Title: A hybrid malware analysis approach for identifying process-injection malware based on machine learning

Authors: Chia-Mei Chen; Ze-Yu Lin; Ya-Hui Ou; Jiunn-Wu Lin

Addresses: Department of Information Management, National Sun Yat-sen University, Taiwan ' Department of Information Management, National Sun Yat-sen University, Taiwan ' General Competency Center, National Penghu University of Science and Technology, Taiwan ' Kaohsiung Veterans General Hospital, Taiwan

Abstract: Advanced persistent threat (APT) attacks take place every day, utilising stealthy and customised malware to disrupt the service or sabotage the network. Such advanced malware may subvert the defence mechanism by abusing process injection techniques provided by operating system and injecting malicious code into a benign process. Some process injection techniques may be identified by static analysis, but some can only be discovered at run time execution. This study adopts deep learning models and two malware analysis approaches to detect process injection malware. By applying transfer learning, this study proposes a CNN-based detection model with the features selected from static and dynamic analysis to identify process-injection malware. The experimental results demonstrate that the proposed method could detect process-injection malware efficiently as well as unknown malware.

Keywords: malware detection; process injection; machine learning.

DOI: 10.1504/IJSN.2024.137312

International Journal of Security and Networks, 2024 Vol.19 No.1, pp.20 - 30

Received: 13 Jul 2021
Accepted: 19 Jul 2021
Published online: 12 Mar 2024 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article