Scribd
Upload
4 views

Efficient_Shellcode_Detection_Based_on_Convolutional_Neural_Network (2)

The document discusses a method for detecting intrusion through the identification of attack codes, specifically shellcodes, using a combination of static analysis and convolutional neural networks. It highlights the limitations of traditional methods and proposes a new approach that enhances detection accuracy by analyzing the behavior of shellcodes during execution. The paper emphasizes the importance of effective data handling and the potential for future improvements in detection methodologies.

Uploaded by

Ramesh Gaurav
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
4 views

Efficient_Shellcode_Detection_Based_on_Convolutional_Neural_Network (2)

The document discusses a method for detecting intrusion through the identification of attack codes, specifically shellcodes, using a combination of static analysis and convolutional neural networks. It highlights the limitations of traditional methods and proposes a new approach that enhances detection accuracy by analyzing the behavior of shellcodes during execution. The paper emphasizes the importance of effective data handling and the potential for future improvements in detection methodologies.

Uploaded by

Ramesh Gaurav
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

2019 International Conference on Communications, Information System and Computer Engineering (CISCE)

(IILFLHQW6KHOOFRGH'HWHFWLRQ%DVHG2Q
&RQYROXWLRQDO1HXUDO1HWZRUN


<X6RQJ-LDQ:DQJ
&ROOHJHRI(OHFWULFDO6FLHQFH
1DWLRQDO8QLYHUVLW\RI'HIHQVH7HFKQRORJ\
&KDQJ6KD&KLQD
#TTFRPMZDQJ#QXGWHGXFQ

Abstract²$QLPSRUWDQWPHWKRGWRGHWHFWLQWUXVLRQLVWRLGHQWLI\
DWWDFN FRGHVVXFK DV VKHOOFRGH +RZHYHU WKH SRSXODU VLPXODWLRQ
PHWKRGVVHULRXVO\VORZGRZQWKHHIILFLHQF\ZKLOHVWDWLFGHWHFWLRQ DQDO\VLV HVSHFLDOO\ ZKHQ WKH PDOLFLRXV FRGH LV FRQIXVHG
FDQ¶WJXDUDQWHHWKHDFFXUDF\RIGHWHFWLRQ HQFU\SWHG RU RWKHUZLVH PDQLSXODWHG %\ FRQWUDVW G\QDPLF
,QWKLVSDSHUZHSURSRVHDQDSSURDFKEDVHGRQWKHFRPELQDWLRQ DQDO\VLV LV PRUH SRSXODU DWWHPSWLQJ WR GHWHFW PDOLFLRXV
RI VWDWLF DQDO\VLV DQG FRQYROXWLRQDO QHXUDO QHWZRUN 3UREHV DUH EHKDYLRU GXULQJ VLPXODWLRQ E\ LQVWUXFWLRQ H[HFXWLRQ RUGHU
ILUVW XVHG WR PDWFK NH\ E\WH VHTXHQFHV WR ILOWHU EHQLJQ GDWD DQG LQVWUXFWLRQFRPSRVLWLRQRU$3,FDOOVHWF
REWDLQ VKHOOFRGH FDQGLGDWHV WKHQ FRQYROXWLRQDO QHXUDO QHWZRUN 7RWKHWDOSURSRVHG$3(ZKLFKIRFXVRQWKH1236OHG>@
XVHV WKH IHDWXUH VHW H[WUDFWHG IURP WKH VKHOOFRGH IUDJPHQW WR
,WLVDQHDUOLHUVLPXODWLRQEDVHGDQDO\VLVPHWKRGDOWKRXJKLWLV
FODVVLI\ FDQGLGDWHV ,Q DGGLWLRQ WKLV SDSHU SURSRVH VHYHUDO
LQVWUXFWLRQDEVWUDFWLRQIHDWXUHVIRUVWDWLFDQDO\VLV
OLPLWHG WR WKH GHWHFWLRQ RI VOHG LW KDV H[WUDRUGLQDU\
([SHULPHQWVKRZVWKDWWKHSURSRVHGPHWKRGFDQGHWHFWPXOWLSOH HQOLJKWHQPHQW 3RO\FKURQDNLV HW DO SURSRVHG D QHZ PHWKRG
PDOLFLRXV FRGH ZLWK KLJK GHWHFWLRQ DFFXUDF\ VXFK DV SODLQ ZKLFK UHOLHV RQ WKH &38 HPXODWRU HPEHGGHG 1,'6 >@ ,W
VKHOOFRGHDQGHQFU\SWHGVKHOOFRGH H[HFXWHHDFKSRWHQWLDOVHTXHQFHRILQVWUXFWLRQVLQWKHWUDIILFWR
LGHQWLI\ WKH EHKDYLRU RI WKH SRO\PRUSKLF VKHOOFRGH $W 
