Malware Classification using Locality Sensitive Hashing and Neural Networks
Typ
Examensarbete för masterexamen
Program
Publicerad
2019
Författare
Friborg, Ludwig
Peiser, Stefan Carl
Modellbyggare
Tidskriftstitel
ISSN
Volymtitel
Utgivare
Sammanfattning
In this thesis, we explore the idea of using locality sensitive hashes as input features
to a feedforward neural network to perform static analysis to detect JavaScript
malware. An experiment is conducted using a dataset containing 1.5M evenly
distributed benign and malicious samples provided by the anti-malware company
Cyren, which is the industry collaborator for this thesis. Four different locality sensitive
hashing algorithms are tested and evaluated: Nilsimsa, ssdeep, TLSH, and
SDHASH. The results show a high prediction accuracy of 98.05% and low false positive
and negative rates of 0.94% and 2.69% for the best performing models. These
results show that LSH based neural networks are a competitive option against other
state-of-the-art JavaScript malware classification solutions.
Beskrivning
Ämne/nyckelord
locality sensitive hashing , static analysis , malware detection , artificial neural networks , machine learning , feature extraction