2020
DOI: 10.1109/access.2020.2966860
|View full text |Cite
|
Sign up to set email alerts
|

A Neural Network-Based Approach for Cryptographic Function Detection in Malware

Abstract: Cryptographic technology has been commonly used in malware for hiding their static characteristics and malicious behaviors to avoid the detection of anti-virus engines and counter the reverse analysis from security researchers. The detection of cryptographic functions in an effective way in malware has vital significance for malicious code detection and deep analysis. Many efforts have been made to solve this issue, while existing methods suffer from some issues, such as unable to achieve promising results in … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1

Citation Types

0
3
0

Year Published

2022
2022
2024
2024

Publication Types

Select...
3
3
1

Relationship

0
7

Authors

Journals

citations
Cited by 9 publications
(3 citation statements)
references
References 25 publications
0
3
0
Order By: Relevance
“…However, one may extend the scope to handle other BCSA scenarios to compare binaries [20], [27], [54] or a series of instructions [32], [34], [57]. Additionally, one can extend our approach for various purposes, such as vulnerability discovery [11], [12], [20], [23], [28], [59], [138], malware detection [5], [6], [139], [140], [141], [142], [143], library function identification [71], [84], [144], [145], [146], [147], plagiarism/authorship detection [8], [82], [148], or patch identification [149], [150], [151]. However, extending our work to other BCSA tasks may not be directly applicable.…”
Section: Discussionmentioning
confidence: 99%
“…However, one may extend the scope to handle other BCSA scenarios to compare binaries [20], [27], [54] or a series of instructions [32], [34], [57]. Additionally, one can extend our approach for various purposes, such as vulnerability discovery [11], [12], [20], [23], [28], [59], [138], malware detection [5], [6], [139], [140], [141], [142], [143], library function identification [71], [84], [144], [145], [146], [147], plagiarism/authorship detection [8], [82], [148], or patch identification [149], [150], [151]. However, extending our work to other BCSA tasks may not be directly applicable.…”
Section: Discussionmentioning
confidence: 99%
“…Cryptography is a tool that can protect the confidentiality of data, while often used to the benefit of users it can be used by attackers to hide malware on a system until it is needed or obfuscate network traffic. It can be difficult to identify malware that is able to encrypt data as it might require reverse engineering the suspicious program and applying a thorough understanding of many encryption methods [37]. It has been found that NNs could simplify the process of detecting encryption in obfuscated programs.…”
Section: Software Codementioning
confidence: 99%
“…Jia et al [37] propose solving this issue with a NN model called K-max-CNN-Attention that looks for common instruction patterns rather than relative instruction density. The improvements this model brings is in the move to a convolutional NN (CNN), which interpret blocks of data maintaining the original structure and a better preprocessing scheme which simplifies the input enough to be meaningful to the NN but leaving more information to be interpreted, while these changes improve on performance and accuracy of existing techniques Jia et al [37] speculate that better accuracy could be achieved by changing the preprocessing and classification models to consider non-sequential execution of code.…”
Section: Software Codementioning
confidence: 99%