Keywords-shellcode dectection; static analysis; convolutional /XNDQUHOHDVHGWKHOLEUDU\/LEHPXIRU[VKHOOFRGHGHWHFWLRQ
neural network >@/LEHPXFDQGHWHFWDQGH[HFXWHVKHOOFRGHE\GHVLJQLQJWKH
*HW3&KHXULVWLFV
, ,1752'8&7,21 $OWKRXJKG\QDPLFDQDO\VLVLVPRUHDFFXUDWHDQGHIIHFWLYH
7KHUHDUHWZRDSSURDFKHVWRGHWHFWVKHOOFRGHIURPQHWZRUN LW LV XQDFFHSWDEOH WKDW G\QDPLF DQDO\VLV PHWKRGV FDQ OHDG WR
WUDIILFEHIRUHXVHGVWDWLFDQDO\VLVDQGG\QDPLFDQDO\VLV6LQFH JUHDW RYHUKHDG $OWKRXJK PDQ\ DOJRULWKPV KDYH EHHQ
HDUO\ VKHOOFRGH LV VLPSOH LQ VWUXFWXUH DQG IHDWXUHVSHFLILF SURSRVHG WR PDNH XS IRU WKLV LVVXH WKH VLWXDWLRQ LV VWLOO QRW
VWDWLFDQDO\VLVFDQKDQGOHPRVWVLWXDWLRQV RSWLPLVWLF
,Q VWDWLF DQDO\VLV WKH LQSXW GDWD LV ILUVW GHFRPSRVHG WKHQ $W SUHVHQW PDFKLQH OHDUQLQJ KDV EHFRPH WKH IRFXV RI
GLVDVVHPEOHG IRU FRGHOHYHO SDWWHUQ DQDO\VLV RU E\WHOHYHO GRPHVWLF DQG IRUHLJQ VFKRODUV GXH WR LWV SRZHUIXO OHDUQLQJ
PDWFKLQJ3DWWHUQVFDQEHKHXULVWLFUXOHVREWDLQHGE\VWXG\LQJ DELOLW\ +RX HW DO SURSRVHG 6%( EDVHG RQ VLPXODWLRQ DQG
NQRZQ PDOLFLRXV FRGH RU FRPSOH[ VLJQDWXUHV )RU H[DPSOH VXSSRUWYHFWRUPDFKLQH>@2QRWXLGHQWLILHGVKHOOFRGHGLUHFWO\
WKHUHWXUQDGGUHVVDQGWKH123VOHGDUHHVVHQWLDOSDUWIRUWKH IURP QHWZRUN WUDIILF GDWD E\ D PXOWLOD\HU SHUFHSWURQ ZLWK
HDUO\VKHOOFRGH EDFNSURSDJDWLRQ OHDUQLQJ DOJRULWKP >@ ,W SHUIRUPV SHUIHFWO\
FODVVLILFDWLRQ RQ WKH UDZ QHWZRUN GDWD ZKLFK FRQVLVWV RI
6QRUW >@ LV WKH FODVVLF UHSUHVHQWDWLYH RI VWDWLF DQDO\VLV VKHOOFRGH LPDJH ILOHV DQG '//'\QDPLF /LQN /LEUDU\ ILOHV
PHWKRG XVLQJ VLJQDWXUHV DQG KHXULVWLF UXOHV )RU H[DPSOH LW /X HW DO SURSRVHG DQ LPPXQHLQVSLUHG VKHOOFRGH GHWHFWLRQ
FRQWDLQV D VLJQDWXUH WKDW PDWFKHV WKH VLPSOH 123 6OHG DOJRULWKPFDOOHG,6'$IRUVWDWLFDQDO\VLVDQGG\QDPLFDQDO\VLV
3DVXSXODWL HW DO SURSRVHG WKH EXWWHUFXS >@ ZKLFK XVHV >@'DWDLVVSOLWLQWRDVVHPEO\LQVWUXFWLRQVDQG$3,IXQFWLRQ
DGGUHVVHVDVWKHEUHDNWKURXJKWRFDWFKEXIIHURYHUIORZDWWDFNV FDOOVHTXHQFHLVREWDLQHGWKURXJKVLPXODWLRQH[HFXWLRQ
,W H[WUDFWV D VPDOO UDQJH RI DGGUHVVHV WKDW FDQ EH XVHG WR
VXFFHVVIXOO\ LQLWLDWH DQ LQWUXVLRQ IRU HDFK YXOQHUDEOH SURJUDP ,Q RUGHU WR DYRLG H[FHVVLYH FRQVXPSWLRQ DQG HQVXUH WKH
DQG LWV WDUJHW RYHUIORZ IXQFWLRQ &KHQ 7LQJ HW DO SURSRVHG D GHWHFWLRQ DFFXUDF\ WKLV SDSHU SURSRVHV D QHZ PHWKRG EDVHG
GHWHFWLRQ PHWKRG FDOOHG +'36 >@ %DVHG RQ WKH VWDWLVWLFDO RQ VWDWLF DQDO\VLV DQG FRQYROXWLRQDO QHXUDO QHWZRUN 7KH
PHWKRG WKH PDUNRY PRGHO LV WUDLQHG E\ WKH WDJ GDWD WR UHPDLQGHU RI WKLV SDSHU LV RUJDQL]HG DV IROORZV 6HFWLRQ ,,
FRQVWUXFWWKHRXWOLQHRIWKHE\WHVHTXHQFH GHVFULEHV WKH GHWDLO GHWHFWLRQ IUDPHZRUN 6HFWLRQ ,,, LV WKH
H[SHULPHQWDO SDUW FRQWUDVWLYH H[SHULPHQWV DQG HYDOXDWLRQ DUH
+RZHYHU PRGHUQ LQWUXVLRQ WHFKQRORJ\ PDNHV VWDWLF FDUULHG RXW WR YDOLGDWH WKH SURSRVHG PHWKRG 6HFWLRQ ,9
GHWHFWLRQPRUHGLIILFXOW,Q>@%D\HUHWDOSRLQWHGRXWWKDWLW GHVFULEHV WKH FRQWULEXWLRQ RI WKLV SDSHU DQG SODQV IRU IXWXUH
LV RIWHQ GLIILFXOW WR GHWHUPLQH SURJUDP EHKDYLRU E\ VWDWLF ZRUN

978-1-7281-3681-3/19/$31.00 ©2019 IEEE 309


DOI 10.1109/CISCE.2019.00076
Authorized licensed use limited to: NATIONAL INSTITUTE OF TECHNOLOGY TIRUCHIRAPALLI. Downloaded on March 20,2024 at 13:06:08 UTC from IEEE Xplore. Restrictions apply.
,, 6+(//&2'('(7(&7,21)5$0(:25. 7$%/(, 7+(/,672)352%(6

