Malware Classification using Locality Sensitive Hashing and Neural Networks

Publicerad

Typ

Examensarbete för masterexamen

Program

Modellbyggare

Tidskriftstitel

ISSN

Volymtitel

Utgivare

Sammanfattning

In this thesis, we explore the idea of using locality sensitive hashes as input features to a feedforward neural network to perform static analysis to detect JavaScript malware. An experiment is conducted using a dataset containing 1.5M evenly distributed benign and malicious samples provided by the anti-malware company Cyren, which is the industry collaborator for this thesis. Four different locality sensitive hashing algorithms are tested and evaluated: Nilsimsa, ssdeep, TLSH, and SDHASH. The results show a high prediction accuracy of 98.05% and low false positive and negative rates of 0.94% and 2.69% for the best performing models. These results show that LSH based neural networks are a competitive option against other state-of-the-art JavaScript malware classification solutions.

Beskrivning

Ämne/nyckelord

locality sensitive hashing, static analysis, malware detection, artificial neural networks, machine learning, feature extraction

Citation

Arkitekt (konstruktör)

Geografisk plats

Byggnad (typ)

Byggår

Modelltyp

Skala

Teknik / material

Index

item.page.endorsement

item.page.review

item.page.supplemented

item.page.referenced