Details
Originalsprache | Englisch |
---|---|
Aufsatznummer | 103062 |
Seitenumfang | 13 |
Fachzeitschrift | Computers and Security |
Jahrgang | 126 |
Frühes Online-Datum | 13 Dez. 2022 |
Publikationsstatus | Veröffentlicht - März 2023 |
Abstract
Visualization-based approaches have recently been used in conjunction with signature-based techniques to detect variants of malware files. Indeed, it is sufficient to modify some byte of executable files to modify the signature and, thus, to elude a signature-based detector. In this paper, we design a GAN-based architecture that allows an attacker to generate variants of a malware in which the malware patterns found by visualization-based approaches are hidden, thus producing a new version of the malware that is not detected by both signature-based and visualization-based techniques. The experiments carried out on a well-known malware dataset show a success rate of 100% in generating new variants of malware files that are not detected from the state-of-the-art visualization-based technique.
ASJC Scopus Sachgebiete
- Informatik (insg.)
- Allgemeine Computerwissenschaft
- Sozialwissenschaften (insg.)
- Recht
Zitieren
- Standard
- Harvard
- Apa
- Vancouver
- BibTex
- RIS
in: Computers and Security, Jahrgang 126, 103062, 03.2023.
Publikation: Beitrag in Fachzeitschrift › Artikel › Forschung › Peer-Review
}
TY - JOUR
T1 - Disarming visualization-based approaches in malware detection systems
AU - Saidia Fascí, Lara
AU - Fisichella, Marco
AU - Lax, Gianluca
AU - Qian, Chenyi
N1 - Funding Information: This work was supported in part by the research project “SoBigData++” funded by the European Commission under the Horizon 2020 program with grant agreement number 871042 .
PY - 2023/3
Y1 - 2023/3
N2 - Visualization-based approaches have recently been used in conjunction with signature-based techniques to detect variants of malware files. Indeed, it is sufficient to modify some byte of executable files to modify the signature and, thus, to elude a signature-based detector. In this paper, we design a GAN-based architecture that allows an attacker to generate variants of a malware in which the malware patterns found by visualization-based approaches are hidden, thus producing a new version of the malware that is not detected by both signature-based and visualization-based techniques. The experiments carried out on a well-known malware dataset show a success rate of 100% in generating new variants of malware files that are not detected from the state-of-the-art visualization-based technique.
AB - Visualization-based approaches have recently been used in conjunction with signature-based techniques to detect variants of malware files. Indeed, it is sufficient to modify some byte of executable files to modify the signature and, thus, to elude a signature-based detector. In this paper, we design a GAN-based architecture that allows an attacker to generate variants of a malware in which the malware patterns found by visualization-based approaches are hidden, thus producing a new version of the malware that is not detected by both signature-based and visualization-based techniques. The experiments carried out on a well-known malware dataset show a success rate of 100% in generating new variants of malware files that are not detected from the state-of-the-art visualization-based technique.
KW - Deep learning
KW - GAN
KW - Machine learning
KW - Malware classification
UR - http://www.scopus.com/inward/record.url?scp=85144565578&partnerID=8YFLogxK
U2 - 10.1016/j.cose.2022.103062
DO - 10.1016/j.cose.2022.103062
M3 - Article
AN - SCOPUS:85144565578
VL - 126
JO - Computers and Security
JF - Computers and Security
SN - 0167-4048
M1 - 103062
ER -