Applying NLP techniques to malware detection in a practical environment

Media type: E-Article
Title: Applying NLP techniques to malware detection in a practical environment
Contributor: Mimura, Mamoru; Ito, Ryo
Published: Springer Science and Business Media LLC, 2022
Published in: International Journal of Information Security, 21 (2022) 2, Seite 279-291
Language: English
DOI: 10.1007/s10207-021-00553-8
ISSN: 1615-5262; 1615-5270
Origination:
Footnote:
Description: <jats:title>Abstract</jats:title><jats:p>Executable files still remain popular to compromise the endpoint computers. These executable files are often obfuscated to avoid anti-virus programs. To examine all suspicious files from the Internet, dynamic analysis requires too much time. Therefore, a fast filtering method is required. With the recent development of natural language processing (NLP) techniques, printable strings became more effective to detect malware. The combination of the printable strings and NLP techniques can be used as a filtering method. In this paper, we apply NLP techniques to malware detection. This paper reveals that printable strings with NLP techniques are effective for detecting malware in a practical environment. Our dataset consists of more than 500,000 samples obtained from multiple sources. Our experimental results demonstrate that our method is effective to not only subspecies of the existing malware, but also new malware. Our method is effective against packed malware and anti-debugging techniques.</jats:p>

Search in field: