Username   Password       Forgot your password?  Forgot your username? 


Cuckoo-based Malware Dynamic Analysis

Volume 15, Number 3, March 2019, pp. 772-781
DOI: 10.23940/ijpe.19.03.p6.772781

Lele Wanga, Binqiang Wanga, Jiangang Liub, Qiguang Miaoc, and Jianhui Zhanga

aNational Digital Switching System Engineering and Technological Research Center, Zhengzhou, 450002, China

bNanjing Information Technology Institute, Nanjing, 210000, China

cDepartment of Computer Science, Xidian University, Xi’an, 710071, China

(Submitted on October 20, 2018; Revised on November 21, 2018; Accepted on December 23, 2018)


Aiming at the problems of the huge number of malware currently in the big data environment, the insufficient ability of automatic malware analysis available, and the inefficiency of the classification of malicious attributes, in this paper, we propose a Cuckoo-based malware dynamic analysis system that can be extended, analyzed quickly, and has application value. The system proposes a semantic feature model based on deep learning, uses a deep recursive neural network model to describe the multi-layered aggregation relationship of program semantics, and builds a malware semantic aggregation model. The model can automatically complete the acquisition and analysis of behavioural features of unknown program samples and perform attribute discrimination on unknown program samples efficiently and accurately.


References: 28

  1. J. R. Xue, J. W. Fang, and P. Zhang, “A Survey of Scene Understanding by Event Reasoning in Autonomous Driving,” International Journal of Automation and Computing, Vol. 15, No. 3, pp. 1-18, 2018
  2. G. Hinton, S. Osindero, M. Welling, and Y. W. Teh, “Unsupervised Discovery of Nonlinear Structure using Contrastive Backpropagation,” Cognitive Science, Vol. 30, No. 4, pp. 725-731, 2006
  3. J. R. Bai, J. F. Wang, and Z. Q. Zhao, “Malware Detection Approach based on Structural Feature of PE File,” Computer Science, Vol. 40, No. 1, pp. 122-126, 2013
  4. A. Moser, C. Kruegel, and E. Kirda, “Limits of Static Analysis for Malware Detection,” in Proceedings of Twenty-third Annual Computer Security Applications Conference, pp. 421-430, 2007
  5. M. Egele, T. Scholte, E. Kirda, and C. Kruegel, “A Survey on Automated Dynamic Malware-Analysis Techniques and Tools,” ACM Computing Surveys, Vol. 44, No. 2, pp. 1-42, 2012
  6. U. Bayer, A. Moser, C. Kruegel, and E. Kirda, “Dynamic Analysis of Malicious Code,” Journal in Computer Virology, Vol. 2, No. 1, pp. 67-77, 2006
  7. C. Willems, T. Holz, and F. Freiling, “Toward Automated Dynamic Malware Analysis using CWsandbox,” IEEE Security & Privacy, Vol. 5, No. 2, pp. 32-39, 2007
  8. F. Ahmed, H. Hameed, M. Z. Shafiq, and M. Farooq, “Using Spatio-Temporal Information in API Calls with Machine Learning Algorithms for Malware Detection,” in Proceedings of ACM Workshop on Security and Artificial Intelligence, pp. 55-62, 2009
  9. J. Ouellette, A. Pfeffer, and A. Lakhotia, “Countering Malware Evolution using Cloud-Based Learning,” in Proceedings of International Conference on Malicious and Unwanted Software, pp. 85-94, 2013
  10. W. Rui, D. G. Feng, Y. Yi, and S. U. Pu-Rui, “Semantics-based Malware Behavior Signature Extraction and Detection Method,” Journal of Software, Vol. 23, No. 2, pp. 378-393, 2012
  11. Y. Li, R. Ma, and R. Jiao, “A Hybrid Malicious Code Detection Method based on Deep Learning,” International Journal of Software Engineering and its Applications, Vol. 9, No. 5, pp. 205-216, 2015
