An intellectual anti-malware scheme using advanced sequence analysis techniques

• Project/Area Number: 24700084
• Research Category: Grant-in-Aid for Young Scientists (B)
• Allocation Type: Multi-year Fund
• Research Field: Computer system/Network
• Research Institution: National Institute of Information and Communications Technology
• Principal Investigator: BAN Tao 独立行政法人情報通信研究機構, ネットワークセキュリティ研究所・サイバーセキュリティ研究室, 主任研究員 (80462878)
• Project Period (FY): 2012-04-01 – 2015-03-31
• Project Status: Completed (Fiscal Year 2014)
• Budget Amount: ¥4,420,000 (Direct Cost: ¥3,400,000、Indirect Cost: ¥1,020,000); Fiscal Year 2014: ¥910,000 (Direct Cost: ¥700,000、Indirect Cost: ¥210,000); Fiscal Year 2013: ¥1,040,000 (Direct Cost: ¥800,000、Indirect Cost: ¥240,000); Fiscal Year 2012: ¥2,470,000 (Direct Cost: ¥1,900,000、Indirect Cost: ¥570,000)
• Keywords: マルウェア解析 / 配列解析 / パッカー特定 / サポートベクトルマシン / カーネル関数 / スパムメール / サイバーセキュリティ / 機械学習 / スパムメール解析 / 分類器 / サポートベクターマシン / スペクトラムカーネル / アメリカ / イスラエル / ニュージーランド

Outline of Final Research Achievements

Research and development on computational intelligence techniques based on advanced sequence analysis are pursued in the aim of an analysis system that can detect polymorphic malware programs with good accuracy and efficiency. The newly proposed edit distance kernel function and spectrum kernel function make it possible to quantitatively evaluate the degree of similarity between sequences. Incorporating these kernel functions to the state-of-the-art classifiers, such as the support vector machine, renders the creation of a practical malware detection system possible. The proposed methods are evaluated using a database comprised of obfuscated programs generated by 25 types of packers. Their effectiveness and efficiency are illustrated by prediction accuracies over 99% and very quick system response time.

