• PDF / 1,114,882 Bytes
• 11 Pages / 547.044 x 736.903 pts Page_size
• 36 Downloads / 265 Views

DOWNLOAD

REPORT

Detecting Cryptomining Malware: a Deep Learning Approach for Static and Dynamic Analysis Hamid Darabian · Sajad Homayounoot · Ali Dehghantanha · Sattar Hashemi · Hadis Karimipour · Reza M. Parizi · Kim-Kwang Raymond Choo

Received: 16 August 2019 / Accepted: 7 January 2020 © Springer Nature B.V. 2020

Abstract Cryptomining malware (also referred to as cryptojacking) has changed the cyber threat landscape. Such malware exploits the victim’s CPU or GPU resources with the aim of generating cryptocur-

H. Darabian · S. Hashemi () Department of Computer Science and Engineering, Shiraz University, Shiraz, Iran e-mail: s [email protected] H. Darabian e-mail: [email protected] S. Homayounoot IT and Computer Engineering Faculty, Shiraz University of Technology, Shiraz, Iran e-mail: [email protected] A. Dehghantanha Cyber Science Lab, School of Computer Science, University of Guelph, Guelph, ON, Canada e-mail: [email protected] H. Karimipour School of Computer Science, University of Guelph, Guelph, ON, Canada e-mail: [email protected] R. M. Parizi Department of Software Engineering and Game Development, Kennesaw State University, Marietta, GA 30060, USA e-mail: [email protected] K.-K. R. Choo Department of Information Systems and Cyber Security, University of Texas at San Antonio, San Antonio, TX 78249, USA e-mail: [email protected]

rency. In this paper, we study the potential of using deep learning techniques to detect cryptomining malware by utilizing both static and dynamic analysis approaches. To facilitate dynamic analysis, we establish an environment to capture the system call events of 1500 Portable Executable (PE) samples of the cryptomining malware. We also demonstrate how one can perform static analysis of PE files’ opcode sequences. In our study, we evaluate the performance of using Long Short-Term Memory (LSTM), Attention-based LSTM (ATT-LSTM), and Convolutional Neural Networks (CNN) on our sequential data (opcodes and system call invocations) for classification by a Softmax function. We achieve an accuracy rate of 95% in the static analysis and an accuracy rate of 99% in the dynamic analysis. Keywords CryptoMining malware · Deep learning · Static analysis · Dynamic analysis

1 Introduction Most cyber attackers and threat actors are financially motivated and likely attempt to maximize their monetary gain from available targets, for example by stealing credit card information [3, 11, 12, 42, 46]. In more recent years, there has been a shift in the malware trend, partly fueled by the introduction and popularity of cryptocurrencies [31, 44]. For example instead of directly stealing from the victims, cyber criminals

Hamid Darabian et al.

are now compromising victim’s systems to use such compromised systems to form a network of systems (i.e. cryptomining pool) and mine crypto-currencies (e.g. Bitcoin), without the victims’ knowledge – also referred to as cryptomining attacks [5, 8–10, 34, 38]. By compromising the victims’ systems, such malware may also open up other vulner

Recommend Documents

Detecting Malware Based on Dynamic Analysis Techniques Using Deep Graph Learning

193 70 45MB

Malware Detection Based on Static and Dynamic Features Analysis

244 98 66MB

Deep Learning Techniques for Behavioral Malware Analysis in Cloud IaaS

219 64 23MB

Detecting Covert Cryptomining Using HPC

200 54 25MB

Malware Analysis Using Artificial Intelligence and Deep Learning

472 87 23MB

Malware Classifications Based on Static-Dynamic Features and Factorization Machines

187 58 58MB

Deep Learning in Malware Identification and Classification

236 96 23MB

A Method for Windows Malware Detection Based on Deep Learning

257 112 2MB

A Weakly Supervised Deep Learning Approach for Detecting Malaria and Sickle Cells in Blood Films

137 69 218MB

Endicheck: Dynamic Analysis for Detecting Endianness Bugs

153 45 10MB

Malware Detection with Sequence-Based Machine Learning and Deep Learning

276 83 23MB

AOMDroid: Detecting Obfuscation Variants of Android Malware Using Transfer Learning

115 6 32MB