LLVM IR 대상 악성코드 탐지를 위한 이미지 기반 머신러닝 모델

Vol. 34, No. 1, pp. 31-40, 2월. 2024
https://doi.org/10.13089/JKIISC.2024.34.1.31, Full Text:
Keywords: LLVM IR, Image based, Malware detection, ResNet50V2
Abstract

Recently, static analysis-based signature and pattern detection technologies have limitations due to the advanced IT technologies. Moreover, It is a compatibility problem of multiple architectures and an inherent problem of signature and pattern detection. Malicious codes use obfuscation and packing techniques to hide their identity, and they also avoid existing static analysis-based signature and pattern detection techniques such as code rearrangement, register modification, and branching statement addition. In this paper, We propose an LLVM IR image-based automated static analysis of malicious code technology using machine learning to solve the problems mentioned above. Whether binary is obfuscated or packed, it’s decompiled into LLVM IR, which is an intermediate representation dedicated to static analysis and optimization. "Therefore, the LLVM IR code is converted into an image before being fed to the CNN-based transfer learning algorithm ResNet50v2 supported by Keras". As a result, we present a model for image-based detection of malicious code.

Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[IEEE Style]
박경빈, 임강빈, 윤요섭, 또올가, "Image-Based Machine Learning Model for Malware Detection on LLVM IR," Journal of The Korea Institute of Information Security and Cryptology, vol. 34, no. 1, pp. 31-40, 2024. DOI: https://doi.org/10.13089/JKIISC.2024.34.1.31.

[ACM Style]
박경빈, 임강빈, 윤요섭, and 또올가. 2024. Image-Based Machine Learning Model for Malware Detection on LLVM IR. Journal of The Korea Institute of Information Security and Cryptology, 34, 1, (2024), 31-40. DOI: https://doi.org/10.13089/JKIISC.2024.34.1.31.