Research Products

• [Journal Article] PaddyFrog: Systematically Detecting Confused Deputy Vulnerability in Android Applications (2015)
  • Author(s): Jianliang Wu, Tingting Cui, Tao Ban, Shanqing Guo, Lizhen Cui
  • Journal Title: Security and Communication Networks Volume: 1179 Issue: 13 Pages: 2338-2349
  • DOI: 10.1002/sec.1179
  • Peer Reviewed
• [Journal Article] An Online Malicious Spam Email Detection System Using Resource Allocating Network with Locality Sensitive Hashing (2015)
  • Author(s): Ali Siti Hajar Aminah, Seiichi Ozawa, Tao Ban, Junji Nakazato, and Jumpei Shimamura
  • Journal Title: Journal of Intelligent Learning Systems and Application Volume: 7 (2) Issue: 02 Pages: 42-57
  • DOI: 10.4236/jilsa.2015.72005
  • Peer Reviewed / Open Access / Acknowledgement Compliant
• [Journal Article] A Learner-Independent Knowledge Transfer Approach to Multi-task Learning (2014)
  • Author(s): Shaoning Pang, Fan Liu, Youki Kadobayashi, Tao Ban, Daisuke Inoue
  • Journal Title: Cognitive Computation Volume: 6 Issue: 3 Pages: 304-320
  • DOI: 10.1007/s12559-013-9238-8
  • Peer Reviewed / Open Access
• [Journal Article] An Accurate Packer Identification Method Using Support Vector Machine (2014)
  • Author(s): Ryoichi Isawa, Tao Ban, Shanqing Guo, Daisuke Inoue, Koji Nakao
  • Journal Title: IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences Volume: E97.A Issue: 1 Pages: 253-263
  • DOI: 10.1587/transfun.E97.A.253
  • NAID: 130003385351
  • ISSN: 0916-8508, 1745-1337
  • Peer Reviewed
• [Journal Article] The Effects of Different Representations on Static Structure Analysis of Computer Malware Signatures (2013)
  • Author(s): Ajit Narayanan, Yi Chen, Shaoning Pang, Tao Ban
  • Journal Title: The Scientific World Journal Volume: 2013 Issue: 1 Pages: 1-8
  • DOI: 10.1155/2013/671096
  • Peer Reviewed
• [Journal Article] A Packer Identification Method using Support Vector Machine with High Accuracy (2013)
  • Author(s): Ryoichi ISAWA, Tao BAN, Shanqing GUO, Daisuke INOUE, and Koji NAKAO
  • Journal Title: IEICE Transactions on Fundamentals Volume: 未定
  • Peer Reviewed
• [Presentation] A Study on Association Rule Mining of Darknet Big Data (2015)
  • Author(s): Tao Ban, Masashi Eto, Shanqing Guo, Daisuke Inoue, Koji Nakao, Runhe Huang
  • Organizer: The International Joint Conference on Neural Networks, 2015
  • Place of Presentation: Kilarney, Ireland
  • Year and Date: 2015-07-12 – 2015-07-17
• [Presentation] A Federated Network Online Network Traffics Analysis Engine for Cybersecurity (2015)
  • Author(s): Shaoning Pang, Yiming Peng, Tao Ban, Daisuke Inou, Abdolhossein Sarrafzadeh
  • Organizer: The International Joint Conference on Neural Networks, 2015
  • Place of Presentation: Kilarney, Ireland
  • Year and Date: 2015-07-12 – 2015-07-17
• [Presentation] An Autonomous Online Malicious Spam Mail Detection System Using Extended RBF Network (2015)
  • Author(s): Aminah Ali Siti Hajar, Seiichi Ozawa, Junji Nakazato, Tao Ban, Jumpei Shimamura
  • Organizer: The International Joint Conference on Neural Networks, 2015
  • Place of Presentation: Kilarney, Ireland
  • Year and Date: 2015-07-12 – 2015-07-17
• [Presentation] Association Rule Mining for Big Darknet Traffic Data (2015)
  • Author(s): Tao Ban, Masashi Eto, Daisuke Inoue, Koji Nakao, Shaoning Pang
  • Organizer: 13th International Conference on Neuro-Computing and Evolving Intelligence 2015
  • Place of Presentation: Auckland, New Zealand
  • Year and Date: 2015-02-19 – 2015-02-20
• [Presentation] Detecting Malicious Spam Mails: An Online MachineLearning Approach (2014)
  • Author(s): Yuli Dai, Shunsuke Tada, Tao Ban, Junji Nakazato, Jumpei Shimamura, Seiichi Ozawa
  • Organizer: The 21st International Conference on Neural Information Processing
  • Place of Presentation: Kuching Sarawak, Malaysia
  • Year and Date: 2014-11-03 – 2014-11-06
• [Presentation] Smart Task Orderings for Active Online Multitask Learning (2014)
  • Author(s): Shaoning Pang, Jianbei An, Jane Zhao, Xiaosong Li, Tap Ban, Daisuke Inoue, Adolhossein Sarrafzadeh
  • Organizer: SIAM International Conference on Data Mining 2014 (SDM 2014 Workshop on Heterogeneous Learning)
  • Place of Presentation: Philadelphia, Pennsylvania, USA
  • Year and Date: 2014-04-24 – 2014-04-26
• [Presentation] スパムメールに対するオンライン悪性度判定システムの開発 (2014)
  • Author(s): 多田隼介、中里純二、班涛、小澤誠一
  • Organizer: 暗号と情報セキュリティシンポジウム(SCIS2014)
  • Place of Presentation: 鹿児島県鹿児島市城山観光ホテル
• [Presentation] メール転送経路に着目したスパムメール分析 (2014)
  • Author(s): 中里純二、班涛、島村隼平、衛藤将史、井上大介、中尾康二
  • Organizer: 情報通信セキュリティ研究会(ICSS)
  • Place of Presentation: 沖縄県名護市名桜大学
• [Presentation] Application of String Kernel based Support Vector Machine for Malware Packer Identification (2013)
  • Author(s): Tao Ban, Ryoichi Isawa, Shanqing Guo, Daisuke Inoue, Koji Nakao
  • Organizer: International Joint Conference on Neural Networks 2013
  • Place of Presentation: Faremont Hotel, Dallas, Texas, U.S.
• [Presentation] Efficient Malware Packer Identification Using Support Vector Machines with Spectrum Kernel (2013)
  • Author(s): Tao Ban, Ryoichi Isawa, Shanqing Guo, Daisuke Inoue, Koji Nakao
  • Organizer: The 8th Asia Joint Conference on Information Security
  • Place of Presentation: Korean Federation of Science and Technology Societies, Seoul, Korea
• [Presentation] Application of String Kernel based Support Vector Machine for Malware Packer Identification (2013)
  • Author(s): Tao BAN, Ryoichi ISAWA, Shanqing GUO, Daisuke INOUE, and Koji NAKAO
  • Organizer: International Joint Conference on Neural Networks
  • Place of Presentation: Fairmont Hotel, Dallas, Texas, U.S.