Authors:
Anantha Rao Chukka
1
and
V. Susheela Devi
2
Affiliations:
1
Defence Research and Development Organisation, India
;
2
Indian Institute of Science, Bengaluru, Karnataka, 560012, India
Keyword(s):
Malware Detection, Deep Learning Models, Convolutional Neural Networks, Malware Analysis, Portalble Executable, Advanced Persistent Threats.
Abstract:
Modern day cyberattacks are complex in nature. These attacks have adverse effects like loss of privacy, intellectual property and revenue on the victim institutions. These attacks have sophisticated payloads like ransom-ware for money extortion, distributed denial of service(DDOS) malware for service disruptions and advanced persistent threat(APT) malware to posses complete control over the victims computing resources. These malware are metamorphic and polymorphic in nature and contains root-kit components to maintain stealth and hide their malicious activity. So conventional defence mechanisms like rule-based and signature based mechanisms fail to detect these malware. Modern approaches use behavioural analysis(static analysis, dynamic analysis) to identity this kind of malware. However behavioural analysis process is hindered by factors like execution environment detection, code obfuscation, anti virtualization, anti-debugging, analysis environment detection etc. Behavioural analys
is also requires domain expert to review the large amount of logs produced by it to decide on the nature of the binary which is complex, time consuming and expensive. To deal with these problems we proposed deep learning methods, where convolutional neural network model is trained on the image representation of the binary to decide the binary nature as malicious or benign. In this work we have encoded the binaries into images in a unique way. Deep convolution neural network is trained on these images to learn the features to identify the binary as malicious or normal. The malware and benign samples for the dataset creation are collected from online sources and windows operating system along with compatible third party application software respectively.
(More)