Cargando…
Malware Detection of Hangul Word Processor Files Using Spatial Pyramid Average Pooling
Malware detection of non-executables has recently been drawing much attention because ordinary users are vulnerable to such malware. Hangul Word Processor (HWP) is software for editing non-executable text files and is widely used in South Korea. New malware for HWP files continues to appear because...
| Autores principales: | , , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
MDPI
2020
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7570816/ https://www.ncbi.nlm.nih.gov/pubmed/32942607 http://dx.doi.org/10.3390/s20185265 |
| _version_ | 1783597034319642624 |
|---|---|
| author | Jeong, Young-Seob Woo, Jiyoung Lee, SangMin Kang, Ah Reum |
| author_facet | Jeong, Young-Seob Woo, Jiyoung Lee, SangMin Kang, Ah Reum |
| author_sort | Jeong, Young-Seob |
| collection | PubMed |
| description | Malware detection of non-executables has recently been drawing much attention because ordinary users are vulnerable to such malware. Hangul Word Processor (HWP) is software for editing non-executable text files and is widely used in South Korea. New malware for HWP files continues to appear because of the circumstances between South Korea and North Korea. There have been various studies to solve this problem, but most of them are limited because they require a large amount of effort to define features based on expert knowledge. In this study, we designed a convolutional neural network to detect malware within HWP files. Our proposed model takes a raw byte stream as input and predicts whether it contains malicious actions or not. To incorporate highly variable lengths of HWP byte streams, we propose a new padding method and a spatial pyramid average pooling layer. We experimentally demonstrate that our model is not only effective, but also efficient. |
| format | Online Article Text |
| id | pubmed-7570816 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2020 |
| publisher | MDPI |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-75708162020-10-28 Malware Detection of Hangul Word Processor Files Using Spatial Pyramid Average Pooling Jeong, Young-Seob Woo, Jiyoung Lee, SangMin Kang, Ah Reum Sensors (Basel) Article Malware detection of non-executables has recently been drawing much attention because ordinary users are vulnerable to such malware. Hangul Word Processor (HWP) is software for editing non-executable text files and is widely used in South Korea. New malware for HWP files continues to appear because of the circumstances between South Korea and North Korea. There have been various studies to solve this problem, but most of them are limited because they require a large amount of effort to define features based on expert knowledge. In this study, we designed a convolutional neural network to detect malware within HWP files. Our proposed model takes a raw byte stream as input and predicts whether it contains malicious actions or not. To incorporate highly variable lengths of HWP byte streams, we propose a new padding method and a spatial pyramid average pooling layer. We experimentally demonstrate that our model is not only effective, but also efficient. MDPI 2020-09-15 /pmc/articles/PMC7570816/ /pubmed/32942607 http://dx.doi.org/10.3390/s20185265 Text en © 2020 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/). |
| spellingShingle | Article Jeong, Young-Seob Woo, Jiyoung Lee, SangMin Kang, Ah Reum Malware Detection of Hangul Word Processor Files Using Spatial Pyramid Average Pooling |
| title | Malware Detection of Hangul Word Processor Files Using Spatial Pyramid Average Pooling |
| title_full | Malware Detection of Hangul Word Processor Files Using Spatial Pyramid Average Pooling |
| title_fullStr | Malware Detection of Hangul Word Processor Files Using Spatial Pyramid Average Pooling |
| title_full_unstemmed | Malware Detection of Hangul Word Processor Files Using Spatial Pyramid Average Pooling |
| title_short | Malware Detection of Hangul Word Processor Files Using Spatial Pyramid Average Pooling |
| title_sort | malware detection of hangul word processor files using spatial pyramid average pooling |
| topic | Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7570816/ https://www.ncbi.nlm.nih.gov/pubmed/32942607 http://dx.doi.org/10.3390/s20185265 |
| work_keys_str_mv | AT jeongyoungseob malwaredetectionofhangulwordprocessorfilesusingspatialpyramidaveragepooling AT woojiyoung malwaredetectionofhangulwordprocessorfilesusingspatialpyramidaveragepooling AT leesangmin malwaredetectionofhangulwordprocessorfilesusingspatialpyramidaveragepooling AT kangahreum malwaredetectionofhangulwordprocessorfilesusingspatialpyramidaveragepooling |