A Method for Packed Malware Detection and Possible Payload Identification Through Convolutional Neural Networks
摘要
Malicious code writers are focusing on techniques to obfuscate existing code in a way to render impossible a successful match with a signature in the malware repository of the most common signature-based antimalware software. One of the most exploited way to obfuscate malicious samples is through the adoption of packers i.e., tools that compress a file using an algorithm, typically exploited to protect applications from reverse engineering for legitimate purposes. Thus, a method for the detection of packed (and unpacked) malware is proposed in this paper: we consider a set of models built by exploiting Convolutional Neural Networks for malware detection by converting an application into an image composed from the opcodes of the application. We also consider explainability, with the aim to understand which opcodes are responsible for the malware prediction, thus providing possible payload identification. The results, performed by obfuscating malware using three different packers, show encouraging results in unpacked and packed malware detection, thus demonstrating the ability of the designed method even in the identification of possible malicious malware payloads.