Ítem
Acceso Abierto

DEFENDIFY: defense amplified with transfer learning for obfuscated malware framework

Mostrar el registro sencillo de la publicación
dc.creatorKarabiyik, Umitspa
dc.creatorGómez Mármol, Félixspa
dc.creatorNespoli, Pantaleonespa
dc.creatorPerales Gómez, Angel Luisspa
dc.creatorAlférez, Santiagospa
dc.creatorDaniel, Díaz Lopez Orlandospa
dc.creatorRojas, Nicolásspa
dc.creatorMurcia Nieto, Juanspa
dc.creatorCastillo Camargo, Rodrigospa
dc.date.accessioned2025-07-21T16:35:15Z
dc.date.available2025-07-21T16:35:15Z
dc.date.created2025-12-01spa
dc.date.issued2025-12-01spa
dc.description.abstractThe existence of malicious software (malware) represents a potential threat to users who connect to a large set of services provided by multiple providers. Such malware is capable of stealing, spying on, encrypting data from users, and spreading, provoking impacts that are beyond a single citizen’s device and reaching critical information systems. To detect malware families, Machine Learning and Deep Learning techniques have been employed recently, demonstrating promising results. However, these techniques lack in detecting more advanced malware that employs obfuscation techniques. In this paper, we present DEFENDIFY, a novel framework, empowered by Computer Vision, Deep Learning, and Transfer Learning techniques, that is able to detect completely obfuscated malware with high performance in terms of accuracy and computational consumption. DEFENDIFY comprises three modules: Dataset Creation, Binary Obfuscation, and Model Generation. These modules work together to detect both obfuscated and non-obfuscated malware. The core module, i.e., the Model Generation, employs an entropy tester that determines whether a sample is obfuscated or not. Then, a Deep Learning model powered by Transfer Learning is employed to determine if it is malware or goodware. We validated our framework using real data gathered from malware repositories and legitimate software. The proposed framework was configured to test four Convolutional Neural Network architectures: ResNet18, ResNet34, EfficientNetB3, and EfficientNetV2S. Among them, the ResNet18 architecture obtained the best performance in detecting both non-obfuscated and obfuscated samples with an F1-score of 99.34% and 97.5%, respectively.eng
dc.format.mimetypeapplication/pdfspa
dc.identifier.doihttps://doi.org/10.1186/s42400-025-00396-zspa
dc.identifier.issn2096-4862spa
dc.identifier.urihttps://repository.urosario.edu.co/handle/10336/46050
dc.language.isoengspa
dc.publisherSpringer Openspa
dc.relation.ispartofCybersecurity volume 8, Article number: 97 (2025)spa
dc.relation.urihttps://cybersecurity.springeropen.com/articles/10.1186/s42400-025-00396-zspa
dc.rightsAttribution-NonCommercial-NoDerivatives 4.0 Internationalspa
dc.rights.accesRightsinfo:eu-repo/semantics/openAccessspa
dc.rights.accesoAbierto (Texto Completo)spa
dc.rights.urihttp://creativecommons.org/licenses/by-nc-sa/4.0/spa
dc.sourceCybersecurityspa
dc.source.instnameinstname:Universidad del Rosariospa
dc.source.reponamereponame:Repositorio Institucional EdocURspa
dc.subject.keywordSoftwareeng
dc.subject.keywordMalware detectioneng
dc.subject.keywordMalware obfuscationeng
dc.subject.keywordComputer visioneng
dc.subject.keywordTransfer learningeng
dc.subject.keywordDeep learningeng
dc.subject.keywordNetworking system of artifcial intelligenceeng
dc.titleDEFENDIFY: defense amplified with transfer learning for obfuscated malware frameworkspa
dc.typearticlespa
dc.type.hasVersioninfo:eu-repo/semantics/publishedVersionspa
dc.type.spaArtículo de Investigaciónspa
Archivos
Bloque original
Mostrando1 - 1 de 1
Miniatura
Nombre:
DEFENDIFY_defense_amplifed_with_transfer_learning.pdf
Tamaño:
1.95 MB
Formato:
Adobe Portable Document Format
Descripción:
Descargar
Colecciones
Artículos