Malware Detection and Classification Technique based on AI through Visualization

Abstract

The recently discovered malware has developed into an advanced technique, and has been shown in a form so that it cannot be detected by the existing technique. As it is not easy to detect, it can cause more damage. Malware has its own attack pattern and characteristics depending on the family, and malware belonging to the same family has similar characteristics. In other words, if the family of unknown malware can be known, the damage can be minimized by analyzing and responding more quickly and easily in the analysis. In this paper, we introduce a model that detects malware and classifies families through image-based artificial intelligence models. The model introduced in this paper has the following two functions. First, it is a function to classify malware and benign files. Second, it is a function to classify the family of malware. Both functions utilize CNN (Convolutional Neural Network), which is one of the artificial intelligence models, and in order to use the CNN model, a preprocessing process representing malware and benign files as images is essential. Therefore, to implement the two functions, it is performed by configuring the preprocessing module and the artificial intelligence module. Chapter 1 of this paper briefly describes the necessity of applying the various techniques in analyzing malware along with various existing malware analysis techniques. Chapter 2 introduces the malware detection technology that was previously studied. In particular, the study using artificial intelligence models in detecting malware examines in detail. Chapter 3 explains the knowledge necessary to understand the model introduced in this paper. In Chapter 4, detailed explanations will be given along with each module constituting the model for detecting malware and classifying the family. Chapter 5 presents conclusions and suggestions for future research.