通过使用生成对抗网络生成新的恶意软件样本来发现未来的恶意软件变体

Zahra Moti, S. Hashemi, Amir Namavar
{"title":"通过使用生成对抗网络生成新的恶意软件样本来发现未来的恶意软件变体","authors":"Zahra Moti, S. Hashemi, Amir Namavar","doi":"10.1109/ICCKE48569.2019.8964913","DOIUrl":null,"url":null,"abstract":"Detecting malware sample is one of the most important issues in computer security. Malware variants are growing exponentially by more usage of computer in industries, homes, and other places. Among different types of malware samples, zero-day samples are more challenging. The conventional antivirus systems, which rely on known malware patterns, cannot detect zero-day samples since did not see them before. As reported in [1], in 2018, 76% of successful attacks on organization endpoints were based on zero-day samples. Therefore, predicting these types of attacks and preparing a solution is an open challenge.This paper presents a deep generative adversarial network to generate the signature of unseen malware samples; The generated signature is potentially similar to the malware samples that may be released in the future. After generating the samples, these generated data were added to the dataset to train a robust classifier against new variants of malware. Also, neural network is applied for extracting high-level features from raw bytes for detection. In the proposed method, only the header of the executable file was used for detection, which is a small piece of the file that contains some information about the file. To validate our method, we used three classification algorithms and classified the raw and new representation using them. Also, we compared our work with another malware detection using the PE header. The results of this paper show that the generated data improves the accuracy of classification algorithms by at least 1%.","PeriodicalId":6685,"journal":{"name":"2019 9th International Conference on Computer and Knowledge Engineering (ICCKE)","volume":"20 1","pages":"319-324"},"PeriodicalIF":0.0000,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"15","resultStr":"{\"title\":\"Discovering Future Malware Variants By Generating New Malware Samples Using Generative Adversarial Network\",\"authors\":\"Zahra Moti, S. Hashemi, Amir Namavar\",\"doi\":\"10.1109/ICCKE48569.2019.8964913\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Detecting malware sample is one of the most important issues in computer security. Malware variants are growing exponentially by more usage of computer in industries, homes, and other places. Among different types of malware samples, zero-day samples are more challenging. The conventional antivirus systems, which rely on known malware patterns, cannot detect zero-day samples since did not see them before. As reported in [1], in 2018, 76% of successful attacks on organization endpoints were based on zero-day samples. Therefore, predicting these types of attacks and preparing a solution is an open challenge.This paper presents a deep generative adversarial network to generate the signature of unseen malware samples; The generated signature is potentially similar to the malware samples that may be released in the future. After generating the samples, these generated data were added to the dataset to train a robust classifier against new variants of malware. Also, neural network is applied for extracting high-level features from raw bytes for detection. In the proposed method, only the header of the executable file was used for detection, which is a small piece of the file that contains some information about the file. To validate our method, we used three classification algorithms and classified the raw and new representation using them. Also, we compared our work with another malware detection using the PE header. The results of this paper show that the generated data improves the accuracy of classification algorithms by at least 1%.\",\"PeriodicalId\":6685,\"journal\":{\"name\":\"2019 9th International Conference on Computer and Knowledge Engineering (ICCKE)\",\"volume\":\"20 1\",\"pages\":\"319-324\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"15\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 9th International Conference on Computer and Knowledge Engineering (ICCKE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICCKE48569.2019.8964913\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 9th International Conference on Computer and Knowledge Engineering (ICCKE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCKE48569.2019.8964913","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 15

摘要

恶意软件样本检测是计算机安全领域的重要课题之一。随着工业、家庭和其他地方越来越多地使用计算机,恶意软件变种呈指数级增长。在不同类型的恶意软件样本中,零日样本更具挑战性。传统的反病毒系统依赖于已知的恶意软件模式,无法检测到零日样本,因为之前没有看到它们。据[1]报道,2018年,76%的对组织端点的成功攻击是基于零日样本的。因此,预测这些类型的攻击并准备解决方案是一个公开的挑战。本文提出了一种深度生成对抗网络来生成不可见恶意软件样本的签名;生成的签名可能与将来可能发布的恶意软件样本相似。在生成样本后,这些生成的数据被添加到数据集中,以训练针对新恶意软件变体的鲁棒分类器。同时,利用神经网络从原始字节中提取高级特征进行检测。在提出的方法中,仅使用可执行文件的头文件进行检测,头文件是文件的一小部分,包含有关文件的一些信息。为了验证我们的方法,我们使用了三种分类算法,并使用它们对原始表示和新表示进行了分类。此外,我们还将我们的工作与使用PE头的另一种恶意软件检测进行了比较。本文的结果表明,生成的数据使分类算法的准确率提高了至少1%。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Discovering Future Malware Variants By Generating New Malware Samples Using Generative Adversarial Network
Detecting malware sample is one of the most important issues in computer security. Malware variants are growing exponentially by more usage of computer in industries, homes, and other places. Among different types of malware samples, zero-day samples are more challenging. The conventional antivirus systems, which rely on known malware patterns, cannot detect zero-day samples since did not see them before. As reported in [1], in 2018, 76% of successful attacks on organization endpoints were based on zero-day samples. Therefore, predicting these types of attacks and preparing a solution is an open challenge.This paper presents a deep generative adversarial network to generate the signature of unseen malware samples; The generated signature is potentially similar to the malware samples that may be released in the future. After generating the samples, these generated data were added to the dataset to train a robust classifier against new variants of malware. Also, neural network is applied for extracting high-level features from raw bytes for detection. In the proposed method, only the header of the executable file was used for detection, which is a small piece of the file that contains some information about the file. To validate our method, we used three classification algorithms and classified the raw and new representation using them. Also, we compared our work with another malware detection using the PE header. The results of this paper show that the generated data improves the accuracy of classification algorithms by at least 1%.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信