Li-juan Su,Min Yao

DOI: https://doi.org/10.1109/icca.2013.6565148

2013-01-01

Abstract:Recently a novel learning algorithm called extreme learning machine (ELM) was proposed for efficiently training single-hidden layer feedforward neural networks (SLFNs). Compared with other traditional gradient-descent-based learning algorithms, ELM has shown promising results because it chooses weights and biases of hidden nodes randomly and obtains the output weights and biases analytically. In most cases, ELM is fast and presents good generalization, but we find that the stability and generalization performance still can be improved. In this paper, we propose a hybrid model which combines the advantage of ELM and the advantage of Bayesian "sum of kernels" model, named Extreme Learning Machine with Multiple Kernels (MK-ELM). This method optimizes the kernel function using a weighted sum of kernel functions by a prior knowledge. Experimental results show that this approach is able to make neural networks more robust and generates better generalization performance for both regression and classification applications.

Qing Yang,Xiaoliang Wang,Jing Zheng,Wenqi Ge,Ming Bai,Frank Jiang

DOI: https://doi.org/10.3837/tiis.2021.06.014

2021-01-01

KSII Transactions on Internet and Information Systems

Abstract:With the rapid development of mobile Internet, smart phones have been widely popularized, among which Android platform dominates. Due to it is open source, malware on the Android platform is rampant. In order to improve the efficiency of malware detection, this paper proposes deep learning Android malicious detection system based on behavior features. First of all, the detection system adopts the static analysis method to extract different types of behavior features from Android applications, and extract sensitive behavior features through Term frequency-inverse Document Frequency algorithm for each extracted behavior feature to construct detection features through unified abstract expression. Secondly, Long Short-Term Memory neural network model is established to select and learn from the extracted attributes and the learned attributes are used to detect Android malicious applications, Analysis and further optimization of the application behavior parameters, so as to build a deep learning Android malicious detection method based on feature analysis. We use different types of features to evaluate our method and compare it with various machine learning-based methods. Study shows that it outperforms most existing machine learning based approaches and detects 95.31% of the malware.

Xiaowei Xue,Min Yao,Zhaohui Wu,Jianhua Yang

DOI: https://doi.org/10.1016/j.neucom.2013.09.042

IF: 6

2013-01-01

Neurocomputing

Abstract:Extreme learning machine (ELM) was proposed as a new learning algorithm to train single-hidden-layer feedforward neural networks (SLFNs). ELM has been proven to perform in high efficiency, however, due to the random determination of parameters for hidden nodes, some un-optimal parameters may be generated to influence the generalization performance and stability. Moreover, ELM may suffer from overtraining problem as the entire training dataset is used to minimize training error. In this paper, a hybrid model is proposed to alleviate such weaknesses of ELM. The model adopts genetic algorithms (GAs) to produce a group of candidate networks first, and according to a specific ranking strategy, some of the networks are selected to ensemble a new network. To verify the performance of our method, empirical comparisons were carried out with the canonical ELM, E-ELM, simple ensemble, EE-ELM, EN-ELM, Bagging and Adaboost to solve both regression and classification problems. The results have shown that our method is able to generate more robust networks with better generalization performance.

Yong Shi,Gong Chen,Juntao Li

DOI: https://doi.org/10.1007/s11063-017-9666-7

IF: 2.565

2017-01-01

Neural Processing Letters

Abstract:Malicious domain detection is one of the most effective approaches applied in detecting Advanced Persistent Threat (APT), the most sophisticated and stealthy threat to modern network. Domain name analysis provides security experts with insights to identify the Command and Control (C&C) communications in APT attacks. In this paper, we propose a machine learning based methodology to detect malware domain names by using Extreme Learning Machine (ELM). ELM is a modern neural network with high accuracy and fast learning speed. We apply ELM to classify domain names based on features extracted from multiple resources. Our experiment reveals the introduced detection method is able to perform high detection rate and accuracy (of more than 95%). The fast learning speed of our ELM based approach is also demonstrated by a comparative experiment. Hence, we believe our method using ELM is both effective and efficient to identify malicious domains and therefore enhance the current detection mechanism of APT attacks.

