Visualization-based approaches have recently been used in conjunction with signature-based techniques to detect variants of malware files. Indeed, it is sufficient to modify some byte of executable files to modify the signature and, thus, to elude a signature-based detector. In this paper, we design a GAN-based architecture that allows an attacker to generate variants of a malware in which the malware patterns found by visualization-based approaches are hidden, thus producing a new version of the malware that is not detected by both signature-based and visualization-based techniques. The experiments carried out on a well-known malware dataset show a success rate of 100% in generating new variants of malware files that are not detected from the state-of-the-art visualization-based technique.
Disarming visualization-based approaches in malware detection systems / Saidia Fascí, Lara; Fisichella, Marco; Lax, Gianluca; Qian, Chenyi. - In: COMPUTERS & SECURITY. - ISSN 0167-4048. - 126:103062(2023), pp. 1-13. [10.1016/j.cose.2022.103062]
Disarming visualization-based approaches in malware detection systems
Lax, Gianluca;
2023-01-01
Abstract
Visualization-based approaches have recently been used in conjunction with signature-based techniques to detect variants of malware files. Indeed, it is sufficient to modify some byte of executable files to modify the signature and, thus, to elude a signature-based detector. In this paper, we design a GAN-based architecture that allows an attacker to generate variants of a malware in which the malware patterns found by visualization-based approaches are hidden, thus producing a new version of the malware that is not detected by both signature-based and visualization-based techniques. The experiments carried out on a well-known malware dataset show a success rate of 100% in generating new variants of malware files that are not detected from the state-of-the-art visualization-based technique.| File | Dimensione | Formato | |
|---|---|---|---|
|
Fascì_2023_j.cose_disarming_editor.pdf
accesso aperto
Descrizione: Versione editoriale
Tipologia:
Versione Editoriale (PDF)
Licenza:
Creative commons
Dimensione
3.15 MB
Formato
Adobe PDF
|
3.15 MB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
