Open Access

ARTICLE

Byte-Level Function-Associated Method for Malware Detection

Jingwei Hao^*, Senlin Luo, Limin Pan

Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology, Beijing, 100081, China

* Corresponding Author: Jingwei Hao. Email:

Computer Systems Science and Engineering 2023, 46(1), 719-734. https://doi.org/10.32604/csse.2023.033923

Received 01 July 2022; Accepted 28 October 2022; Issue published 20 January 2023

Abstract

The byte stream is widely used in malware detection due to its independence of reverse engineering. However, existing methods based on the byte stream implement an indiscriminate feature extraction strategy, which ignores the byte function difference in different segments and fails to achieve targeted feature extraction for various byte semantic representation modes, resulting in byte semantic confusion. To address this issue, an enhanced adversarial byte function associated method for malware backdoor attack is proposed in this paper by categorizing various function bytes into three functions involving structure, code, and data. The Minhash algorithm, grayscale mapping, and state transition probability statistics are then used to capture byte semantics from the perspectives of text signature, spatial structure, and statistical aspects, respectively, to increase the accuracy of byte semantic representation. Finally, the three-channel malware feature image is constructed based on different function byte semantics, and a convolutional neural network is applied for detection. Experiments on multiple data sets from 2018 to 2021 show that the method can effectively combine byte functions to achieve targeted feature extraction, avoid byte semantic confusion, and improve the accuracy of malware detection.

---

Keywords

---