Haojun Wang,Haixia Long,Ailan Wang,Tianyue Liu,Haiyan Fu

DOI: https://doi.org/10.1109/access.2021.3090464

IF: 3.9

2021-01-01

IEEE Access

Abstract:Network security has become a growing concern within the popularity and development of the Internet. Malicious code is one of the main threats to network security. Different types of malicious code have different functions and cause different harms. Therefore, improving the detection efficiency and recognition accuracy of malicious code is becoming an urgent problem to be solved. While traditional machine learning methods for malicious code detection largely depend on hand-designed features with experts' knowledge of the domain or focus on the images which come from malicious code binary files. These methods spend too much time on feature extraction. With the emergence of a large amount of malicious code data, the efficiency of traditional machine learning algorithms is getting worse and worse. In this paper, a workflow based on deep learning is proposed to detect and classify malicious codes. This workflow adopts a convolutional neural network (CNN) and the regularization algorithms to classify malicious code with N_gram semantic feature as input of the model. The convolutional neural network can automatically extract the features of malicious code while avoiding the need for manual feature selection. Regularization algorithms not only speed up the training process of the deep model but also improve the generalization ability in the case of effective prevention of over-fitting of the model. The proposed method is compared with the state-of-the-art methods and other deep learning models. Experimental results show that our workflow can improve the accuracy and efficiency of malicious code classification.

Chen,Bo Yang,Xiaoyan Ye,Biao Wang

DOI: https://doi.org/10.1117/12.2673302

2023-01-01

Abstract:In the information age, with the increase of data feature dimensions, the performance of Intrusion Detection System (IDS) in training time and classification accuracy is declining. A large number of researchers have conducted a lot of research on how to use machine learning algorithms for fast and accurate intrusion detection. This paper presents an IDS model based on Extreme Learning Machine (ELM). Firstly, the intrusion detection data set NSL-KDD is normalized. Then, uses the normalized data as input, and the hidden layer activation function of ELM algorithm suitable for intrusion detection is optimized by comparing the correct rate of the model under different hidden layer activation functions and the number of hidden layer nodes. Finally, the optimal number of hidden layer nodes corresponding to the optimal hidden layer activation function is obtained. Experiments show that the optimized ELM has better performance.

Zhifan Ye,Yuanlong Yu

DOI: https://doi.org/10.1109/icinfa.2015.7279549

2015-01-01

Abstract:Extreme learning machine (ELM) is an efficient learning algorithm which can be easily used with least human intervene. But when ELM is applied as multiclass classifier, the results of some classes are not satisfactory and it's hard to adjust the parameters for these classes without affecting other classes. To overcome these limitations, a novel method is proposed. In proposed approach, binary ELM classifiers for each class are combined into an ensemble classifier using one-to-all strategy. The experiment on NSL-KDD data shows that the proposed approach outperforms ELM multiclass classifier, decision tree, neural network (NN) and support vector machines (SVM).

Rajvardhan Patil,Wei Deng

DOI: https://doi.org/10.1109/southeastcon44009.2020.9368268

2020-01-01

Abstract:In this era, where the volume and diversity of malware is rising exponentially, new techniques need to be employed for faster and accurate identification of the malwares. Manual heuristic inspection of malware analysis are neither effective in detecting new malware, nor efficient as they fail to keep up with the high spreading rate of malware. Machine learning approaches have therefore gained momentum. They have been used to automate static and dynamic analysis investigation where malware having similar behavior are clustered together, and based on the proximity unknown malwares get classified to their respective families. Although many such research efforts have been conducted where data-mining and machine-learning techniques have been applied, in this paper we show how the accuracy can further be improved using deep learning networks. As deep learning offers superior classification by constructing neural networks with a higher number of potentially diverse layers it leads to improvement in automatic detection and classification of the malware variants.In this research, we present a framework which extracts various feature-sets such as system calls, operational codes, sections, and byte codes from the malware files. In the experimental and result section, we compare the accuracy obtained from each of these features and demonstrate that feature vector for system calls yields the highest accuracy. The paper concludes by showing how deep learning approach performs better than the traditional shallow machine learning approaches.

