HMLET: Hunt Malware Using Wavelet Transform on Cross-Platform

Abstract

Read online

As the importance of cyberspace grows, malicious software (malware) is threatening not only individuals but also countries. In addition, numerous malware is still circulating in cyberspace, and as technology advances, new or advanced malware are emerging. In the real world, files from cross-platforms are distributed via e-mail, network-attached storage (NAS), shared drives, Etc. However, most malware detection models target only single-platform. Therefore, malware detection of cross-platforms has a significant and essential role. We propose HMLET, a cross-platform malware detection model. Our proposed HMLET uses content-based information that binary files all have in common, rather than file structure-based information that is not common to each platform, to detect malware of various file types in the cross-platform. We create file content-based information features for malware detection using wavelet transform. However, fixing the input data length when performing wavelet transform was necessary because the amount of information extracted according to the input data length was not constant. We fix the input data length through the Joint Probability Distribution (JPD) matrix to solve the input data length problem. After learning in the machine learning model, malware detection performance was evaluated through extracted features. Malware detection performance on the Windows platform showed 97% accuracy on HMLET and 99% on the Linux platform. In addition, on the Windows & Linux platform, HMLET showed 97% accuracy. According to experiment results, HMLET shows high-performance malware detection in the cross-platform, making it suitable to be used as a malware detection model in the cross-platform.

Keywords

• Detection
• joint probability distribution matrix
• machine learning
• malware
• signal processing
• static analysis