A malware classification method based on memory dump grayscale image

Abstract Effective analysis of malware is of great significance in guaranteeing the reliability of the system operation. Malware can easily escape from existing dynamic analysis methods. Aiming at the deficiencies of current methods for detecting malware dynamically, a method of using hardware features is proposed, namely, a memory dump file is extracted and converted into a grayscale image, the image is converted into a fixed size, and the image feature is extracted using histogram of gradient, and the currently popular classifier algorithm is used to classify malware. Experiments are conducted using actual malware samples and the effectiveness of using memory dump file image is verified. This method is superior to the recently proposed hardware performance counter detection method.

[1]  Christopher Krügel,et al.  BareBox: efficient malware analysis on bare-metal , 2011, ACSAC '11.

[2]  Christopher Krügel,et al.  A survey on automated dynamic malware-analysis techniques and tools , 2012, CSUR.

[3]  Salvatore J. Stolfo,et al.  Unsupervised Anomaly-Based Malware Detection Using Hardware Features , 2014, RAID.

[4]  Qiguang Miao,et al.  FENOC: An Ensemble One-Class Learning Framework for Malware Detection , 2013, 2013 Ninth International Conference on Computational Intelligence and Security.

[5]  Nael B. Abu-Ghazaleh,et al.  Hardware-Based Malware Detection Using Low-Level Architectural Features , 2016, IEEE Transactions on Computers.

[6]  Igor Korkin,et al.  Applying Memory Forensics to Rootkit Detection , 2015, ArXiv.

[7]  Stefano Zanero,et al.  HelDroid: Dissecting and Detecting Mobile Ransomware , 2015, RAID.

[8]  Golden G. Richard,et al.  Detecting objective-C malware through memory forensics , 2016 .

[9]  B. S. Manjunath,et al.  SPAM: Signal Processing to Analyze Malware [Applications Corner] , 2016, IEEE Signal Processing Magazine.

[10]  Nael B. Abu-Ghazaleh,et al.  Malware-aware processors: A framework for efficient online malware detection , 2015, 2015 IEEE 21st International Symposium on High Performance Computer Architecture (HPCA).

[11]  Angelos Stavrou,et al.  When a Tree Falls: Using Diversity in Ensemble Classifiers to Identify Evasion in Malware Detectors , 2016, NDSS.

[12]  Vinod Yegneswaran,et al.  A comparative assessment of malware classification using binary texture analysis and dynamic analysis , 2011, AISec '11.

[13]  Konrad Rieck,et al.  DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket , 2014, NDSS.

[14]  Mehdi Hosseinzadeh,et al.  A Framework for Recognition and Confronting of Obfuscated Malwares Based on Memory Dumping and Filter Drivers , 2018, Wirel. Pers. Commun..

[15]  Bill Triggs,et al.  Histograms of oriented gradients for human detection , 2005, 2005 IEEE Computer Society Conference on Computer Vision and Pattern Recognition (CVPR'05).

[16]  Nael B. Abu-Ghazaleh,et al.  Ensemble Learning for Low-Level Hardware-Supported Malware Detection , 2015, RAID.

[17]  Salvatore J. Stolfo,et al.  On the feasibility of online malware detection with performance counters , 2013, ISCA.

[18]  B. S. Manjunath,et al.  Malware images: visualization and automatic classification , 2011, VizSec '11.