• Title/Summary/Keyword: EMBER2018

Search Result 1, Processing Time 0.014 seconds

Bidirectional LSTM based light-weighted malware detection model using Windows PE format binary data (윈도우 PE 포맷 바이너리 데이터를 활용한 Bidirectional LSTM 기반 경량 악성코드 탐지모델)

  • PARK, Kwang-Yun;LEE, Soo-Jin
    • Journal of Internet Computing and Services
    • /
    • v.23 no.1
    • /
    • pp.87-93
    • /
    • 2022

  • Since 99% of PCs operating in the defense domain use the Windows operating system, detection and response of Window-based malware is very important to keep the defense cyberspace safe. This paper proposes a model capable of detecting malware in a Windows PE (Portable Executable) format. The detection model was designed with an emphasis on rapid update of the training model to efficiently cope with rapidly increasing malware rather than the detection accuracy. Therefore, in order to improve the training speed, the detection model was designed based on a Bidirectional LSTM (Long Short Term Memory) network that can detect malware with minimal sequence data without complicated pre-processing. The experiment was conducted using the EMBER2018 dataset, As a result of training the model with feature sets consisting of three type of sequence data(Byte-Entropy Histogram, Byte Histogram, and String Distribution), accuracy of 90.79% was achieved. Meanwhile, it was confirmed that the training time was shortened to 1/4 compared to the existing detection model, enabling rapid update of the detection model to respond to new types of malware on the surge.

  • https://doi.org/10.7472/jksii.2022.23.1.87 인용 PDF KSCI HTML