Obfuscated malware detection using dilated convolutional network
The result's identifiers
Result code in IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26220%2F22%3APU146547" target="_blank" >RIV/00216305:26220/22:PU146547 - isvavai.cz</a>
Result on the web
<a href="https://ieeexplore.ieee.org/abstract/document/9943443" target="_blank" >https://ieeexplore.ieee.org/abstract/document/9943443</a>
DOI - Digital Object Identifier
<a href="http://dx.doi.org/10.1109/ICUMT57764.2022.9943443" target="_blank" >10.1109/ICUMT57764.2022.9943443</a>
Alternative languages
Result language
angličtina
Original language name
Obfuscated malware detection using dilated convolutional network
Original language description
Nowadays, information security is a critical field of research since information technologies develop rapidly. Consequently, the possible attacks are also evolving. One of the problems is malware detection. There is no doubt that many antivirus software can catch most cases. However, it is important to remember that such software is one step behind the malware. Here we introduce artificial intelligence that can help to detect obfuscated malware in memory. Modern architectures of a neural network can detect even unknown malware and distinguish whether there is something malicious or not. This paper deals with the problem of the detection of obfuscated malware in memory. Most existing approaches use custom datasets or Microsoft Malware Classification Challenge dataset (BIG2015). However, we applied the latest dataset CIC-MalMem-2022, which reflects the current state of technologies. This dataset contains samples with benign and malware cases. Additionally, the authors provided the family and type of malware, so it is possible to perform advanced experiments. This paper provides techniques for the detection and classification of malware from given memory information. Firstly, the traditional machine learning methods are tested with optimisation techniques; secondly, the dilated convolutional network is proposed. According to the results, the detection by all methods has an accuracy of 0.99. However, the most accurate is a random forest. On the other hand, the proposed neural network architecture is the best for classifying the malware family and has achieved an accuracy of 0.83.
Czech name
—
Czech description
—
Classification
Type
D - Article in proceedings
CEP classification
—
OECD FORD branch
20203 - Telecommunications
Result continuities
Project
<a href="/en/project/FW03010273" target="_blank" >FW03010273: Defectoscopy of painted parts using automatic adaptation of neural networks</a><br>
Continuities
P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)
Others
Publication year
2022
Confidentiality
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Data specific for result type
Article name in the collection
2022 14th International Congress on Ultra Modern Telecommunications and Control Systems and Workshops (ICUMT)
ISBN
979-8-3503-9866-3
ISSN
—
e-ISSN
—
Number of pages
6
Pages from-to
110-115
Publisher name
IEEE
Place of publication
Valencia, Spain
Event location
Valencia, Spain
Event date
Oct 11, 2022
Type of event by nationality
WRD - Celosvětová akce
UT code for WoS article
—