,QWKLVSDSHUSUHWUHDWPHQWLVILUVWXVHGWRREWDLQVKHOOFRGH 3UREH 5HIHU $SSOLFDWLRQ


FDQGLGDWHVLWLVGHWHUPLQHGE\WKHPDWFKLQJRIE\WHVHTXHQFHV 6\VWHPIXQFWLRQ
&' >LQW@
ZKLFKZHFDOO SUREH7KHQZHJHWVWDWLFIHDWXUHVHWVE\VWDWLF FDOO
DQDO\VLV DQG REWDLQ WKH PRGHO IRU FODVVLILFDWLRQ QHXUDO (
FDOOIXQFWLRQ JHWSF
(>))))))>))@@
QHWZRUN LV XVHG WR FRPSOHWH WKH ILQDO VXPPDU\ ZRUN 7KH
RYHUDOOGHWHFWLRQIUDPHZRUNLVVKRZQDV)LJ '((
)OG])OG)VWHQY
'(
7KHVWHSVRIWKHGHWHFWLRQDOJRULWKPDUHDVIROORZV )ORDWLQJSRLQW JHWSF
'>@>)))@
RSHUDWLRQ
'>@>)))@
• 6WHS  7UDYHUVLQJ WKH GDWD IURP WKH ILUVW E\WH JR WR
6WHS  LI DQ\ VXVSLFLRXV VKHOOFRGH LV LGHQWLILHG &RQVHFXWLYH123 7KHVLPSOHVW
^`
LQVWUXFWLRQ 123VOHG
RWKHUZLVHHQGWKHGHWHFWLRQ
$Q\IRXUE\WH UHWXUQDGGUHVVHV
6SHFLDOGDWD
• 6WHS,IVSHFLDOFRQGLWLRQVDUHPHWWKHGDWDLVMXGJHG FRQWLQXRXVUHSHWLWLRQ
VWUXFWXUH
RUHQFU\SWLRQ
WREHVKHOOFRGHGLUHFWO\RWKHUZLVHMXPSWR6WHS PRUHWKDQWKUHHWLPHV DOJRULWKPV
)( &RPSRVLWLRQRI 6WULQJSDUDPHWHUV
• 6WHS  ,QWHUFHSW IUDJPHQW RI WKH GDWD DQG WKHQ VWDWLF ) ³?ELQ?VK´ IRUVKHOOUHERXQG
IHDWXUHVDUHH[WUDFWHG
>@^`( Q )RUPDWWLQJ6WULQJ
• 6WHS)LQLVKGHWHFWLQJLILWLVSUHGLFWHGWREHVKHOOFRGH >@^`( KQ 9XOQHUDELOLW\
,IQRWDQGWKHHQGRIWKHGDWDLVQRWUHDFKHGUHSHDW6WHS >@^`( KKQ ([SORLWDWLRQ
IURPWKHODVWSRVLWLRQ 
,WVHHPVWREHDVLPSOHVKHOOFRGHGHWHFWLRQIUDPHZRUNEXW WKHHQFU\SWHGSD\ORDGSRUWLRQEXW*HW3& FRGHKDVEHFRPHD
ZH KDYH DGRSWHG VRPH VSHFLDO GHVLJQV ,Q WKH IROORZLQJ EUHDNWKURXJK )RU WKH 123 VOHG LW LV DOVR GLIILFXOW WR PRGHO
VHFWLRQVZHZLOOGHVFULEHWKHPHWKRGVXVHGLQHDFKVWHS LWV H[LVWHQFH DQG OHQJWK WKH FRPSRVLWLRQ DQG RUGHU RI
LQVWUXFWLRQVDUHGLIILFXOWWRSUHGLFW>@2QWKHRWKHUKDQGWKH
A. Shellcode Identification 123 VOHG DQG WKH UHWXUQ DGGUHVVHV DUH QRW HVVHQWLDO
,Q QHWZRUN WUDIILF PRVW GDWD GRHV QRW FRQWDLQ PDOLFLRXV FRPSRQHQWVRIVKHOOFRGHVRZHRQO\PDWFKWKHLUVLPSOHIRUP
LQWUXVLRQFRGH,QRUGHUWRUHGXFHWKHSUHVVXUHRIWKHGHWHFWRU )RUWKHVHVLWXDWLRQVVHYHUDOSUREHVDUHGHVLJQHGEDVHGRQWKH
ZH JHW VKHOOFRGH FDQGLGDWHV E\ SUHWUHDWPHQW ZKLFK FDQ H[SHULHQFHRISUHGHFHVVRUVDVVKRZQLQ7DEOH,
JUHDWO\LPSURYHWKHHIILFLHQF\
B. Special Verification
,Q SODLQ VKHOOFRGH WKH SD\ORDG LV QRW HQFU\SWHG UHVXOWLQJ
LQDYDULHW\RIHDVLO\GHWHFWDEOHWDUJHWVXFKDVV\VWHPIXQFWLRQ )RUWKHUHWXUQDGGUHVVHVDQGWKH123VOHGLWLVGLIILFXOWWR
FDOOV,QRUGHUWRDYRLGLQWUXVLRQGHWHFWLRQV\VWHPVVXFKDV,'6 ORFDWH WKH H[DFW ORFDWLRQ RI WKH NH\ FRGH LQ WKLV FDVH ZH
DQWLYLUXV VRIWZDUH HQFU\SWLRQ DQG SRO\PRUSKLVP EHFRPH GLUHFWO\MXGJHWKHWDUJHWDVPDOLFLRXVFRGH
HVVHQWLDOVNLOOVIRUDGYDQFHGVKHOOFRGH,WLVQRWZLVHWRPRGHO
C. Static Feature Extraction
)RUWKHFDQGLGDWHVLQWHUFHSWE\WHVRI IL[HGOHQJWKGDWD
DVDVXVSLFLRXVVHTXHQFH:HSODFHWKHSUREHVHTXHQFHDWWKH
LQGH[RIDQGWKHUHVWLVILOOHGE\VXUURXQGLQJUDZGDWD7KH
DOLJQPHQW LV D FULWLFDO SRLQW WKDW VXEVWDQWLDOO\ ZHDNHQ WKH
VSDWLDO FRPSOH[LW\ RI IUDJPHQW PDWFKLQJ 7KHUH LV RQH
H[FHSWLRQWKHSUREHLVSODFHGDWWKHHQGRIWKHIUDJPHQWZKHQ
WKHUH DUH WZR RU PRUH >LQW @ DLPLQJ WR REWDLQ VXIILFLHQW
VXSSRUWGDWD7KHZRUNLQ>@LVDEOHWRFODVVLI\WKUHHW\SHVRI
VDPSOHVSHUIHFWO\ZKLFKJLYHVXVWKHLQVSLUDWLRQ
'DQLHO IRXQG WKDW PDOZDUH RSFRGH GLVWULEXWLRQV GLIIHU
VWDWLVWLFDOO\ VLJQLILFDQWO\ IURP QRQPDOLFLRXV VRIWZDUH DQG
UDUHRSFRGHVVHHPWREHDVWURQJHUSUHGLFWRU>@EXWLWFDQ¶W
EH WKH GHFLVLYH IDFWRU 7KLV UXOH DSSOLHV HTXDOO\ WR QHWZRUN
WUDIILF VHH 7DEOH ,, :H IRXQG WKDW WKH FKDQJHV EHWZHHQ
LQVWUXFWLRQV DUH PRUH OLNHO\ WR FDSWXUH PDOLFLRXV EHKDYLRU
,QVSLUHG E\ WKH DSSURDFK SURSRVHG LQ >@ ZH FKRRVH WKH
FRPPRQO\ XVHG LQVWUXFWLRQV DQG VRPH VSHFLDO LQVWUXFWLRQV LQ
 VKHOOFRGH DV WKH NH\ LQVWUXFWLRQ VHW WKH VHOHFWHG FROOHFWLRQ LV
GLVSOD\HG LQ 7DEOH რ 7KHQ WZR LQVWUXFWLRQ DEVWUDFWLRQ
)LJXUH 'HWHFWLRQIUDPHZRUNRIWKHSURSRVHGPHWKRG IHDWXUHVDUHFDOFXODWHGWRHQKDQFHWKHGHWHFWLRQFDSDELOLW\


