Cardiff University | Prifysgol Caerdydd ORCA
Online Research @ Cardiff 
WelshClear Cookie - decide language by browser settings

Early-stage malware prediction using recurrent neural networks

Rhode, Matilda, Burnap, Pete ORCID: https://orcid.org/0000-0003-0396-633X and Jones, Kevin 2018. Early-stage malware prediction using recurrent neural networks. Computers and Security 77 , pp. 578-594. 10.1016/j.cose.2018.05.010

[thumbnail of 1-s2.0-S0167404818305546-main.pdf]
Preview
PDF - Published Version
Available under License Creative Commons Attribution.

Download (1MB) | Preview

Abstract

Static malware analysis is well-suited to endpoint anti-virus systems as it can be conducted quickly by examining the features of an executable piece of code and matching it to previously observed malicious code. However, static code analysis can be vulnerable to code obfuscation techniques. Behavioural data collected during file execution is more difficult to obfuscate, but takes a relatively long time to capture - typically up to 5 minutes, meaning the malicious payload has likely already been delivered by the time it is detected. In this paper we investigate the possibility of predicting whether or not an executable is malicious based on a short snapshot of behavioural data. We find that an ensemble of recurrent neural networks are able to predict whether an executable is malicious or benign within the first 5 seconds of execution with 94% accuracy. This is the first time general types of malicious file have been predicted to be malicious during execution rather than using a complete activity log file post-execution, and enables cyber security endpoint protection to be advanced to use behavioural data for blocking malicious payloads rather than detecting them post-execution and having to repair the damage.

Item Type: Article
Date Type: Publication
Status: Published
Schools: Computer Science & Informatics
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Additional Information: This is an open access article under the CC BY license. ( http://creativecommons.org/licenses/by/4.0/ )
Publisher: Elsevier
ISSN: 0167-4048
Funders: Airbus, ESPRC
Date of First Compliant Deposit: 23 May 2018
Date of Acceptance: 15 May 2018
Last Modified: 05 May 2023 08:09
URI: https://orca.cardiff.ac.uk/id/eprint/111627

Citation Data

Cited 161 times in Scopus. View in Scopus. Powered By Scopus® Data

Actions (repository staff only)

Edit Item Edit Item

Downloads

Downloads per month over past year

View more statistics