A Method for Packed (and Unpacked) Malware Detection by Means of Convolutional Neural Networks

Giovanni Ciaramella; Giovanni Ciaramella; Fabio Martinelli; Antonella Santone; Francesco Mercaldo; Francesco Mercaldo

doi:10.5220/0013210400003979

A Method for Packed (and Unpacked) Malware Detection by Means of Convolutional Neural Networks

Giovanni Ciaramella, Giovanni Ciaramella, Fabio Martinelli, Antonella Santone, Francesco Mercaldo, Francesco Mercaldo

2025

Abstract

The current signature-based mechanism implemented by free and commercial antimalware requires the presence of the signature of the malicious sample to provide protection, i.e., to detect malicious behavior. This is why malware writers are developing techniques that can change the syntax of the code but leave the semantics unchanged, i.e., the malware business logic. Among these techniques is the so-called packed malware, i.e., malware with binary code modified by packers, software aimed to pack software, compress it, and package it with a stub. It is a program capable of decompressing and executing it in memory. In this way, malware detected by antimalware is not even detected in the packed version. In this paper, we propose a technique to detect packed malware by exploiting convolutional neural networks. In a nutshell, the proposed method performs static analysis, i.e., it does not require running the application to detect the malicious samples: we start from the application’s binary code exploited to generate an image that represents the input for a set of deep learning classifiers. The classifiers aim to discern an application under analysis between trusted or (packed) malicious. In the experimental analysis, we consider three different packers (i.e., mpress, BEP, and gzexe) to generate packed malware, thus demonstrating the ability of the proposed method to detect packed and unpacked malware with interesting performances.

Download

Paper Citation

in Harvard Style

Ciaramella G., Martinelli F., Santone A. and Mercaldo F. (2025). A Method for Packed (and Unpacked) Malware Detection by Means of Convolutional Neural Networks. In Proceedings of the 22nd International Conference on Security and Cryptography - Volume 1: SECRYPT; ISBN 978-989-758-760-3, SciTePress, pages 557-564. DOI: 10.5220/0013210400003979

in Bibtex Style

@conference{secrypt25,
author={Giovanni Ciaramella and Fabio Martinelli and Antonella Santone and Francesco Mercaldo},
title={A Method for Packed (and Unpacked) Malware Detection by Means of Convolutional Neural Networks},
booktitle={Proceedings of the 22nd International Conference on Security and Cryptography - Volume 1: SECRYPT},
year={2025},
pages={557-564},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0013210400003979},
isbn={978-989-758-760-3},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 22nd International Conference on Security and Cryptography - Volume 1: SECRYPT
TI - A Method for Packed (and Unpacked) Malware Detection by Means of Convolutional Neural Networks
SN - 978-989-758-760-3
AU - Ciaramella G.
AU - Martinelli F.
AU - Santone A.
AU - Mercaldo F.
PY - 2025
SP - 557
EP - 564
DO - 10.5220/0013210400003979
PB - SciTePress