AI based Malware Detection
Enterprises are striving to remain protected against the malware based cyber-attacks over their infrastructure, facilities, networks and systems. Static analysis is an effective approach to detect the malware i.e. malicious Portable Executable(PE). It performs the in depth analysis of PE files without executing them, which is highly effective to minimize the risk of malicious PE contaminating the system and allowing its early stage detection. Yet, the instant detection using static analysis has become very difficult due to the exponential rise in volume and variety of malware. The compelling need of early stage detection of malware based attacks significantly motivates research inclination towards automated malware detection.
The recent machine learning aided malware detection approaches using static analysis are mostly supervised. Supervised malware detection using static analysis is based on manual labelling and human feedback and therefore less effective in rapidly evolutionary and dynamic threat space. To this end, we propose a progressive deep unsupervised framework with feature attention blocks for static analysis-based malware detection (PROUD-MAL). The framework is based on cascading blocks of unsupervised clustering and feature attention based deep neural network. The deep neural network is embedded with feature attention blocks and is trained on the predicted labels. To evaluate the proposed unsupervised framework, we collected a real-time malware dataset by deploying low and high interaction honey pots on an enterprise organizational network. Moreover, endpoint security solution is also deployed over the enterprise organizational network to collect malware samples. After post processing and cleaning, the dataset is comprised of 15457 PE samples, out of which 8775 are malicious and 6681 are benign. The proposed PROUD-MAL framework achieved better quantitative performance in standard evaluation metrices on this dataset and outperformed other conventional machine learning algorithms.
The implementation and dataset is made available for public at github
- SK Rizwi, W. Aslam, M. Shahzad, S. Saleem, M.M. Fraz , “PROUD-MAL: static analysis-based progressive framework for deep unsupervised malware classification of windows portable executable”, Complex & Intelligent Systems, Vol. 21 , No. 2, Oct, 2021. IF: 4.92
- W. Aslam, M. M. Fraz, S.K. Rizvi, S. Saleem , “Cross-validation of machine learning algorithms for malware detection using static features of Windows portable executables: A Comparative Study”, Proceedings of the 17th IEEE International Conference on Smart Communities: Improving Quality of Life Using ICT, IoT and AI (HONET), Dec, 2020, UNC Charlotte , USA.