An investigation of a deep learning based malware detection system

Sewak, Mohit; Sahay, Sanjay K.; Rathore, Hemant

doi:10.1145/3230833.3230835

Cited by 39 publications

(27 citation statements)

References 17 publications

(17 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The original opcode frequency vector of each file was preserved for comparison with that of the final obfuscated variant as produced by the ADRLMMG and the resultant de-obfuscated version of each of the obfuscated variant as produced by the DRLDO systems. We choose the IDS system (including the pre-processing, feature selection and transformation and the classification subsystems) as developed by [15][16][17] to augment it with Zero-Day-Defense 18 capabilities against metamorphic malware attack using the DRLDO system. The selected IDS had claimed to provide the best performance (with a combination of the highest accuracy accompanied with a very low false positive rates) over a standardised malware data 7 with mixed types and generation of malware.…”

Section: Training Data and Ids Usedmentioning

confidence: 99%

DRLDO A Novel DRL based De obfuscation System for Defence Against Metamorphic Malware

2021

Self Cite

View full text Add to dashboard Cite

In this paper, we propose a novel mechanism to normalise metamorphic and obfuscated malware down at the opcode level and hence create an advanced metamorphic malware de-obfuscation and defence system. We name this system as DRLDO, for deep reinforcement learning based de-obfuscator. With the inclusion of the DRLDO as a sub-component, an existing Intrusion Detection System could be augmented with defensive capabilities against ‘zero-day’ attack from obfuscated and metamorphic variants of existing malware. This gains importance, not only because there exists no system till date that use advance DRL to intelligently and automatically normalise obfuscation down even to the opcode level, but also because the DRLDO system does not mandate any changes to the existing IDS. The DRLDO system does not even mandate the IDS’ classifier to be retrained with any new dataset containing obfuscated samples. Hence DRLDO could be easily retrofitted into any existing IDS deployment. We designed, developed, and conducted experiments on the system to evaluate the same against multiple-simultaneous attacks from obfuscations generated from malware samples from a standardised dataset that contain multiple generations of malware. Experimental results prove that DRLDO was able to successfully make the otherwise undetectable obfuscated variants of the malware detectable by an existing pre-trained malware classifier. The detection probability was raised well above the cut-off mark to 0.6 for the classifier to detect the obfuscated malware unambiguously. Further, the de-obfuscated variants generated by DRLDO achieved a very high correlation (of ≈ 0.99) with the base malware. This observation validates that the DRLDO system is actually learning to de-obfuscate and not exploiting a trivial trick.

show abstract

Section: Training Data and Ids Usedmentioning

confidence: 99%

DRLDO A Novel DRL based De obfuscation System for Defence Against Metamorphic Malware

2021

Self Cite

View full text Add to dashboard Cite

show abstract

“…Two phases are utilized in this framework, pre training and fine tuning. Various methods based on AE and DNN were proposed for malware detection in [293]. The performance f these architectures were evaluated on Malicia dataset and the proposed method performed better than the feature engineering based method.…”

Section: ) Deep Neural Network (Dnn)mentioning

confidence: 99%

A Comprehensive Tutorial and Survey of Applications of Deep Learning for Cyber Security

Ravi¹,

Alazab²,

Sriram³

et al. 2020

Preprint

View full text Add to dashboard Cite

show abstract

“…Opcode sequences or assembly sequences are used by several researches to learn and detect malicious functionalities in the executable files [3,4,16,19].…”

Section: Assembly Sequences Extractionmentioning

confidence: 99%

A Survey of Malware Detection Techniques based on Machine Learning

Merabet¹,

Hajraoui²

2019

ijacsa

View full text Add to dashboard Cite

Diverse malware programs are set up daily focusing on attacking computer systems without the knowledge of their users. While some authors of these programs intend to steal secret information, others try quietly to prove their competence and aptitude. The traditional signature-based static technique is primarily used by anti-malware programs in order to counter these malicious codes. Although this technique excels at blocking known malware, it can never intercept new ones. The dynamic technique, which is often based on running the executable on a virtual environment, may be introduced by a number of anti-malware programs. The major drawbacks of this technique are the long period of scanning and the high consumption of resources. Nowadays, recent programs may utilize a third technique. It is the heuristic technique based on machine learning, which has proven its success in several areas based on the processing of huge amounts of data. In this paper we provide a survey of available researches utilizing this latter technique to counter cyber-attacks. We explore the different training phases of machine learning classifiers for malware detection. The first phase is the extraction of features from the input files according to previously chosen feature types. The second phase is the rejection of less important features and the selection of the most important ones which better represent the data contained in the input files. The last phase is the injection of the selected features in a chosen machine learning classifier, so that it can learn to distinguish between benign and malicious files, and give accurate predictions when confronted to previously unseen files. The paper ends with a critical comparison between the studied approaches according to their performance in malware detection.

show abstract

An investigation of a deep learning based malware detection system

Cited by 39 publications

References 17 publications

DRLDO A Novel DRL based De obfuscation System for Defence Against Metamorphic Malware

DRLDO A Novel DRL based De obfuscation System for Defence Against Metamorphic Malware

A Comprehensive Tutorial and Survey of Applications of Deep Learning for Cyber Security

A Survey of Malware Detection Techniques based on Machine Learning

Contact Info

Product

Resources

About