310

Authorized licensed use limited to: NATIONAL INSTITUTE OF TECHNOLOGY TIRUCHIRAPALLI. Downloaded on March 20,2024 at 13:06:08 UTC from IEEE Xplore. Restrictions apply.
• .H\LQVWUXFWLRQWUDQVIHU,QVWUXFWLRQVHWLVGLYLGHGLQWR DUSO  RU  FPS 
FDWHJRULHVDQGLQVWUXFWLRQVZLWKWKHVDPHRSFRGHRU
VLPLODU IXQFWLRQ DUH JURXSHG WRJHWKHU :H GLVSHUVHGO\ 7$%/(,,, .(<,16758&7,216$1'23&2'(66(7
UHFRUGWKHUHODWLRQVKLSEHWZHHQLQVWUXFWLRQVE\PDWUL[
&ROXPQV FRUUHVSRQG WR WKH NH\ LQVWUXFWLRQV DQG URZV ,QVWUXFWLRQ +H[ ,QVWUXFWLRQ +H[
FRUUHVSRQG WR WKH WUDQVIHU WDUJHW 6R IDU ZH JHW D 029$/, % 386+00 $
WUDQVIHUPDWUL[RIîGLPHQVLRQ 029
 ,1&5 
505  
• .H\ LQVWUXFWLRQ LQWHUYDO 7KH WUDQVIHU PDWUL[ FDQ RQO\ 029
$% '(&5 )
FDSWXUHWKHWUDQVIHUUHODWLRQVKLSRIWKHLQVWUXFWLRQVEXW 550  
WKHORFDWLRQRINH\LQVWUXFWLRQVDUHLJQRUHG7KHUHIRUH 029$;%;, %%%
;25505 
WKHNH\LQVWUXFWLRQLQWHUYDOLVLQWURGXFHGWRLQGLFDWHLWV ;25550 
029&;';, %%'
;25550 
FRPSDFWQHVV $ GLPHQVLRQDO YHFWRU LV FUHDWHG WR
FRXQWWKHLQWHUYDOEHWZHHQDGMDFHQWNH\LQVWUXFWLRQV /($
386+5  '
550
,Q VWDWLF DQDO\VLV ZH RQO\ IRFXV RQ WKH RSFRGH 7KLV FDQ 386+(6&6 (
 
DYRLGWHVWLQJGLVDVVHPEO\ORFDWLRQVDQGWKHFODVVLILHUZLOOKHOS 386+66'6 (
XV WR GR IXUWKHU VXPPDUL]H 0RYH RQH ELW EDFNZDUG IURP D,LPPHGLDWHO\FRXQW0PHPRU\5UHJLVWHU
FXUUHQWSRVLWLRQHDFKWLPHLIFXUUHQWE\WHLVLQNH\RSFRGHVHW 
DQG DGMDFHQW LQVWUXFWLRQV FDQ EH GLVDVVHPEOHG VXFFHVVIXOO\
WKHQWKHVWDWLVWLFDOFKDUDFWHULVWLFVZLOOEHFDOFXODWHG
7KH GHVLJQHG IHDWXUHV RI WKH VKHOOFRGH IUDJPHQW DUH
H[WUDFWHG )LJ  VKRZV WKH VWDWLF IHDWXUHV H[WUDFWLRQ SURFHVV
$IWHUWKDWZHJHWDWRWDORIGLPHQVLRQDOIHDWXUHVHWZKLFK
UHFRUGWKHDEVWUDFWUHODWLRQVKLSEHWZHHQNH\LQVWUXFWLRQV7KHQ
LWLVVHQWWRWKHFRQYROXWLRQDOQHXUDOQHWZRUNIRUMXGJLQJ


