|
ウダ リュウヤ
宇田 隆哉 所属 コンピュータサイエンス学部 コンピュータサイエンス学科 職種 准教授 |
|
| 言語種別 | 英語 |
| 発行・発表の年月 | 2024/07 |
| 形態種別 | 国際会議論文 |
| 査読 | 査読あり |
| 標題 | Investigation of The Latest Malware Detection Engines and Lightweight Byte n-gram Methods with Real Custom Malware |
| 執筆形態 | 共著 |
| 掲載誌名 | 2024 16th International Conference on Computer and Automation Engineering (ICCAE) |
| 掲載区分 | 国外 |
| 出版社・発行元 | IEEE |
| 総ページ数 | 6 |
| 担当区分 | 筆頭著者,責任著者 |
| 著者・共著者 | Ryuya Uda, Shinnosuke Araki |
| 概要 | Almost all malware detection systems are black boxes to the general users. The simple pattern matching method is the fastest, but it becomes useless if some bytes in a malware file are changed. Therefore, in this paper, we investigated what kind of customization influences the detection rate of the latest malware detection engines. In addition, we also investigated whether byte n-gram and information gain malware detection methods are effective in detecting the custom malware files. These methods have been proposed and improved by some researchers, but the computational cost of information gain was too high to be used in the real world. Therefore, we proposed a lightweight method of the methods and evaluated the custom files. With this method, we could find only 9 to 13 out of 32 to 33 malware files in 5-hold cross-validation, but it was 15 to 21 in original files. This means that the byte n-gram method can work if it detects a malware file once. On the other hand, almost all of the malware files were not detected by almost all of the latest engines. We conclude that the byte n-gram methods are still effective when malware changes itself, and lightweight methods with better detection rates are needed. |
| researchmap用URL | https://doi.org/10.1109/ICCAE59995.2024.10569568 |