Name
Title | ||
|---|---|---|
TrustSign: Trusted Malware Signature Generation in Private Clouds Using Deep Feature Transfer Learning |
Abstract | ||
|---|---|---|
This paper presents TrustSign, a novel, trusted automatic malware signature generation method based on high-level deep features transferred from a VGG-19 neural network model pre-trained on the ImageNet dataset. While traditional automatic malware signature generation techniques rely on static or dynamic analysis of the malware's executable, our method overcomes the limitations associated with these techniques by producing signatures based on the presence of the malicious process in the volatile memory. Signatures generated using TrustSign well represent the real malware behavior during runtime. By leveraging the cloud's virtualization technology, TrustSign analyzes the malicious process in a trusted manner, since the malware is unaware and cannot interfere with the inspection procedure. Additionally, by removing the dependency on the malware's executable, our method is capable of signing fileless malware. Thus, we focus our research on in-browser cryptojacking attacks, which current antivirus solutions have difficulty to detect. However, TrustSign is not limited to cryptojacking attacks, as our evaluation included various ransomware samples. TrustSign's signature generation process does not require feature engineering or any additional model training, and it is done in a completely unsupervised manner, obviating the need for a human expert. Therefore, our method has the advantage of dramatically reducing signature generation and distribution time. The results of our experimental evaluation demonstrate TrustSign's ability to generate signatures invariant to the process state over time. By using the signatures generated by TrustSign as input for various supervised classifiers, we achieved 99.5% classification accuracy. |
Year | DOI | Venue |
|---|---|---|
2019 | 10.1109/IJCNN.2019.8851841 | 2019 International Joint Conference on Neural Networks (IJCNN) |
Keywords | Field | DocType |
Deep Learning,Transfer Learning,Convolutional Neural Networks,Malware,Cryptojacking,Automatic Signature Generation | Ransomware,Computer science,Process state,Feature engineering,Artificial intelligence,Deep learning,Malware,Machine learning,Volatile memory,Executable,Cloud computing | Conference |
ISSN | ISBN | Citations |
2161-4393 | 978-1-7281-1986-1 | 1 |
PageRank | References | Authors |
0.35 | 16 | 4 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Daniel Nahmias | 1 | 1 | 0.35 |
| Aviad Cohen | 2 | 58 | 7.35 |
| Nir Nissim | 3 | 199 | 19.42 |
| Yuval Elovici | 4 | 2583 | 204.53 |