D. Convolutional Neural Network Design )LJXUH 6WDWLFIHDWXUHH[WUDFWLRQSURFHVV
3\WRUFKLVFKRVHQWREXLOGRXUWDUJHWQHXUDOQHWZRUNGXHWR
WKH DGYDQWDJHV RI IOH[LELOLW\ VSHHG DQG HDVH RI XVH ,Q WKLV
SDSHUZHXVHDWKUHHGLPHQVLRQDOFRQYROXWLRQQHXUDOQHWZRUN
ZKLFKFRQVLVWVRIFRQYROXWLRQDOOD\HUVDQGIXOO\FRQQHFWHG
OD\HUVWKHVSHFLILFSDUDPHWHUVDUHVKRZQLQ)LJ
:H XVH &URVV(QWURS\/RVV DV WKH ORVV IXQFWLRQ ZKLFK LV
WKHFRPPRQFKRLFHLQELQDU\FODVVLILFDWLRQ$WWKHVDPHWLPH
$6*'LVVHOHFWHGDVWKHRSWLPL]HUDQGOHDYHDOOVHWWLQJVRQWKH
GHIDXOW SDUDPHWHUV 7KH QHXUDO QHWZRUN DFFHSWV D 

GLPHQVLRQDOYHFWRUDVLQSXWDQGRXWSXWVWZRODEHOV EHQLJQRU
PDOLFLRXVWKHEDWFKVL]HLVVHWWR:KLOHWKLVSDSHUGRHVQRW )LJXUH &RQYROXWLRQDOQHXUDOQHWZRUNVWUXFWXUH
VSHQG D ORW RI WLPH DGMXVWLQJ WKH VWUXFWXUH DQG SDUDPHWHUV RI
WKH QHWZRUN ,Q WKH LQLWLDO VWDJH LW LV MXVW XVHG WR WHVW WKH
HIIHFWLYHQHVVRIWKHSURSRVHGPHWKRG ,,, (;3(5,0(17
,QRUGHUWRYHULI\WKHHIIHFWLYHQHVVRIWKHSURSRVHGPHWKRG
7$%/(,, &203$5,6212)7+(0267)5(48(1723&2'(62)7+5(( D ODUJH QXPEHU RI GDWD LV XVHG WR WUDLQ DQG WHVW LQFOXGLQJ
7<3(6$03/(6 PDOLFLRXVVDPSOHVDQGEHQLJQVDPSOHV
3ULQWDEOHGDWD $VFLLGDWD 6KHOOFRGH
A. Dataset
frequency frequency frequency
Opcode Opcode Opcode 7KH GDWD LV IURP PXOWLSOH VRXUFHV VXFK DV ODERUDWRU\
(%) (%) (%)
SXVK  PRY  SXVK  JHQHUDWLRQ QHWZRUN GDWDEDVH DQG GDWD SURYLGHG E\ +RX >@
7KLVSDSHUWDNHVRPHRIWKHGDWDSURYLGHGE\VKHOOVWRUP>@
GHF  SXVK  PRY 
H[SORLWGE>@DQGGRZQORDGWKHODWHVWGDWDIURPWKHZHEVLWH
LQF  SRS  [RU  WRVXSSOHPHQWRXUGDWDVHW)RUWKHUHVWRIWKHPDOLFLRXVGDWD
SRS  [FKJ  SRS  WKHUHDUHRULJLQDOVKHOOFRGHRIWKH/LQX[SODWIRUPFRQWDLQHGLQ
LPXO  %<7(  VXE  WKH 0HWDVSORLW WRRONLW >@ YDULRXV UDQJH RI VKHOOFRGH DUH
LQFOXGHGVXFKDVFRQQHFWEDFNVKHOOFRGHDGGXVHUVKHOOFRGH
%<7(  GHF  DGG 
DQGHJJKXQWVKHOOFRGH)RUJRRGPHDVXUHHQFU\SWHGVDPSOHV
RXWVE  LQF  GHF  SURGXFHE\HQFU\SWLRQHQJLQHVRI06)DUHLQFOXGHG,WDOVR
MQV  VXE  LQF  LQFOXGHV VKHOO H[SORLW FRGH DQG IRUPDW VWULQJ H[SORLW FRGH
LQVE  DGF  LQW 

311

Authorized licensed use limited to: NATIONAL INSTITUTE OF TECHNOLOGY TIRUCHIRAPALLI. Downloaded on March 20,2024 at 13:06:08 UTC from IEEE Xplore. Restrictions apply.
JHQHUDWHGLQWKHURERWYXOQHUDELOLW\PLQLQJFRPSHWLWLRQZKLFK YDOLGDWLRQ WR GHWHUPLQH WKH NHUQHO IXQFWLRQ SDUDPHWHU DQG
KDYHEHHQWHVWHGE\WKHGHPRSURJUDPDQGYHULILHGWREHYDOLG QHXUDOQHWZRUNSDUDPHWHUVLQH[SHULPHQWV
%HQLJQGDWDLVFRQVLVWRIFDWHJRULHVUDQGRP$6&,,GDWD
UDQGRPSULQWDEOHGDWDEHQLJQQHWZRUNWUDIILFDQGGHVLJQHG 7$%/(9, 1(:35(75($70(175(68/7$)7(502',),&$7,21
7\SH %HQLJQGDWD   0DOLFLRXVGDWD  
7$%/(,9 '$7$6(7&20326,7,21 5HVXOW      

