A malware classification method based on memory dump grayscale image. (December 2018)
- Record Type:
- Journal Article
- Title:
- A malware classification method based on memory dump grayscale image. (December 2018)
- Main Title:
- A malware classification method based on memory dump grayscale image
- Authors:
- Dai, Yusheng
Li, Hui
Qian, Yekui
Lu, Xidong - Abstract:
- Abstract: Effective analysis of malware is of great significance in guaranteeing the reliability of the system operation. Malware can easily escape from existing dynamic analysis methods. Aiming at the deficiencies of current methods for detecting malware dynamically, a method of using hardware features is proposed, namely, a memory dump file is extracted and converted into a grayscale image, the image is converted into a fixed size, and the image feature is extracted using histogram of gradient, and the currently popular classifier algorithm is used to classify malware. Experiments are conducted using actual malware samples and the effectiveness of using memory dump file image is verified. This method is superior to the recently proposed hardware performance counter detection method. Highlights: Dynamic analysis technical is vulnerable to malware evasion. Using memory dumps can fully describe the malware behavior. We propose a classification method based on visual malware memory dump, which can effectively classify malware. The effectiveness of the classification method is verified by using the backdoor malware dataset.
- Is Part Of:
- Digital investigation. Volume 27(2018)
- Journal:
- Digital investigation
- Issue:
- Volume 27(2018)
- Issue Display:
- Volume 27, Issue 2018 (2018)
- Year:
- 2018
- Volume:
- 27
- Issue:
- 2018
- Issue Sort Value:
- 2018-0027-2018-0000
- Page Start:
- 30
- Page End:
- 37
- Publication Date:
- 2018-12
- Subjects:
- Dynamic analysis -- Hardware features -- Memory dump -- Malware classification
Forensic sciences -- Data processing -- Periodicals
Criminal investigation -- Data processing -- Periodicals
363.250285 - Journal URLs:
- http://www.sciencedirect.com/science/journal/17422876 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.diin.2018.09.006 ↗
- Languages:
- English
- ISSNs:
- 1742-2876
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3588.396620
British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 9004.xml