Ke Zhang,Zhi Hu,Yufei Zhan,Xiaofen Wang,Keyi Guo

DOI: https://doi.org/10.3390/en13184907

IF: 3.2

2020-09-18

Energies

Abstract:The smart grid is vulnerable to network attacks, thus requiring a high detection rate and fast detection speed for intrusion detection systems. With a fast training speed and a strong model generalization ability, the extreme learning machine (ELM) perfectly meets the needs of intrusion detection of the smart grid. In this paper, the ELM is applied to the field of smart grid intrusion detection. Aiming at the problem that the randomness of input weights and hidden layer bias in the ELM cannot guarantee the optimal performance of the ELM intrusion detection model, a genetic algorithm (GA)-ELM algorithm based on a genetic algorithm (GA) is proposed. GA is used to optimize the input weight and hidden layer bias of the ELM. Firstly, the input weight and hidden layer bias of the ELM are mapped to the chromosome vector of a GA, and the test error of the ELM model is set as the fitness function of the GA. Then, the parameters of the ELM intrusion detection model are optimized by genetic operation; the input weight and bias, corresponding to the minimum test error, are selected to improve the performance of the ELM model. Compared with the ELM and online sequential extreme learning machine (OS-ELM), the GA-ELM effectively improves the accuracy, detection rate and precision of intrusion detection and reduces the false positive rate and missing report rate.

energy & fuels

Zhihua Cui,Fei Xue,Xingjuan Cai,Yang Cao,Gai-ge Wang,Jinjun Chen

DOI: https://doi.org/10.1109/tii.2018.2822680

IF: 12.3

2018-07-01

IEEE Transactions on Industrial Informatics

Abstract:With the development of the Internet, malicious code attacks have increased exponentially, with malicious code variants ranking as a key threat to Internet security. The ability to detect variants of malicious code is critical for protection against security breaches, data theft, and other dangers. Current methods for recognizing malicious code have demonstrated poor detection accuracy and low detection speeds. This paper proposed a novel method that used deep learning to improve the detection of malware variants. In prior research, deep learning demonstrated excellent performance in image recognition. To implement our proposed detection method, we converted the malicious code into grayscale images. Then, the images were identified and classified using a convolutional neural network (CNN) that could extract the features of the malware images automatically. In addition, we utilized a bat algorithm to address the data imbalance among different malware families. To test our approach, we conducted a series of experiments on malware image data from Vision Research Lab. The experimental results demonstrated that our model achieved good accuracy and speed as compared with other malware detection models.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Dongzhi Cao,Xinglan Zhang,Yang Cao,Yuehan Wang,Weixin Liu

DOI: https://doi.org/10.1504/ijwmc.2020.109235

2020-01-01

International Journal of Wireless and Mobile Computing

Abstract:With the development of society, network security has received more and more attention. Malicious code has also grown, causing network security vulnerabilities and increasing threats to internet security. Therefore, the detection of malicious code becomes very important. However, there are some problems in the current research on malicious code detection, for example, tedious feature extraction and unbalanced data, which is far from the effect people want to achieve. To address these problems, in this paper, we propose a novel malicious code detection and fine-grained classification model by using convolutional neural networks and swarm intelligence algorithms. We converted the binary executable files of malicious codes into greyscale images and then used convolution neural networks to detect and classify malicious codes. In addition, we employed swarm intelligence algorithms to achieve fine-grained classification on unbalanced data in different malicious code families. We conducted a series of experiments on the real malware dataset from Vision Research Lab. The experimental results demonstrated that the proposed solution is effective for fine-grained classification of malicious codes.

Aidong Xu,Lin Chen,Xiaoyun Kuang,Huahui Lv,Hang Yang,Yixin Jiang,Bo Li

DOI: https://doi.org/10.1109/bigdatasecurity-hpsc-ids49724.2020.00021

2020-01-01

Abstract:In recent years, malicious programs seriously threaten the security of information system. Because of its particularity, complexity and vulnerability, power information system is difficult to detect and kill by traditional anti-virus software. To solve the above problems, this paper proposes a malicious behavior detection method based on deep learning, which can identify malicious programs and attack types according to the activities of malicious programs and malicious software behaviors. In this paper, a hybrid deep learning structure based on convolutional neural network (CNN) and long-and-short term memory (LSTM) network is proposed. The call sequence of API is combined with other statistical features. The vector information obtained is input into LSTM unit through convolution, and the classification results are obtained through the above model. Compared with the existing methods, this method significantly improves the preparation rate and execution efficiency.