'DWD6HW 6RXUFHV 1XPEHU 7$%/(9,, 3(5)250$1&(&203$5,6212))285.(51(/62)/,%690


&UDVKGDWD 1HWZRUN 
%HQLJQ 3ULQWDEOHGDWD 1HWZRUN  1RUPDOL] 7UDLQLQJ 3UHGLFWLRQ 7UDLQLQJ 3UHGLFWLRQ
NHUQHO
GDWD $6&,,GDWD 1HWZRUN  DWLRQ   WLPH V  WLPH V 
5HDOWUDIILF 1HWZRUN 
1R    
6KHOOH[SORLW /DERUDWRU\  
)RUPDWVWULQJ /DERUDWRU\  <HV    
6KHOO6WRUP 1R    
0DOLFLRXV
6KHOOFRGH ([SORLW'DWDEDVH  
GDWD <HV    
0HWD6SORLW
&OHW 1HWZRUN  1R    
$GPPXWDWH 1HWZRUN  
<HV    
1R    
7$%/(9 7+(35(75($70(175(68/7 
<HV    
7\SH %HQLJQGDWD   0DOLFLRXVGDWD  
D/LQHDU3RO\QRPLDO5%)6LJPRLG
5HVXOW      
 ,Q WKH IHDWXUH VHW WKH UDQJH RI WKH HOHPHQWV RI VKHOOFRGH
IUDJPHQW ZDV >@ EXW >@ RI WKH LQWHUYDO DQG WUDQVIHU
GDWD WKDW FDQ FDXVH SURJUDP FUDVKHV 7KH VL]H DQG FRQWHQW RI IHDWXUHVVRPHWLPHVHYHQORZHUVRQRUPDOL]DWLRQZDVXVHGIRU
WKH VDPSOHV DUH QRW IL[HG 7DEOH ,9 VKRZV WKH GHWDLOV RI WKH IXUWKHUH[DPLQDWLRQ
H[SHULPHQWDOVDPSOHV
+RZHYHU JRRG UHVXOWV ZHUH LQFOLQHG WR KDYH QR
7KH VKHOOFRGH REWDLQHG IURP WKH ZHE DQG 06) LV SXUH QRUPDOL]DWLRQ $OWKRXJK WKH WUDLQLQJ WLPH ZDV JUHDWO\
VKHOOFRGH WKDW GRHV QRW FRQWDLQ DQ\ SDGGLQJ GDWD ,Q WKH VKRUWHQHGWKHGHWHFWLRQDELOLW\KDGORVW2QO\WKHOLQHDUNHUQHO
H[SHULPHQWLQRUGHUWREHPRUHUHDOLVWLFE\WHVRIUDQGRP KDG EHWWHU UHVXOW UHDFKLQJ  DFFXUDF\ ZLWK WKH VKRUWHVW
GDWD DUH ILOOHG LQ IURQW RI DQG EHKLQG WKH VKHOOFRGH ZKLOH SUHGLFWLRQWLPH6RLQWKHUHPDLQLQJH[SHULPHQWVZHXVHGWKH
RWKHUVUHPDLQXQFKDQJHG OLQHDUNHUQHOZLWKRXWQRUPDOL]DWLRQ0RUHGHWDLOVFDQEHIRXQG
LQ7DEOHფ
B. Pretreatment
1H[W WKH GHVLJQHG QHXUDO QHWZRUN LV XVHG LQVWHDG RI
,QWKHSURSRVHGPHWKRGSUREHVDUHXVHGWRSUHILOWHULQJWKH /,%690 DQGWRRN WKHDYHUDJH RIWKHUHVXOWVRIVHYHQWLPHV
EHQLJQ GDWD ZKLFK FDQ UHGXFH WKH SUHVVXUH RI GHWHFWRUV DQG 7KHFRPSOHWHWUDLQLQJSURFHVVZDVGUDZQLQ)LJ
LPSURYH HIILFLHQF\ 2QO\ SDUW RI VDPSOHV ZHUH XVHG IRU WKH
ILUVWWLPHVHH7DEOHტ ,Q DERXW WKLUW\ HSRFKV WKH FRQYROXWLRQ QHXUDO QHWZRUN
FRXOG DFKLHYH  WUDLQLQJ DFFXUDF\ DQG WKH SUHGLFWLRQ
7KH UHVXOW VKRZV WKDW RQO\  RI WKH EHQLJQ WUDIILF DFFXUDF\UHDFKHGDQDYHUDJHRI)RUPRUHGHWDLOVWKH
ZHUHILOWHUHGZKLOHWKHYDVW PDMRULW\RI PDOLFLRXVGDWDFRXOG HYDOXDWLRQH[SHULPHQWVZHUHFDUULHGRXWLQQH[WVHFWLRQ
EH VXFFHVVIXOO\ GHWHFWHG 7KH PLVVLQJ SDUW ZHUH VKRUW FRGHV
ZLWK QR VSHFLILF IXQFWLRQ RU VDPSOHV HQFU\SWHG E\ VSHFLDO D. Evaluation and Comparison
HQFU\SWLRQ DOJRULWKPV ZKLFK KDG WKH FKDUDFWHULVWLFV RI
UHSHDWHGVHTXHQFH %HVLGHVWKHPRVWLPSRUWDQWDFFXUDF\ZHDOVRSD\DWWHQWLRQ
WR RWKHU HYDOXDWLRQ PHWKRGV RI PDFKLQH OHDUQLQJ ZKLFK FDQ
$GGLWLRQDOVSHFLILFUHFRJQLWLRQPHFKDQLVPZDVDGGHGWR KHOSXVXQGHUVWDQGWKHFODVVLILFDWLRQSHUIRUPDQFHEHWWHU7KH\
UHGXFH WKH VHQVLWLYLW\ WR UHWXUQ DGGUHVVHV DQG LQFUHDVHV WKH DUH$FFXUDF\3UHFLVLRQ5HFDOODQG)PHDVXUH
UHFRJQLWLRQ DELOLW\ WR PXOWLE\WH UHSHWLWLRQV :KHQ WKH UHSHDW
VL]HRIWKHUHWXUQDGGUHVVZDVQRWIRXUE\WHVWKHPDWFKLQJSDUW
FRXOG QRW EH DOO SULQWDEOH RU WH[W FRQWURO FKDUDFWHUV DQG WKH
GLVWDQFHEHWZHHQWKHUHSHDWHGE\WHVUHPDLQHGWKHVDPH%DVHG
RQWKHDERYHPRGLILFDWLRQVZHREWDLQHGWKHQHZSUHWUHDWPHQW
UHVXOWVDVVKRZQLQ7DEOHუ

