Obfuscated malware detection using dilated convolutional network

Abstract

Nowadays, information security is a critical field of research since information technologies develop rapidly. Consequently, the possible attacks are also evolving. One of the problems is malware detection. There is no doubt that many antivirus software can catch most cases. However, it is important to remember that such software is one step behind the malware. Here we introduce artificial intelligence that can help to detect obfuscated malware in memory. Modern architectures of a neural network can detect even unknown malware and distinguish whether there is something malicious or not. This paper deals with the problem of the detection of obfuscated malware in memory. Most existing approaches use custom datasets or Microsoft Malware Classification Challenge dataset (BIG2015). However, we applied the latest dataset CIC-MalMem-2022, which reflects the current state of technologies. This dataset contains samples with benign and malware cases. Additionally, the authors provided the family and type of malware, so it is possible to perform advanced experiments. This paper provides techniques for the detection and classification of malware from given memory information. Firstly, the traditional machine learning methods are tested with optimisation techniques; secondly, the dilated convolutional network is proposed. According to the results, the detection by all methods has an accuracy of 0.99. However, the most accurate is a random forest. On the other hand, the proposed neural network architecture is the best for classifying the malware family and has achieved an accuracy of 0.83.