Cryptocurrency malware detection in real-world environment: Based on multi-results stacking learning

【Author】 Zheng, Rui; Wang, Qiuyun; Lin, Zhuopang; Jiang, Zhengwei; Fu, Jianming; Peng, Guojun

【Source】APPLIED SOFT COMPUTING

【影响因子】8.263

【Abstract】Cryptocurrency mining malware (CryptocMal) has been proliferating due to its high profitability and anonymity. There are many studies using machine learning methods to build CryptocMal detectors and other malware detectors. However, these detection methods tend to test their performance on small datasets only, and such testing conditions make researchers often doubt the real-world performance of these machine learning methods. Some deep learning methods that do not require expert knowledge of malware further reinforce this suspicion. In this paper, different from previous studies, the heuristic rule features set for the machine learning model are designed based on CryptocMal characteristics. Furthermore, the heuristic rule features are integrated as a domain knowledge component in an ensemble learning framework, called CMalHunt. CMalHunt utilized the stacking method to combine results of domain knowledge features, behavior features and binary bytes features. Through integrating classification models with different feature types, the experimental results show that CMalHunt significantly outperforms the baseline machine learning models. These results also validate our conjecture about feature types integration, indicating that each feature can play a role in the CryptocMal detection task. This paper is informative for real-world applications of machine learning in malware identification and malware family classification. (c) 2022 Elsevier B.V.All rights reserved.

【Keywords】Machine learning; Malware static analysis; Cryptocurrency mining malware; Ensemble learning; Malware detection in real world

【发表时间】2022 JUL

【收录时间】2022-08-15

【文献类型】实验仿真

【主题类别】

区块链治理-技术治理-挖矿检测