Article,

Disarming visualization-based approaches in malware detection systems

, , , and .
Computers & Security, (2023)
DOI: https://doi.org/10.1016/j.cose.2022.103062

Abstract

Visualization-based approaches have recently been used in conjunction with signature-based techniques to detect variants of malware files. Indeed, it is sufficient to modify some byte of executable files to modify the signature and, thus, to elude a signature-based detector. In this paper, we design a GAN-based architecture that allows an attacker to generate variants of a malware in which the malware patterns found by visualization-based approaches are hidden, thus producing a new version of the malware that is not detected by both signature-based and visualization-based techniques. The experiments carried out on a well-known malware dataset show a success rate of 100% in generating new variants of malware files that are not detected from the state-of-the-art visualization-based technique.

Tags

Users

  • @mfisichella
  • @l3s

Comments and Reviewsshow / hide

  • @mfisichella
    2 years ago (last updated 2 years ago)
    really a milestone in the field using GAN
Please log in to take part in the discussion (add own reviews or comments).