In a world increasingly connected with smart devices, smartphones, tablets and servers in constant communication with each other, malware is a serious threat for the security of users and systems. Every day they are becoming more sophisticated and can rely on a growing attack surface. Traditional malware analysis techniques are becoming unable to deal with this growth; to this reason new approaches are arising. Among these, the most promising ones aim to exploit the disruptive accuracy and flexibility of convolutional neural networks (CNNs) to realize innovative techniques to detect and classify malware by using an intermediate image-based representation. However, several papers have highlighted the natural tendency of CNNs to be fooled by perturbations applied on the input. In this paper we benchmark four different CNNs widely used for images. To this purpose, we have specialized the CNNs, through transfer learning, to classify malware belonging to 9 different families. Then, we have evaluated their robustness against the obfuscation of the malware executable. All the CNNs achieved an impressive classification accuracy on both the original and the obfuscated datasets confirming their suitability for malware classification.

Robustness evaluation of convolutional neural networks for malware classification

Carletti V.;Greco A.;Saggese A.;Vento M.
2021-01-01

Abstract

In a world increasingly connected with smart devices, smartphones, tablets and servers in constant communication with each other, malware is a serious threat for the security of users and systems. Every day they are becoming more sophisticated and can rely on a growing attack surface. Traditional malware analysis techniques are becoming unable to deal with this growth; to this reason new approaches are arising. Among these, the most promising ones aim to exploit the disruptive accuracy and flexibility of convolutional neural networks (CNNs) to realize innovative techniques to detect and classify malware by using an intermediate image-based representation. However, several papers have highlighted the natural tendency of CNNs to be fooled by perturbations applied on the input. In this paper we benchmark four different CNNs widely used for images. To this purpose, we have specialized the CNNs, through transfer learning, to classify malware belonging to 9 different families. Then, we have evaluated their robustness against the obfuscation of the malware executable. All the CNNs achieved an impressive classification accuracy on both the original and the obfuscated datasets confirming their suitability for malware classification.
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11386/4779987
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 3
  • ???jsp.display-item.citation.isi??? ND
social impact