detecting cryptomining malware: a deep learning approach for static and dynamic analysis

Fa | Ar | En

detecting cryptomining malware: a deep learning approach for static and dynamic analysis


نویسنده	darabian hamid ,homayounoot sajad ,dehghantanha ali ,hashemi sattar ,karimipour hadis ,parizi reza m. ,choo kim-kwang raymond
منبع	journal of grid computing - 2020 - دوره : 18 - شماره : 2 - صفحه:293 -303
چکیده	Cryptomining malware (also referred to as cryptojacking) has changed the cyber threat landscape. such malware exploits the victim’s cpu or gpu resources with the aim of generating cryptocurrency. in this paper, we study the potential of using deep learning techniques to detect cryptomining malware by utilizing both static and dynamic analysis approaches. to facilitate dynamic analysis, we establish an environment to capture the system call events of 1500 portable executable (pe) samples of the cryptomining malware. we also demonstrate how one can perform static analysis of pe files’ opcode sequences. in our study, we evaluate the performance of using long short-term memory (lstm), attention-based lstm (att-lstm), and convolutional neural networks (cnn) on our sequential data (opcodes and system call invocations) for classification by a softmax function. we achieve an accuracy rate of 95% in the static analysis and an accuracy rate of 99% in the dynamic analysis.
کلیدواژه	cryptomining malware ,deep learning ,static analysis ,dynamic analysis
آدرس	shiraz university, department of computer science and engineering, iran, shiraz university of technology, it and computer engineering faculty, iran, university of guelph, school of computer science, cyber science lab, canada, shiraz university, department of computer science and engineering, iran, university of guelph, school of computer science, canada, kennesaw state university, department of software engineering and game development, usa, university of texas at san antonio, department of information systems and cyber security, usa



Authors