C. Classification  

:HILUVWXVHG/,%690FODVVLILHUIRUH[SHULPHQWDQGIRXU )1 )DOVH 1HJDWLYH SRVLWLYH VDPSOH LV GHWHUPLQHG DV
NHUQHOIXQFWLRQVRI/,%690ZHUHWHVWHG$WRWDORIPRUHWKDQ QHJDWLYH VDPSOH )3 )DOVH 3RVLWLYH QHJDWLYH VDPSOH LV
VDPSOHVZHUHXVHGDVWUDLQLQJVDPSOHVDQGDV GHWHUPLQHG DV SRVLWLYH VDPSOH 71 7UXH 1HJDWLYH QHJDWLYH
WHVW VDPSOHV 'XH WR WKH LQVXIILFLHQW VDPSOHV ZH XVHG FURVV

312

Authorized licensed use limited to: NATIONAL INSTITUTE OF TECHNOLOGY TIRUCHIRAPALLI. Downloaded on March 20,2024 at 13:06:08 UTC from IEEE Xplore. Restrictions apply.
VDPSOH LV GHWHUPLQHG DV QHJDWLYH VDPSOH 73 7UXH 3RVLWLYH VXFK FRPSOH[ DWWDFNV LV D GLIILFXOW SRLQW DQG LW LV DOVR WKH
SRVLWLYHVDPSOHLVGHWHUPLQHGDVSRVLWLYHVDPSOH SUREOHPZHZLOOIDFHQH[W
:H XVHG WKHVH DVVHVVPHQW FULWHULD WR HYDOXDWH RXU
FODVVLILHUV DV ZHOO DV WKH 6%( GHWHFWRU >@ EDVHG RQ WKH ,9 &21&/86,216
/LEHPXVLPXODWLRQOLEUDU\DQGVXSSRUWYHFWRUPDFKLQH$V ,QRUGHUWRDYRLGWKHFRQVXPSWLRQRIVLPXODWLRQH[HFXWLRQ
DQG PDLQWDLQ KLJK DFFXUDF\ D QHZ PHWKRG FRPELQLQJ VWDWLF
DQDO\VLV ZLWK FRQYROXWLRQ QHXUDO QHWZRUN LV SURSRVHG LQ WKLV
SDSHU3UREHVDUHILUVWXVHGWRLGHQWLI\VKHOOFRGHIURPQHWZRUN
GXULQJSUHWUHDWPHQW7KHQWZRNLQGVRILQVWUXFWLRQDEVWUDFWLRQ
IHDWXUHVDUHGHVLJQHGWRVXSSRUWRXUDSSURDFKNH\LQVWUXFWLRQ
LQWHUYDODQGNH\LQVWUXFWLRQWUDQVIHU
7KLV LV MXVW D SUHOLPLQDU\ LGHD WKH H[SHULPHQWDO UHVXOWV
SURYH WKH IHDVLELOLW\ RI WKH SURSRVHG PHWKRG ,Q WKH IXWXUH
LPSURYHPHQW SODQ ZH ZLOO SD\ PRUH DWWHQWLRQ WR GHWHFWLRQ
VSHHGDQGWKH)3UDWHVZKLFKLVWKHUHDOOLPLWLQJIDFWRURIDQ\
,'6 ,Q DGGLWLRQ ZH ZLOO DGMXVW WKH GHWHFWRU VWUXFWXUH DQG
RSWLPL]H WKH GHWHFWLRQ DOJRULWKP IRU EHWWHU GHWHFWLRQ
SHUIRUPDQFH

5()(5(1&(6
)LJXUH 7KHWUDLQLQJSURFHVVRIWKHFRQYROXWLRQDOQHXUDOQHWZRUN >@ 5RHVFK 0 6QRUW  /LJKWZHLJKW ,QWUXVLRQ 'HWHFWLRQ IRU 1HWZRUNV >-@
 3URFXVHQL[6\VWHP$GPLQLVWUDWLRQ&RQI
>@ 3DVXSXODWL $ &RLW - /HYLWW . HW DO %XWWHUFXS 2Q QHWZRUNEDVHG
GHWHFWLRQ RI SRO\PRUSKLF EXIIHU RYHUIORZ YXOQHUDELOLWLHV>&@ 1HWZRUN
2SHUDWLRQV 0DQDJHPHQW6\PSRVLXP,(((
>@ 5&KLQFKDQLDQG(YDQGHQ%HUJ³$)DVW6WDWLF$QDO\VLV$SSURDFKWR
'HWHFW ([SORLW &RGH ,QVLGH 1HWZRUN )ORZV´ LQ 3URF 5DLG 

