Malware Detection of Hangul Word Processor Files Using Spatial Pyramid Average Pooling.
Sensors (Basel)
; 20(18)2020 Sep 15.
Article
in En
| MEDLINE
| ID: mdl-32942607
Malware detection of non-executables has recently been drawing much attention because ordinary users are vulnerable to such malware. Hangul Word Processor (HWP) is software for editing non-executable text files and is widely used in South Korea. New malware for HWP files continues to appear because of the circumstances between South Korea and North Korea. There have been various studies to solve this problem, but most of them are limited because they require a large amount of effort to define features based on expert knowledge. In this study, we designed a convolutional neural network to detect malware within HWP files. Our proposed model takes a raw byte stream as input and predicts whether it contains malicious actions or not. To incorporate highly variable lengths of HWP byte streams, we propose a new padding method and a spatial pyramid average pooling layer. We experimentally demonstrate that our model is not only effective, but also efficient.
Full text:
1
Collection:
01-internacional
Database:
MEDLINE
Type of study:
Diagnostic_studies
/
Prognostic_studies
Language:
En
Journal:
Sensors (Basel)
Year:
2020
Document type:
Article
Country of publication:
Switzerland