Semantic malware classification using convolutional neural networks

Author:

Martins Eliel1,Santana Ricardo1,Higuera Javier Bermejo2,Higuera Juan Ramón Bermejo2,Montalvo Juan Antonio Sicilia2

Affiliation:

1. Systems Development Center, Braziliam Army

2. Universidad Internacional De La Rioja

Abstract

Abstract This paper addresses malware classification into families using static analysis and a convolutional neural network through raw bytes. Previous research indicates that machine learning is an interesting approach to malware classification. The neural network used was based on the proposed Malconv, a convolutional neural network used for malware classification by training the network with the whole binary. Minor modifications were made to get better results and apply them to a multi-classification problem. Four models were trained with data extracted from Portable Executable malware samples labeled into nine families.These data were extracted in two ways: according to the semantic variation of bytes and using the entire file. The trained models were used for testing to check generality. The results from these four proposed models were compared and analyzed against models trained according to similar research. We concluded that the header is the most important part of a PE for malware identification purposes.

Publisher

Research Square Platform LLC

Reference72 articles.

1. Ricardo Sant'Ana. Explicabilidade em Arquiteturas de Aprendizado Profundo para An álise de Malware. Tese (doutorado), 2020, Instituto Militar de Engenharia

2. Llaurad{\'o}, Daniel Gibert. Convolutional neural networks for malware classification. Universitat Polit{\`e}cnica de Catalunya. Facultat d'Inform{\`a}tica de Barcelona, 2016

3. Wei Zhong and Feng Gu (2019) A multi-level deep learning system for malware detection. Expert Systems with Applications 133: 151-162 https://doi.org/https://doi.org/10.1016/j.eswa.2019.04.064, , Malware detection, Deep learning, Multi-level clustering algorithm, Convolutional neural network, Recurrent neural network, Model construction time, https://www.sciencedirect.com/science/article/pii/S0957417419303008, 0957-4174

4. Raff, Edward and Barker, Jon and Sylvester, Jared and Brandon, Robert and Catanzaro, Bryan and Nicholas, Charles. Malware Detection by Eating a Whole EXE. arXiv.org perpetual, non-exclusive license, 2017, arXiv, Machine Learning (stat.ML), Cryptography and Security (cs.CR), Machine Learning (cs.LG), FOS: Computer and information sciences, FOS: Computer and information sciences, https://arxiv.org/abs/1710.09435, 10.48550/ARXIV.1710.09435

5. Raff, Edward and Sylvester, Jared and Nicholas, Charles (2017) Learning the pe header, malware detection with minimal domain knowledge. 121--132, Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security

同舟云学术

1.学者识别学者识别

2.学术分析学术分析

3.人才评估人才评估

"同舟云学术"是以全球学者为主线,采集、加工和组织学术论文而形成的新型学术文献查询和分析系统,可以对全球学者进行文献检索和人才价值评估。用户可以通过关注某些学科领域的顶尖人物而持续追踪该领域的学科进展和研究前沿。经过近期的数据扩容,当前同舟云学术共收录了国内外主流学术期刊6万余种,收集的期刊论文及会议论文总量共计约1.5亿篇,并以每天添加12000余篇中外论文的速度递增。我们也可以为用户提供个性化、定制化的学者数据。欢迎来电咨询!咨询电话:010-8811{复制后删除}0370

www.globalauthorid.com

TOP

Copyright © 2019-2024 北京同舟云网络信息技术有限公司
京公网安备11010802033243号  京ICP备18003416号-3