Proposal of Malware Detection Method Based on Memory Access Log that Is Not Affected by ASLR
摘要
In recent years, deep learning has advanced, leading to its widespread application in fields such as image recognition and speech recognition. Meanwhile, in the field of information security, damage caused by malware remains a serious problem. Traditional malware detection methods, such as pattern matching, face the challenge of being unable to detect it for which no pattern file exists. This paper proposes a method to improve malware detection accuracy by focusing on program memory access logs and devising a technique to circumvent the effects of memory address space layout randomization (ASLR). The proposed method creates grayscale images based on program memory access logs and performs classification using a CNN. For performance evaluation, ten types of normal programs and ten types of malware were used, trained and classified using MobileNetV2. Our proposed method attained considerably good performance: precision 0.9975, recall 0.9947, precision 1.0000, and F1 score 0.9973, confirming the feasibility of highly accurate malware detection. Furthermore, by using simplified grayscale images for the image processing step, this method reduces computational cost, enabling classification with high real-time performance.