>@ %D\HU 8 0RVHU $ .UXHJHO & HW DO '\QDPLF $QDO\VLV RI 0DOLFLRXV
&RGH>-@-RXUQDOLQ&RPSXWHU9LURORJ\  
>@ 7RWK 7 .UXHJHO & $FFXUDWH EXIIHU RYHUIORZ GHWHFWLRQ YLD DEVWUDFW
SD\ORDGH[HFXWLRQ>&@,QWHUQDWLRQDO&RQIHUHQFHRQ5HFHQW$GYDQFHVLQ
,QWUXVLRQ'HWHFWLRQ6SULQJHU9HUODJ
>@ 03RO\FKURQDNLV㸪.*$QDJQRVWDNLV (YDQJHORV30DUNDWRV1HWZRUN
/HYHO 3RO\PRUSKLF 6KHOOFRGH 'HWHFWLRQ 8VLQJ (PXODWLRQ 6SULQJHU
%HUOLQ+HLGHOEHUJ

>@ ' /XNDQ ³6KHOOFRGH GHWHFWLRQ DQG HPXODWLRQ ZLWK OLEHPX´
)LJXUH (YDOXDWLRQRIWKHWKUHHPHWKRGV KWWSUHVR XUFHVLQIRVHFLQVWLWXWHFRPVKHOOFRGHGHWHFWLRQHPXODWLRQ
OLEHPX

>@ +RX<=KXJH-:;LQ'HWDO6%(í$3UHFLVH6KHOOFRGH'HWHFWLRQ
VKRZQ LQ )LJ  FRPSDUHG ZLWK 6%( DOWKRXJK RXU IDOVH (QJLQH %DVHG RQ (PXODWLRQ DQG 6XSSRUW 9HFWRU 0DFKLQH>&@
SRVLWLYHUDWHZDVKLJKHUWKHSUHWUHDWPHQWKDGILOWHUHGPRVWRI ,QWHUQDWLRQDO&RQIHUHQFHRQ,QIRUPDWLRQ6HFXULW\3UDFWLFH ([SHULHQFH
WKHEHQLJQGDWD7KHIDOVHDODUPUDWHRI6%(ZDVDOPRVW]HUR 6SULQJHU&KDP
EXWWKHUHFRJQLWLRQRISODLQVKHOOFRGHZDVQRWYHU\JRRG:H >@ 2QRWX 3 'D\' 5RGULJXHV 0 $ $FFXUDWH VKHOOFRGH UHFRJQLWLRQ IURP
QHWZRUN WUDIILF GDWD XVLQJ DUWLILFLDO QHXUDO QHWV>&@ (OHFWULFDO DQG
FRXOG DOVR NQHZ WKDW WKH SHUIRUPDQFH RI WKH FRQYROXWLRQDO &RPSXWHU(QJLQHHULQJ,(((
QHXUDOQHWZRUNVZDVEHWWHUWKDQ/,%690 >@ 7LDQOLDQJ / /X = <L[LDQ ) $ 1RYHO ,PPXQH,QVSLUHG 6KHOOFRGH
'HWHFWLRQ $OJRULWKP %DVHG RQ +\SHUHOOLSVRLG 'HWHFWRUV >-@ 6HFXULW\
E. Result DQG&RPPXQLFDWLRQ1HWZRUNV
([SHULPHQWV VKRZ WKDW WKH SUHWUHDWPHQW SHUIRUPDQFH >@ 7 'HWULVWDQ 7 8OHQVSLHJHO < 0DOFRP DQG 0 8QGHUGXN
³3RO\PRUSKLF6KHOOFRGH(QJLQH8VLQJ6SHFWUXP$QDO\VLV´3KUDFN9RO
LQFUHDVHGWRZKLFKFDQJUHDWO\UHGXFHWKHIDOVHDODUP 1R
UDWH EXW KDUGO\ FDXVH PLVVLQJ DODUP ZKLOH WKHUH LV URRP IRU >@ %LODU ' 6WDWLVWLFDO 6WUXFWXUHV )LQJHUSULQWLQJ PDOLFLRXV FRGH WKURXJK
IXUWKHU LPSURYHPHQW 7KURXJK WKH FRQYROXWLRQDO QHXUDO VWDWLVWLFDORSFRGHDQDO\VLVUG,QWHUQDWLRQDO&RQIHUHQFHRQ*OREDO(
QHWZRUNWKHGHWHFWRUUHDFKHVDQDYHUDJHDFFXUDF\RI 6HFXULW\,&*H6  
ZKLFKSURYHVWKHHIIHFWLYHQHVVRIWKHSURSRVHGPHWKRG >@ =KDR = $KQ * - 8VLQJ LQVWUXFWLRQ VHTXHQFH DEVWUDFWLRQ IRU VKHOOFRGH
GHWHFWLRQ DQG DWWULEXWLRQ>&@ &RPPXQLFDWLRQV  1HWZRUN 6HFXULW\
+RZHYHU RXU PHWKRG DOVR KDV VRPH GUDZEDFNV 7KLV ,(((
DSSURDFK KDV JUHDW UHTXLUHPHQWV IRU WKH FRPSOHWHQHVV RI WKH >@ 6DOZDQ-6KHOOVWRUPKWWSZZZVKHOOVWRUPRUJ
SUREH OLEUDU\ ,W GRHV QRW VKRZ D SDUWLFXODUO\ SHUIHFW >@ 2IIHQVLYH6HFXULW\([SORLW'%KWWSZZZH[SORLWGEFRP
SHUIRUPDQFH GXH WR VWDWLF DQDO\VLV ZKLFK QHHGV WR EH IXUWKHU >@ 0HWDVSORLWSURMHFW  KWWSZZZPHWDVSORLWFRP
VWUHQJWKHQHG :LWK WKH GHYHORSPHQW RI LQWUXVLRQ WHFKQRORJ\ 
PRUHDGYDQFHGFRQIXVLRQDQGWHFKQLTXHVZLOOHPHUJH6ROYLQJ

313

Authorized licensed use limited to: NATIONAL INSTITUTE OF TECHNOLOGY TIRUCHIRAPALLI. Downloaded on March 20,2024 at 13:06:08 UTC from IEEE Xplore. Restrictions apply.

You might also like