Wei Li,Chenyi Zhang,Jieying Zhou,Dan Wang,Nuannuan Li

DOI: https://doi.org/10.1088/1742-6596/2010/1/012165

2021-09-01

Journal of Physics: Conference Series

Abstract:Abstract In recent years, malicious code emerges in endlessly. New types of malicious code evade the traditional malicious code detection technology through polymorphism, shelling, confusion and other ways. In order to solve the challenges brought by various technologies to the research of malicious code detection, in this paper, we propose a malicious code detection method based on static features and ensemble learning. This method extracts the information in the PE header file of malicious code samples as static features, and on this basis, builds a malicious code detection model by using stacking ensemble learning. In order to verify the effectiveness of the model, experiments are carried out on a dataset containing 5000 malicious codes and 4943 benign codes. Experiments show that the classification model based on stacking ensemble learning is the best, with 97.22% precision rate and 96.45% stable F1 score.

Shi-qi LUO,Sheng-wei TIAN,Hua SUN,Long YU

DOI: https://doi.org/10.3969/j.issn.1000-1220.2017.11.010

2017-01-01

Abstract:The classification of malicious code is one of the most important issues in the field of malicious code analysis. To solve this problem,the Deep Belief Networks ( DBN) malicious code classification strategy is proposed. Firstly,extract the characteristics of ma-licious code images from the sample set and the frequency characteristics in the instruction statement. Secondly,to ensure the improve-ment of accuracy,combine the two kinds of features above,to train Boltzmann Machine,(RBM) and Back Propagation (BP). The experimental results show that the average accuracy rate of the proposed model is 95. 7%,which is significantly higher than that of the traditional shallow machine learning model KNN's 94. 5%.

Peidai Xie,Xinwang Liu,Jianping Yin,Yongjun Wang

DOI: https://doi.org/10.1007/s00521-014-1558-4

2014-01-01

Neural Computing and Applications

Abstract:Extreme learning machine (ELM) has been an important research topic over the last decade due to its high efficiency, easy-implementation, unification of classification and regression, and unification of binary and multi-class learning tasks. Though integrating these advantages, existing ELM algorithms cannot directly handle the case where some features of the samples are missing or unobserved, which is usually very common in practical applications. The work in this paper fills this gap by proposing an absent ELM (A-ELM) algorithm to address the above issue. By observing the fact that some structural characteristics of a part of packed malware instances hold unreasonable values, we cast the packed executable identification tasks into an absence learning problem, which can be efficiently addressed via the proposed A-ELM algorithm. Extensive experiments have been conducted on six UCI data sets and a packed data set to evaluate the performance of the proposed algorithm. As indicated, the proposed A-ELM algorithm is superior to other imputation algorithms and existing state-of-the-art ones.

Gaigai Tang,Lin Yang,Shuangyin Ren,Lianxiao Meng,Feng Yang,Huiqiang Wang

DOI: https://doi.org/10.1155/2021/5566423

IF: 1.968

2021-06-16

Security and Communication Networks

Abstract:Traditional vulnerability detection mostly ran on rules or source code similarity with manually defined vulnerability features. In fact, these vulnerability rules or features are difficult to be defined accurately, which usually cost much expert labor and perform weakly in practical applications. To mitigate this issue, researchers introduced neural networks to automatically extract features to improve the intelligence of vulnerability detection. Bidirectional Long Short-term Memory (Bi-LSTM) network has proved a success for software vulnerability detection. However, due to complex context information processing and iterative training mechanism, training cost is heavy for Bi-LSTM. To effectively improve the training efficiency, we proposed to use Extreme Learning Machine (ELM). The training process of ELM is noniterative, so the network training can converge quickly. As ELM usually shows weak precision performance because of its simple network structure, we introduce the kernel method. In the preprocessing of this framework, we introduce doc2vec for vector representation and multilevel symbolization for program symbolization. Experimental results show that doc2vec vector representation brings faster training and better generalizing performance than word2vec. ELM converges much quickly than Bi-LSTM, and the kernel method can effectively improve the precision of ELM while ensuring training efficiency.

