Web-Based Malware Detection System Using Convolutional Neural Network

Q1 Social Sciences

Digital Investigation Pub Date : 2023-09-12 DOI:10.3390/digital3030017

Ali Alqahtani, Sumayya Azzony, Leen Alsharafi, Maha Alaseri

{"title":"Web-Based Malware Detection System Using Convolutional Neural Network","authors":"Ali Alqahtani, Sumayya Azzony, Leen Alsharafi, Maha Alaseri","doi":"10.3390/digital3030017","DOIUrl":null,"url":null,"abstract":"In this article, we introduce a web-based malware detection system that leverages a deep-learning approach. Our primary objective is the development of a robust deep-learning model designed for classifying malware in executable files. In contrast to conventional malware detection systems, our approach relies on static detection techniques to unveil the true nature of files as either malicious or benign. Our method makes use of a one-dimensional convolutional neural network 1D-CNN due to the nature of the portable executable file. Significantly, static analysis aligns perfectly with our objectives, allowing us to uncover static features within the portable executable header. This choice holds particular significance given the potential risks associated with dynamic detection, often necessitating the setup of controlled environments, such as virtual machines, to mitigate dangers. Moreover, we seamlessly integrate this effective deep-learning method into a web-based system, rendering it accessible and user-friendly via a web interface. Empirical evidence showcases the efficiency of our proposed methods, as demonstrated in extensive comparisons with state-of-the-art models across three diverse datasets. Our results undeniably affirm the superiority of our approach, delivering a practical, dependable, and rapid mechanism for identifying malware within executable files.","PeriodicalId":50578,"journal":{"name":"Digital Investigation","volume":"30 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-09-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Digital Investigation","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.3390/digital3030017","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"Social Sciences","Score":null,"Total":0}

引用次数: 0

Abstract

In this article, we introduce a web-based malware detection system that leverages a deep-learning approach. Our primary objective is the development of a robust deep-learning model designed for classifying malware in executable files. In contrast to conventional malware detection systems, our approach relies on static detection techniques to unveil the true nature of files as either malicious or benign. Our method makes use of a one-dimensional convolutional neural network 1D-CNN due to the nature of the portable executable file. Significantly, static analysis aligns perfectly with our objectives, allowing us to uncover static features within the portable executable header. This choice holds particular significance given the potential risks associated with dynamic detection, often necessitating the setup of controlled environments, such as virtual machines, to mitigate dangers. Moreover, we seamlessly integrate this effective deep-learning method into a web-based system, rendering it accessible and user-friendly via a web interface. Empirical evidence showcases the efficiency of our proposed methods, as demonstrated in extensive comparisons with state-of-the-art models across three diverse datasets. Our results undeniably affirm the superiority of our approach, delivering a practical, dependable, and rapid mechanism for identifying malware within executable files.

查看原文本刊更多论文

基于网络的卷积神经网络恶意软件检测系统

在本文中，我们介绍了一种基于web的恶意软件检测系统，该系统利用了深度学习方法。我们的主要目标是开发一个强大的深度学习模型，用于对可执行文件中的恶意软件进行分类。与传统的恶意软件检测系统相比，我们的方法依赖于静态检测技术来揭示文件的真实本质是恶意的还是良性的。由于可移植可执行文件的性质，我们的方法使用一维卷积神经网络1D-CNN。值得注意的是，静态分析完全符合我们的目标，允许我们发现可移植可执行头文件中的静态特性。考虑到与动态检测相关的潜在风险，这种选择具有特别的意义，通常需要设置受控环境(如虚拟机)来减轻危险。此外，我们将这种有效的深度学习方法无缝集成到基于web的系统中，通过web界面使其易于访问和用户友好。经验证据显示了我们提出的方法的效率，正如在三个不同数据集上与最先进的模型进行广泛比较所证明的那样。我们的结果不可否认地肯定了我们方法的优越性，提供了一个实用的、可靠的、快速的机制来识别可执行文件中的恶意软件。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Digital Investigation 工程技术-计算机：跨学科应用

CiteScore

5.90

自引率

0.00%

发文量

审稿时长

7.2 weeks

期刊介绍： Digital Investigation is now continued as Forensic Science International: Digital Investigation, advancing digital transformations in forensic science. FSI Digital Investigation covers a broad array of subjects related to crime and security throughout the computerized world. The primary pillar of this publication is digital evidence and multimedia, with the core qualities of provenance, integrity and authenticity. This publication promotes advances in investigating cybercrimes, cyberattacks and traditional crimes involving digital evidence, using scientific practices in digital investigations, and reducing the use of technology for criminal purposes. This widely referenced publication promotes innovations and advances in utilizing digital evidence and multimedia for legal purposes, including criminal justice, incident response, cybercrime analysis, cyber-risk management, civil and regulatory matters, and privacy protection. Relevant research areas include forensic science, computer science, data science, artificial intelligence, and smart technology.