Deep feature transfer learning for trusted and automated malware signature generation in private cloud environments

Daniel Nahmias, Aviad Cohen, Nir Nissim, Yuval Elovici

Neural Networks 124, 243-257, 2020

This paper presents TrustSign, a novel, trusted automatic malware signature generation method based on high-level deep features transferred from a VGG-19 neural network model pretrained on the ImageNet dataset. While traditional automatic malware signature generation techniques rely on static or dynamic analysis of the malware’s executable, our method overcomes the limitations associated with these techniques by producing signatures based on the presence of the malicious process in the volatile memory. By leveraging the cloud’s virtualization technology, TrustSign analyzes the malicious process in a trusted manner, since the malware is unaware and cannot interfere with the inspection procedure. Additionally, by removing the dependency on the malware’s executable, our method is fully capable of signing fileless malware as well. TrustSign’s signature generation process does not require feature …