DOI QR코드

DOI QR Code

Malware Classification using Dynamic Analysis with Deep Learning

  • Asad Amin (FAST-National University of Computer and Emerging Sciences) ;
  • Muhammad Nauman Durrani (FAST-National University of Computer and Emerging Sciences) ;
  • Nadeem Kafi (FAST-National University of Computer and Emerging Sciences) ;
  • Fahad Samad (FAST-National University of Computer and Emerging Sciences) ;
  • Abdul Aziz (FAST-National University of Computer and Emerging Sciences)
  • Received : 2023.08.05
  • Published : 2023.08.30

Abstract

There has been a rapid increase in the creation and alteration of new malware samples which is a huge financial risk for many organizations. There is a huge demand for improvement in classification and detection mechanisms available today, as some of the old strategies like classification using mac learning algorithms were proved to be useful but cannot perform well in the scalable auto feature extraction scenario. To overcome this there must be a mechanism to automatically analyze malware based on the automatic feature extraction process. For this purpose, the dynamic analysis of real malware executable files has been done to extract useful features like API call sequence and opcode sequence. The use of different hashing techniques has been analyzed to further generate images and convert them into image representable form which will allow us to use more advanced classification approaches to classify huge amounts of images using deep learning approaches. The use of deep learning algorithms like convolutional neural networks enables the classification of malware by converting it into images. These images when fed into the CNN after being converted into the grayscale image will perform comparatively well in case of dynamic changes in malware code as image samples will be changed by few pixels when classified based on a greyscale image. In this work, we used VGG-16 architecture of CNN for experimentation.

Keywords

References

  1. McAfee LabsTreats Report in June 2017," https://www.mcafee.com/us/resources/reports/rp quarterly threats jun 2017.pdf 
  2. Cesare, S., Xiang, Y. and Zhou, W., 2012. Malwise an effective and efficient classification system for packed and polymorphic malware. IEEE Transactions on Computers, 62(6), pp.1193 1206. 
  3. Wood, P., Nahorney, B., Chandrasekar, K., Wallace, S. and Haley, K., 2016. Symantec internet security threat report. Symantec Corporation, Tech. Rep., 21. 
  4. Griffin, K., Schneider, S., Hu, X. and Chiueh, T.C., 2009, September. Automatic generation of string signatures for malware detection. In International workshop on recent advances in intrusion detection (pp. 101 120). Springer, Berlin, Heidelberg. 
  5. Burguera, I., Zurutuza, U. and Nadjm Tehrani, S., 2011, October. Crowdroid: behavior based malware detection system for android. In Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices (pp. 15 26). ACM. 
  6. You, I. and Yim, K., 2010, November. Malware obfuscation techniques: A brief survey. In 2010 International conference on broadband, wireless computing, communication and applications (pp. 297 300). IEEE. 
  7. Greamo, C. and Ghosh, A., 2011. Sandboxing and virtualization: Modern tools for combating malware. IEEE Security & Privacy, 9(2), pp.79 82. 
  8. You, I. and Yim, K., 2010, November. Malware obfuscation techniques: A brief survey. In 2010 International conference on broadband, wireless computing, communication and applications (pp. 297 300). IEEE. 
  9. Nataraj, L., Karthikeyan, S., Jacob, G. and Manjunath, B.S., 2011, July. Malware images: visualization and automatic classification. In Proceedings of the 8th international symposium on visualization for cyber security (p. 4). ACM.
  10. Shaid, S.Z.M. and Maarof, M.A., 2014, August. Malware behavior image for malware variant identification. In 2014 International Symposium on Biometrics and Security Technologies (ISBAST) (pp. 238 243). IEEE. 
  11. Alazab, Mamoun, Sitalakshmi Venkatraman, Paul Watters, and Moutaz Alazab. "Zero day malware detection based on supervised learning algorithms of API call signatures." In Proceedings of the Ninth Australasian Data Mining Conference Volume 121, pp. 171-182. Australian Computer Society, Inc., 2011. 
  12. Iwamoto, Kazuki, and Katsumi Wasaki. "Malware classification based on extracted api sequences using static analysis." In Proceedings of the Asian Internet Engineering Conference, pp. 31 38. ACM, 2012.