CNN based zero-day malware detection using small binary segments

被引:5
|
作者
Wen, Qiaokun [1 ]
Chow, K. P. [1 ]
机构
[1] Univ Hong Kong, Hong Kong, Peoples R China
关键词
Malware detection; Malware segments detection; CNN;
D O I
10.1016/j.fsidi.2021.301128
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Malware detection is always an important task in digital forensics. With the advancement of technology, malware have become more and more polymorphic. In the process of digital investigation, forensics always cannot get the entire file of the malware. For example, when conducting corporate cybersecurity forensics, because the limit length of network packages, packets capture tools established by different companies often fail to get the entire file. Otherwise, deleting files may also cause residues of malware segments. Because we even do not know which part the segment we get is, so, we cannot use much domain knowledge to do the detection. Therefore, this paper proposes to detect malwares according to very small binary fragments of PE files by using a CNN-based model. Datasets especially test set are often one of the most difficult problems in zero-day malware detection, because it means that the virus has never appeared before. In this paper, we collect the data by taking advantage of the differences in antivirus tools at different time points. The experiments are performed on malwares of different lengths, positions, and combinations. Through experiments, we found that only a short segment is needed to achieve a relatively good accuracy. In the end, for a random piece of continuous malicious code, we achieved an accuracy of up to 0.86 when the length of continuous fragments is 60,000 bytes. For noncontiguous and unordered random pieces of malicious code, we get an accuracy of up to 0.83 using only 1024 bytes (1 KB) length fragments. And when using 60,000 bytes length fragment as the baseline, we can finally receive a 0.91 accuracy. (c) 2021 The Authors. Published by Elsevier Ltd. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/).
引用
收藏
页数:7
相关论文
共 50 条
  • [1] Zero-Day Malware Detection
    Gandotra, Ekta
    Bansal, Divya
    Sofat, Sanjccv
    2016 SIXTH INTERNATIONAL SYMPOSIUM ON EMBEDDED COMPUTING AND SYSTEM DESIGN (ISED 2016), 2016, : 171 - 175
  • [2] Zero-Day Malware Classification and Detection Using Machine Learning
    Kumar J.
    Rajendran B.
    Sudarsan S.D.
    SN Computer Science, 5 (1)
  • [3] Detection of Zero-day Malware Based on the Analysis of Opcode Sequences
    Zolotukhin, Mikhail
    Hamalainen, Timo
    2014 IEEE 11TH CONSUMER COMMUNICATIONS AND NETWORKING CONFERENCE (CCNC), 2014,
  • [4] Big Data Framework for Zero-Day Malware Detection
    Gupta, Deepak
    Rani, Rinkle
    CYBERNETICS AND SYSTEMS, 2018, 49 (02) : 103 - 121
  • [5] Automated, Reliable Zero-Day Malware Detection Based on Autoencoding Architecture
    Kim, Chiho
    Chang, Sang-Yoon
    Kim, Jonghyun
    Lee, Dongeun
    Kim, Jinoh
    IEEE TRANSACTIONS ON NETWORK AND SERVICE MANAGEMENT, 2023, 20 (03): : 3900 - 3914
  • [6] Use of Data Visualisation for Zero-Day Malware Detection
    Venkatraman, Sitalakshmi
    Alazab, Mamoun
    SECURITY AND COMMUNICATION NETWORKS, 2018,
  • [7] Anomaly Detection of Zero-Day Attacks Based on CNN and Regularization Techniques
    Ibrahim Hairab, Belal
    Aslan, Heba K.
    Elsayed, Mahmoud Said
    Jurcut, Anca D.
    Azer, Marianne A.
    ELECTRONICS, 2023, 12 (03)
  • [8] Zero-day Malware Detection using Threshold-free Autoencoding Architecture
    Kim, Chiho
    Chang, Sang-Yoon
    Kim, Jonghyun
    Lee, Dongeun
    Kim, Jinoh
    2021 IEEE INTERNATIONAL CONFERENCE ON BIG DATA (BIG DATA), 2021, : 1279 - 1284
  • [9] A survey of zero-day malware attacks and its detection methodology
    Radhakrishnan, Kiran
    Menon, Rajeev R.
    Nath, Hiran V.
    PROCEEDINGS OF THE 2019 IEEE REGION 10 CONFERENCE (TENCON 2019): TECHNOLOGY, KNOWLEDGE, AND SOCIETY, 2019, : 533 - 539
  • [10] Zero-day malware detection using transferred generative adversarial networks based on deep autoencoders
    Kim, Jin-Young
    Bu, Seok-Jun
    Cho, Sung-Bae
    INFORMATION SCIENCES, 2018, 460 : 83 - 102