Would a File by Any Other Name Seem as Malicious?

No Thumbnail Available

Links to Files

https://arxiv.org/abs/1910.04753

Permanent Link

http://hdl.handle.net/11603/17551

Collections

UMBC Computer Science and Electrical Engineering Department
UMBC Faculty Collection

Author/Creator

Author/Creator ORCID

Date

2019-10-10

Type of Work

journal articles preprints
Text

Department

Program

Citation of Original Publication

Nguyen, Andre T.; Raff, Edward; Sant-Miller, Aaron; Would a File by Any Other Name Seem as Malicious?; Cryptography and Security (2019); https://arxiv.org/abs/1910.04753

Rights

This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.

Subjects

information technology systems
malware attacks
anti-virus systems
character-level convolutional neural network

Abstract

Successful malware attacks on information technology systems can cause millions of dollars in damage, the exposure of sensitive and private information, and the irreversible destruction of data. Anti-virus systems that analyze a file's contents use a combination of static and dynamic analysis to detect and remove/remediate such malware. However, examining a file's entire contents is not always possible in practice, as the volume and velocity of incoming data may be too high, or access to the underlying file contents may be restricted or unavailable. If it were possible to obtain estimates of a file's relative likelihood of being malicious without looking at the file contents, we could better prioritize file processing order and aid analysts in situations where a file is unavailable. In this work, we demonstrate that file names can contain information predictive of the presence of malware in a file. In particular, we show the effectiveness of a character-level convolutional neural network at predicting malware status using file names on Endgame's EMBER malware detection benchmark dataset.