computer science, information systems,telecommunications

Meng Li,Xiaoqi Jia,Rui Wang,Dongdai Lin

DOI: https://doi.org/10.3969/j.issn.1000-386x.2015.08.063

2015-01-01

Abstract:In malicious code analysis and detection, the static analysis techniques are not effective to detect metamorphic/polymorphic ma-licious codes.Aiming at this problem, this paper proposes an approach for extracting the dynamic features of malicious code semantics.The method extracts the dynamic features of malicious codes in virtual environment so as to achieve the purpose of protecting physical machine. The primitive features extracted are then further sifted and processed to obtain API calling sequence information in regard to various code sam-ples.In order to make the features more effective, the traditional n-gram model is improved and the n-gram frequency information and the de-pendencies between APIs are added, the improved n-gram model is built as well.The analysis part in experimental result uses the machine learning methods, the decision trees, k-nearest neighbour, support vector machine and Bayesian networks are employed separately to perform a 10-fold crossover validation on the selected sample features.Experimental results show that this feature selection has best detection effect using decision tree J48, it can effectively detect the malicious codes using confusion and polymorphism technologies.

Yongshan Zhang,Zhihua Cai,Jia Wu,Xinxin Wang,Xiaobo Liu

DOI: https://doi.org/10.1109/ijcnn.2015.7280383

2015-01-01

Abstract:Extreme Learning Machine (ELM) is an elegant technique for training Single-hidden Layer Feedforward Networks (SLFNs) with extremely fast speed that attracts significant interest recently. One potential weakness of ELM is the random generation of the input weights and hidden biases, which may deteriorate the classification accuracy. In this paper, we propose a new Memetic Algorithm (MA) based Extreme Learning Machine (M-ELM) for classification problems. M-ELM uses Memetic Algorithm which is a combination of population-based global optimization technique and individual-based local heuristic search method to find optimal network parameters for ELM. The optimized network parameters will enhance the classification accuracy and generalization performance of ELM. Experiments and comparisons on 22 benchmark data sets demonstrate that M-ELM is able to provide highly competitive results compared with other state-of-the-art varieties of ELM algorithms.

Yanli Shao,Yang Lu,Dan Wei,Jinglong Fang,Feiwei Qin,Bin Chen

DOI: https://doi.org/10.1155/2022/3301718

2022-07-08

Wireless Communications and Mobile Computing

Abstract:Edge computing is a feasible solution for effectively collecting and processing data in industrial Internet of Things (IIoT) systems, and edge security is an important guarantee for edge computing. Fast and accurate classification of malicious code in the whole lift cycle of edge computing is of great significance, which can effectively prevent malicious code from attacking wireless sensor networks and ensure the stable and secure transmission of data in smart devices. Considering that there is a large amount of code reuse in the same malicious code family, making their visual feature similar, many studies use visualization technology to assist malicious code classification. However, traditional malicious code visual classification schemes have the problems such as single image source, weak ability of deep-level feature extraction, and lack of attention to key image details. Therefore, an innovative malicious code visual classification method based on a deep residual network and hybrid attention mechanism for edge security is proposed in this study. Firstly, the malicious code visualization scheme integrates the bytecode file and assembly file of the malware and converts them into a four-channel RGBA image to fully represent malicious code feature information without increasing the computational complexity. Secondly, a hybrid attention mechanism is introduced into the deep residual network to construct an effective classification model, which extracts image texture features of malicious code from two dimensions of the channel and spatial to improve the classification performance. Finally, the experimental results on the BIG2015 and Malimg datasets show that the proposed scheme is feasible and effective and can be widely applied used in various malicious code classification issues, and the classification accuracy rate is relatively higher than the existing better-performing malicious code classification methods.

computer science, information systems,telecommunications,engineering, electrical & electronic