Disarming visualization-based approaches in malware detection systems

Disarming visualization-based approaches in malware detection systems

Visualization-based approaches have recently been used in conjunction with signature-based techniques to detect variants of malware files. Indeed, it is sufficient to modify some byte of executable files to modify the signature and, thus, to elude a signature-based detector. In this paper, we design...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Computers & security 2023-03, Vol.126, p.103062, Article 103062
Hauptverfasser: Saidia Fascí, Lara, Fisichella, Marco, Lax, Gianluca, Qian, Chenyi
Format: Artikel
Sprache:eng
Schlagworte:
Deep learning
GAN
Machine learning
Malware classification
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Visualization-based approaches have recently been used in conjunction with signature-based techniques to detect variants of malware files. Indeed, it is sufficient to modify some byte of executable files to modify the signature and, thus, to elude a signature-based detector. In this paper, we design a GAN-based architecture that allows an attacker to generate variants of a malware in which the malware patterns found by visualization-based approaches are hidden, thus producing a new version of the malware that is not detected by both signature-based and visualization-based techniques. The experiments carried out on a well-known malware dataset show a success rate of 100% in generating new variants of malware files that are not detected from the state-of-the-art visualization-based technique.
ISSN:0167-4048
1872-6208
DOI:10.1016/j.cose.2022.103062