The byte stream is widely used in malware detection due to its independence of reverse engineering.However,existing methods based on the byte stream implement an indiscriminate feature extraction strategy,which ignore...The byte stream is widely used in malware detection due to its independence of reverse engineering.However,existing methods based on the byte stream implement an indiscriminate feature extraction strategy,which ignores the byte function difference in different segments and fails to achieve targeted feature extraction for various byte semantic representation modes,resulting in byte semantic confusion.To address this issue,an enhanced adversarial byte function associated method for malware backdoor attack is proposed in this paper by categorizing various function bytes into three functions involving structure,code,and data.The Minhash algorithm,grayscale mapping,and state transition probability statistics are then used to capture byte semantics from the perspectives of text signature,spatial structure,and statistical aspects,respectively,to increase the accuracy of byte semantic representation.Finally,the three-channel malware feature image is constructed based on different function byte semantics,and a convolutional neural network is applied for detection.Experiments on multiple data sets from 2018 to 2021 show that the method can effectively combine byte functions to achieve targeted feature extraction,avoid byte semantic confusion,and improve the accuracy of malware detection.展开更多
The rapid and increasing growth in the volume and number of cyber threats from malware is not a real danger;the real threat lies in the obfuscation of these cyberattacks,as they constantly change their behavior,making...The rapid and increasing growth in the volume and number of cyber threats from malware is not a real danger;the real threat lies in the obfuscation of these cyberattacks,as they constantly change their behavior,making detection more difficult.Numerous researchers and developers have devoted considerable attention to this topic;however,the research field has not yet been fully saturated with high-quality studies that address these problems.For this reason,this paper presents a novel multi-objective Markov-enhanced adaptive whale optimization(MOMEAWO)cybersecurity model to improve the classification of binary and multi-class malware threats through the proposed MOMEAWO approach.The proposed MOMEAWO cybersecurity model aims to provide an innovative solution for analyzing,detecting,and classifying the behavior of obfuscated malware within their respective families.The proposed model includes three classification types:Binary classification and multi-class classification(e.g.,four families and 16 malware families).To evaluate the performance of this model,we used a recently published dataset called the Canadian Institute for Cybersecurity Malware Memory Analysis(CIC-MalMem-2022)that contains balanced data.The results show near-perfect accuracy in binary classification and high accuracy in multi-class classification compared with related work using the same dataset.展开更多
基金This work is supported in part by the Information Security Software Project(2020)of the Ministry of Industry and Information Technology,PR China under Grant CEIEC-2020-ZM02-0134.
文摘The byte stream is widely used in malware detection due to its independence of reverse engineering.However,existing methods based on the byte stream implement an indiscriminate feature extraction strategy,which ignores the byte function difference in different segments and fails to achieve targeted feature extraction for various byte semantic representation modes,resulting in byte semantic confusion.To address this issue,an enhanced adversarial byte function associated method for malware backdoor attack is proposed in this paper by categorizing various function bytes into three functions involving structure,code,and data.The Minhash algorithm,grayscale mapping,and state transition probability statistics are then used to capture byte semantics from the perspectives of text signature,spatial structure,and statistical aspects,respectively,to increase the accuracy of byte semantic representation.Finally,the three-channel malware feature image is constructed based on different function byte semantics,and a convolutional neural network is applied for detection.Experiments on multiple data sets from 2018 to 2021 show that the method can effectively combine byte functions to achieve targeted feature extraction,avoid byte semantic confusion,and improve the accuracy of malware detection.
文摘The rapid and increasing growth in the volume and number of cyber threats from malware is not a real danger;the real threat lies in the obfuscation of these cyberattacks,as they constantly change their behavior,making detection more difficult.Numerous researchers and developers have devoted considerable attention to this topic;however,the research field has not yet been fully saturated with high-quality studies that address these problems.For this reason,this paper presents a novel multi-objective Markov-enhanced adaptive whale optimization(MOMEAWO)cybersecurity model to improve the classification of binary and multi-class malware threats through the proposed MOMEAWO approach.The proposed MOMEAWO cybersecurity model aims to provide an innovative solution for analyzing,detecting,and classifying the behavior of obfuscated malware within their respective families.The proposed model includes three classification types:Binary classification and multi-class classification(e.g.,four families and 16 malware families).To evaluate the performance of this model,we used a recently published dataset called the Canadian Institute for Cybersecurity Malware Memory Analysis(CIC-MalMem-2022)that contains balanced data.The results show near-perfect accuracy in binary classification and high accuracy in multi-class classification compared with related work using the same dataset.
