Details
| Original language | English |
|---|---|
| Article number | 103062 |
| Number of pages | 13 |
| Journal | Computers and Security |
| Volume | 126 |
| Early online date | 13 Dec 2022 |
| Publication status | Published - Mar 2023 |
Abstract
Visualization-based approaches have recently been used in conjunction with signature-based techniques to detect variants of malware files. Indeed, it is sufficient to modify some byte of executable files to modify the signature and, thus, to elude a signature-based detector. In this paper, we design a GAN-based architecture that allows an attacker to generate variants of a malware in which the malware patterns found by visualization-based approaches are hidden, thus producing a new version of the malware that is not detected by both signature-based and visualization-based techniques. The experiments carried out on a well-known malware dataset show a success rate of 100% in generating new variants of malware files that are not detected from the state-of-the-art visualization-based technique.
Keywords
- Deep learning, GAN, Machine learning, Malware classification
ASJC Scopus subject areas
- Computer Science(all)
- Social Sciences(all)
- Law
Cite this
- Standard
- Harvard
- Apa
- Vancouver
- BibTeX
- RIS
In: Computers and Security, Vol. 126, 103062, 03.2023.
Research output: Contribution to journal › Article › Research › peer review
}
TY - JOUR
T1 - Disarming visualization-based approaches in malware detection systems
AU - Saidia Fascí, Lara
AU - Fisichella, Marco
AU - Lax, Gianluca
AU - Qian, Chenyi
N1 - Funding Information: This work was supported in part by the research project “SoBigData++” funded by the European Commission under the Horizon 2020 program with grant agreement number 871042 .
PY - 2023/3
Y1 - 2023/3
N2 - Visualization-based approaches have recently been used in conjunction with signature-based techniques to detect variants of malware files. Indeed, it is sufficient to modify some byte of executable files to modify the signature and, thus, to elude a signature-based detector. In this paper, we design a GAN-based architecture that allows an attacker to generate variants of a malware in which the malware patterns found by visualization-based approaches are hidden, thus producing a new version of the malware that is not detected by both signature-based and visualization-based techniques. The experiments carried out on a well-known malware dataset show a success rate of 100% in generating new variants of malware files that are not detected from the state-of-the-art visualization-based technique.
AB - Visualization-based approaches have recently been used in conjunction with signature-based techniques to detect variants of malware files. Indeed, it is sufficient to modify some byte of executable files to modify the signature and, thus, to elude a signature-based detector. In this paper, we design a GAN-based architecture that allows an attacker to generate variants of a malware in which the malware patterns found by visualization-based approaches are hidden, thus producing a new version of the malware that is not detected by both signature-based and visualization-based techniques. The experiments carried out on a well-known malware dataset show a success rate of 100% in generating new variants of malware files that are not detected from the state-of-the-art visualization-based technique.
KW - Deep learning
KW - GAN
KW - Machine learning
KW - Malware classification
UR - http://www.scopus.com/inward/record.url?scp=85144565578&partnerID=8YFLogxK
U2 - 10.1016/j.cose.2022.103062
DO - 10.1016/j.cose.2022.103062
M3 - Article
AN - SCOPUS:85144565578
VL - 126
JO - Computers and Security
JF - Computers and Security
SN - 0167-4048
M1 - 103062
ER -