Article Summary: A Method for Windows Malware Detection Based on Deep Learning

A Method for Windows Malware Detection Based on Deep Learning

Summary of proposed methodology

This paper proposes a malware detection method based on deep learning, which combines malware visualization technology with a convolutional neural network. The proposal uses the hybrid visualization of malware by combining static and dynamic analysis. The researchers use Cuckoo Sandbox for dynamic analysis, convert the results into a visualization image, and train the neural network on static and hybrid visualization images. Then, they test the malware detection method evaluating its effectiveness in detecting unknown malware. Samples of the malware class were provided by virssign.com. The researchers had two models, Model A based on static visualization, and Model B based on hybrid visualization. Model B performed better than model A.

Strengths and weaknesses

The malware samples that were used were from Virussign during the time of the experiment, and they were randomly selected. The test computer had some software installed, some malware may need to be in a certain condition to thrive or be effective. It’s uncertain if the test computer had enough software for the specific sample malware to be effective. An example of this is the test computer did not have QQ software installed when they were testing QQ password stealer trojans. The test computer was Windows 7, and they did not use Windows 10, the test was run in March 2020. Windows 7 was already on extended support and is deprecating at the time, so a Windows 10 computer would have been a better control. Model B was not adequately trained on past malware binaries, and thus did not perform well in comparison to Model A. It’s unknown why Model B wasn’t trained on past malware, but this would have changed the results of Model B in comparison to Model A and wouldn’t be a valid test comparison.

Reference

Huang, X., Ma, L., Yang, W. et al. A Method for Windows Malware Detection Based on Deep Learning. J Sign Process Syst 93, 265–273 (2021). https://doi-org.proxygw.wrlc.org/10.1007/s11265-020-01588-1