Malware detection is one of the most important tasks in cybersecurity. Recently, increasing interest in Convolutional Neural Networks (CNN) and Machine Learning algorithms, which are widely used in image analysis and predictive modelling, led to their use in static malware classification and to the application of these powerful tools in computer industry and industrial internet of things. Many studies claim that the static malware detection approach, under well-defined conditions, can deliver fast and accurate malware classification results with relatively little human effort once the framework is implemented, relying solely on the binary content of the file. This becomes evident if we compare static malware detection to other techniques of dynamic nature. The focus of our research is to highlight strengths and weaknesses of CNNs used for static malware detection, starting from images obtained from byte-wise conversion of binary executable files to pixel images to critically analyze the assumptions underlying the performance of this type of technique.
Deceiving AI-based malware detection through polymorphic attacks
Catalano C.
;Angelelli M.
;
2022-01-01
Abstract
Malware detection is one of the most important tasks in cybersecurity. Recently, increasing interest in Convolutional Neural Networks (CNN) and Machine Learning algorithms, which are widely used in image analysis and predictive modelling, led to their use in static malware classification and to the application of these powerful tools in computer industry and industrial internet of things. Many studies claim that the static malware detection approach, under well-defined conditions, can deliver fast and accurate malware classification results with relatively little human effort once the framework is implemented, relying solely on the binary content of the file. This becomes evident if we compare static malware detection to other techniques of dynamic nature. The focus of our research is to highlight strengths and weaknesses of CNNs used for static malware detection, starting from images obtained from byte-wise conversion of binary executable files to pixel images to critically analyze the assumptions underlying the performance of this type of technique.File | Dimensione | Formato | |
---|---|---|---|
1-s2.0-S0166361522001488-main.pdf
non disponibili
Licenza:
Copyright dell'editore
Dimensione
6.5 MB
Formato
Adobe PDF
|
6.5 MB | Adobe PDF | Visualizza/Apri Richiedi una copia |
RevisedManuscriptWithAuthors.pdf
accesso aperto
Tipologia:
Documento in Pre-print
Licenza:
Creative commons
Dimensione
4.68 MB
Formato
Adobe PDF
|
4.68 MB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.