  12. L. I. Chun-Lin, Y. J. Huang, H. Wang, and C. X. Niu, “Detection of Network Intrusion based on Deep Learning,” in Proceedings of Information Security & Communications Privacy
  13. J. Watson, “VirtualBox: Bits and Bytes Masquerading as Machines,” Linux Journal, Vol. 2008, No. 166, 2008
  14. F. Bellard, “QEMU, A Fast and Portable Dynamic Translator,” in Proceedings of USENIX Annual Technical Conference, FREENIX Track, pp. 41-44, 2005
  15. C. Guarnieri, A. Tanasi, J. Bremer, and M. Schloesser, “The Cuckoo Sandbox,” (, 2012)
  16. J. Choi, H. Kim, C. Choi, and P. Kim, “Efficient Malicious Code Detection using N-gram Analysis and SVM,” in Proceedings of the 14th International Conference on Network-based Information Systems, Vol. 16, pp. 618-621, 2011
  17. E. Raff, R. Zak, R. Cox, J. Sylvester, P. Yacci, R. Ward, et al., “An Investigation of Byte N-gram Features for Malware Classification,” Journal of Computer Virology and Hacking Techniques, Vol. 14, No. 1, pp. 1-20, 2018
  18. R. Moskovitch, C. Feher, N. Tzachar, E. Berger, M. Gitelman, S. Dolev, et al., “Unknown Malcode Detection using OPCODE Representation,” in Proceedings of the First European Conference on Intelligence and Security Informatics, Vol. 5376, pp. 204-215, 2008
  19. A. A. E. Elhadi, M. A. Maarof, and A. H. Osman, “Malware Detection based on Hybrid Signature Behaviour Application Programming interface Call Graph,” American Journal of Applied Sciences, Vol. 9, No. 3, pp. 283-288, 2012
  20. P. Faruki, V. Laxmi, M. S. Gaur, and P. Vinod, “Mining Control Flow Graph as API Call-Grams to Detect Portable Executable Malware,” in Proceedings of the Fifth International Conference on Security of Information and Networks, pp. 130-137, ACM, October, 2012
  21. B. Anderson, D. Quist, J. Neil, C. Storlie, and T. Lane, “Graph-based Malware Detection using Dynamic Analysis,” Journal in Computer Virology, Vol. 7, No. 4, pp. 247-258, 2011
  22. S. Alam, I. Traore, and I. Sogukpinar, “Annotated Control Flow Graph for Metamorphic Malware Detection.,” The Computer Journal, Vol. 58, No. 10, pp. 2608-2621, 2015
  23. Y. Cao, Q. Miao, J. Liu, and L. Gao, “Abstracting Minimal Security-Relevant Behaviors for Malware Analysis,” Journal of Computer Virology and Hacking Techniques, Vol. 9, No. 4, pp. 193-204, 2013
  24. G. E. Hinton, “Learning Distributed Representations of Concepts,” in Proceedings of the Eighth Annual Conference of the Cognitive Science Society, Vol. 1, pp. 12, 1986
  25. A. Mnih and G. Hinton, “Three New Graphical Models for Statistical Language Modeling,” in Proceedings of International Conference on Machine Learning, pp. 641-648, ACM, 2007
  26. A. Mnih and G. E. Hinton, “A Scalable Hierarchical Distributed Language Model,” Advances in Neural Information Processing Systems, pp. 1081-1088, 2009
  27. R. Socher, C. D. Manning, and A. Y. Ng, “Learning Continuous Phrase Representations and Syntactic Parsing with Recursive Neural Networks,” in Proceedings of the NIPS-2010 Deep Learning and Unsupervised Feature Learning Workshop, Vol. 2010, pp. 1-9, 2010
  28. R. Socher, A. Perelygin, J. Wu, J. Chuang, C. D. Manning, A. Ng, et al., “Recursive Deep Models for Semantic Compositionality over a Sentiment Treebank,” in Proceedings of the 2013 Conference on Empirical Methods in Natural Language Processing, pp. 1631-1642, 2013

Please note : You will need Adobe Acrobat viewer to view the full articles.Get Free Adobe Reader

This site uses encryption for transmitting your passwords.