89490342022-03-26 FILM: Filtering and Machine Learning for Malware Detection in Edge Computing Kim, Young Jae Park, Chan-Hyeok Yoon, MyungKeun Sensors (Basel) Article Machine learning with static-analysis features extracted from malware files has been adopted to detect malware variants, which is desirable for resource-constrained edge computing and Internet-of-Things devices with sensors; however, this learned model suffers from a misclassification problem because some malicious files have almost the same static-analysis features as benign ones. In this paper, we present a new detection method for edge computing that can utilize existing machine learning models to classify a suspicious file into either benign, malicious, or unpredictable categories while existing models make only a binary decision of either benign or malicious. The new method can utilize any existing deep learning models developed for malware detection after appending a simple sigmoid function to the models. When interpreting the sigmoid value during the testing phase, the new method determines if the model is confident about its prediction; therefore, the new method can take only the prediction of high accuracy, which reduces incorrect predictions on ambiguous static-analysis features. Through experiments on real malware datasets, we confirm that the new scheme significantly enhances the accuracy, precision, and recall of existing deep learning models. For example, the accuracy is enhanced from 0.96 to 0.99, while some files are classified as unpredictable that can be entrusted to the cloud for further dynamic or human analysis. MDPI 2022-03-10 /pmc/articles/PMC8949034/ /pubmed/35336322 http://dx.doi.org/10.3390/s22062150 Text en © 2022 by the authors. https://creativecommons.org/licenses/by/4.0/Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
spellingShingle Article
Kim, Young Jae
Park, Chan-Hyeok
Yoon, MyungKeun
FILM: Filtering and Machine Learning for Malware Detection in Edge Computing
title FILM: Filtering and Machine Learning for Malware Detection in Edge Computing
title_full FILM: Filtering and Machine Learning for Malware Detection in Edge Computing
title_fullStr FILM: Filtering and Machine Learning for Malware Detection in Edge Computing
title_full_unstemmed FILM: Filtering and Machine Learning for Malware Detection in Edge Computing
title_short FILM: Filtering and Machine Learning for Malware Detection in Edge Computing
title_sort film: filtering and machine learning for malware detection in edge computing
topic Article
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8949034/
https://www.ncbi.nlm.nih.gov/pubmed/35336322
http://dx.doi.org/10.3390/s22062150
work_keys_str_mv AT kimyoungjae filmfilteringandmachinelearningformalwaredetectioninedgecomputing
AT parkchanhyeok filmfilteringandmachinelearningformalwaredetectioninedgecomputing
AT yoonmyungkeun filmfilteringandmachinelearningformalwaredetectioninedgecomputing