Affiliation:
1. Department of Computer Science, Hanyang University, Wangshimriro 222, Seongdong-gu, Seoul 04763, Republic of Korea
Abstract
With the increasing use of sophisticated obfuscation techniques, malware detection remains a critical challenge in cybersecurity. This paper introduces a novel deep learning approach to classify malware obfuscated by virtual machine (VM) code. We specifically explore the application of depth-wise convolutional neural networks (CNNs) combined with a spatial attention mechanism to tackle VM-protected cybersecurity datasets. To address the scarcity of obfuscated malware samples, the dataset was generated using VMProtect to ensure the models were trained on real examples of modern obfuscated malware. The effectiveness of our approach is demonstrated through extensive experiments on both regular malware and obfuscated malware, where our model achieved accuracies of nearly 100% and 93.55% in classifying the regular malware and the obfuscated malware, respectively.
Reference29 articles.
1. Liu, Z., Zheng, D., Wu, X., Chen, J., Tang, X., and Ran, Z. (2021, January 19–23). VABox: A virtualization-based analysis framework of virtualization-obfuscated packed executables. Proceedings of the 7th International Conference of the Advances in Artificial Intelligence and Security (ICAIS 2021), Dublin, Ireland. Proceedings, Part III 7.
2. VMProtect operation principle analysis and automatic deobfuscation implementation;Bang;J. Korea Inst. Inf. Secur. Cryptol.,2020
3. Li, S., Jia, C., Qiu, P., Chen, Q., Ming, J., and Gao, D. (2022, January 24–28). Chosen-instruction attack against commercial code virtualization obfuscators. Proceedings of the 29th Network and Distributed System Security Symposium, San Diego, CA, USA.
4. Research on Software Protection Technology Based on Driver;Zhu;Am. J. Inf. Sci. Technol.,2020
5. Lee, G., Kim, M., Yi, J.H., and Cho, H. (2024). Pinicorn: Towards Automated Dynamic Analysis for Unpacking 32-Bit PE Malware. Electronics, 13.