Fuzzy Neural Network for Malware Detect

摘要

The current commercial anti-virus software detects a virus only after the virus has appeared and caused damage. Motivated by the inference technique for detecting viruses, and a recent successful classification method, we explore a system (Radux: Reverse Analysis for Detecting Unsafe eXecutables) for automatically detecting malicious code using the collected dataset of the benign and malicious code. Our system rests on fuzzy inference based on behavior hidden in malicious code. Decompile technique is applied to characterize behavioral and structural properties of binary code, which creates more abstract descriptions of malware. The proposed method can acquire the fuzzy subsets and its membership function in an automatic way with the GD-FNN learning algorithm. The experimental data give support to the validity of this method. Moreover, our system is resilient to common obfuscations used by hackers.