Obfuscated malware detection using dilated convolutional network
Identifikátory výsledku
Kód výsledku v IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26220%2F22%3APU146547" target="_blank" >RIV/00216305:26220/22:PU146547 - isvavai.cz</a>
Výsledek na webu
<a href="https://ieeexplore.ieee.org/abstract/document/9943443" target="_blank" >https://ieeexplore.ieee.org/abstract/document/9943443</a>
DOI - Digital Object Identifier
<a href="http://dx.doi.org/10.1109/ICUMT57764.2022.9943443" target="_blank" >10.1109/ICUMT57764.2022.9943443</a>
Alternativní jazyky
Jazyk výsledku
angličtina
Název v původním jazyce
Obfuscated malware detection using dilated convolutional network
Popis výsledku v původním jazyce
Nowadays, information security is a critical field of research since information technologies develop rapidly. Consequently, the possible attacks are also evolving. One of the problems is malware detection. There is no doubt that many antivirus software can catch most cases. However, it is important to remember that such software is one step behind the malware. Here we introduce artificial intelligence that can help to detect obfuscated malware in memory. Modern architectures of a neural network can detect even unknown malware and distinguish whether there is something malicious or not. This paper deals with the problem of the detection of obfuscated malware in memory. Most existing approaches use custom datasets or Microsoft Malware Classification Challenge dataset (BIG2015). However, we applied the latest dataset CIC-MalMem-2022, which reflects the current state of technologies. This dataset contains samples with benign and malware cases. Additionally, the authors provided the family and type of malware, so it is possible to perform advanced experiments. This paper provides techniques for the detection and classification of malware from given memory information. Firstly, the traditional machine learning methods are tested with optimisation techniques; secondly, the dilated convolutional network is proposed. According to the results, the detection by all methods has an accuracy of 0.99. However, the most accurate is a random forest. On the other hand, the proposed neural network architecture is the best for classifying the malware family and has achieved an accuracy of 0.83.
Název v anglickém jazyce
Obfuscated malware detection using dilated convolutional network
Popis výsledku anglicky
Nowadays, information security is a critical field of research since information technologies develop rapidly. Consequently, the possible attacks are also evolving. One of the problems is malware detection. There is no doubt that many antivirus software can catch most cases. However, it is important to remember that such software is one step behind the malware. Here we introduce artificial intelligence that can help to detect obfuscated malware in memory. Modern architectures of a neural network can detect even unknown malware and distinguish whether there is something malicious or not. This paper deals with the problem of the detection of obfuscated malware in memory. Most existing approaches use custom datasets or Microsoft Malware Classification Challenge dataset (BIG2015). However, we applied the latest dataset CIC-MalMem-2022, which reflects the current state of technologies. This dataset contains samples with benign and malware cases. Additionally, the authors provided the family and type of malware, so it is possible to perform advanced experiments. This paper provides techniques for the detection and classification of malware from given memory information. Firstly, the traditional machine learning methods are tested with optimisation techniques; secondly, the dilated convolutional network is proposed. According to the results, the detection by all methods has an accuracy of 0.99. However, the most accurate is a random forest. On the other hand, the proposed neural network architecture is the best for classifying the malware family and has achieved an accuracy of 0.83.
Klasifikace
Druh
D - Stať ve sborníku
CEP obor
—
OECD FORD obor
20203 - Telecommunications
Návaznosti výsledku
Projekt
<a href="/cs/project/FW03010273" target="_blank" >FW03010273: Defektoskopie lakovaných dílů s pomocí automatické adaptace neuronových sítí</a><br>
Návaznosti
P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)
Ostatní
Rok uplatnění
2022
Kód důvěrnosti údajů
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Údaje specifické pro druh výsledku
Název statě ve sborníku
2022 14th International Congress on Ultra Modern Telecommunications and Control Systems and Workshops (ICUMT)
ISBN
979-8-3503-9866-3
ISSN
—
e-ISSN
—
Počet stran výsledku
6
Strana od-do
110-115
Název nakladatele
IEEE
Místo vydání
Valencia, Spain
Místo konání akce
Valencia, Spain
Datum konání akce
11. 10. 2022
Typ akce podle státní příslušnosti
WRD - Celosvětová akce
Kód UT WoS článku
—