DC FieldValueLanguage
dc.contributor.authorZhang, Shuhuien_US
dc.contributor.authorHu, Changdongen_US
dc.contributor.authorWang, Lianhaien_US
dc.contributor.authorMihaljević, Miodrag J.en_US
dc.contributor.authorXu, Shujiangen_US
dc.contributor.authorLan, Tianen_US
dc.date.accessioned2023-06-07T09:21:27Z-
dc.date.available2023-06-07T09:21:27Z-
dc.date.issued2023-
dc.identifier.issn2073-8994-
dc.identifier.urihttp://researchrepository.mi.sanu.ac.rs/handle/123456789/5046-
dc.description.abstractAs cyber attacks grow more complex and sophisticated, new types of malware become more dangerous and challenging to detect. In particular, fileless malware injects malicious code into the physical memory directly without leaving attack traces on disk files. This type of attack is well concealed, and it is difficult to find the malicious code in the static files. For malicious processes in memory, signature-based detection methods are becoming increasingly ineffective. Facing these challenges, this paper proposes a malware detection approach based on convolutional neural network and memory forensics. As the malware has many symmetric features, the saved training model can detect malicious code with symmetric features. The method includes collecting executable static malicious and benign samples, running the collected samples in a sandbox, and building a dataset of portable executables in memory through memory forensics. When a process is running, not all the program content is loaded into memory, so binary fragments are utilized for malware analysis instead of the entire portable executable (PE) files. PE file fragments are selected with different lengths and locations. We conducted several experiments on the produced dataset to test our model. The PE file with 4096 bytes of header fragment has the highest accuracy. We achieved a prediction accuracy of up to 97.48%. Moreover, an example of fileless attack is illustrated at the end of the paper. The results show that the proposed method can detect malicious codes effectively, especially the fileless attack. Its accuracy is better than that of common machine learning methods.en_US
dc.publisherMDPIen_US
dc.relation.ispartofSymmetryen_US
dc.rightsAttribution 4.0 International*
dc.rights.urihttp://creativecommons.org/licenses/by/4.0/*
dc.subjectdeep learning | malware detection | memory dump | memory forensic | segment detectionen_US
dc.titleA Malware Detection Approach Based on Deep Learning and Memory Forensicsen_US
dc.typeArticleen_US
dc.identifier.doi10.3390/sym15030758-
dc.identifier.scopus2-s2.0-85152687106-
dc.contributor.affiliationComputer Scienceen_US
dc.contributor.affiliationMathematical Institute of the Serbian Academy of Sciences and Artsen_US
dc.relation.firstpage758-
dc.relation.issue3-
dc.relation.volume15-
dc.description.rank~M22-
item.cerifentitytypePublications-
item.openairetypeArticle-
item.grantfulltextopen-
item.fulltextWith Fulltext-
item.openairecristypehttp://purl.org/coar/resource_type/c_18cf-
crisitem.author.orcid0000-0003-3047-3020-
Files in This Item:
File Description SizeFormat
MMihaljevic.pdf3.72 MBAdobe PDFView/Open
Show simple item record

SCOPUSTM   
Citations

13
checked on Dec 20, 2024

Page view(s)

20
checked on Dec 22, 2024

Download(s)

21
checked on Dec 22, 2024

Google ScholarTM

Check

Altmetric

Altmetric


This item is licensed under a Creative Commons License Creative Commons