Abstract
As a large amount of malicious software (malware), including DDoS or Trojan horse pervade in communication networks, several approaches based on global and local features have been attempted to cope with some modifications added in malware variants such as null value insertion, code interchange, and reordering of subroutines. Detectors that use only one type of feature have been studied a lot, but what uses both features is rarely investigated, although good performance might be expected due to their complementary characteristics. In this paper, we propose a hybrid deep generative model that exploits global and local features together to detect the malware variants effectively. While transforming malware into an image to efficiently represent global features with pre-defined latent space, it extracts local features using the binary code sequences. The two features extracted from the data with their respective characteristics are concatenated and entered into the malware detector. By using both features, the proposed model achieves an accuracy of 97.47%, resulting in the state-of-the-art performance. We analyze what parts of the malware code affect the results of detection through a class activation map (CAM) and confirm the usefulness by analyzing the CAM results of the generated malware that virtual malware generation improves detection performance.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
