D24D: Dynamic Deep 4-Dimensional Analysis for Malware Detection

In the era of ubiquitous computing devices, malware is the primary weapon of cyber attacks, and malware-related security breaches remain a significant security concern. Nowadays, adversaries require fewer resources to exploit a system with the help of contemporary malicious payloads and AI tools than in the old days. Despite many advances in malware defense research, adversaries continually employ sophisticated tools and techniques to evade existing defense mechanisms and create chaos. Moreover, it is challenging to recognize these malicious binaries with shallow features such as section names, entropies, virtual sizes, and strings, which are not robust. The proposed work mainly focuses on identifying robust features that can help to detect more sophisticated (i) seen and (ii) never-seen-before malware effectively. Unlike the existing research works, $D^{2}4D$ concentrates on four types of analysis: Registry key, API function, network, and memory analysis. Above all, $D^{2}4D$ identifies the binaries that perform fast-flux attacks, DGA-based attacks, homoglyphs attacks, and other attack types. The evaluation results indicate that the $D^{2}4D$ achieves an accuracy of 99.67%, with a 0.10% False Positive Rate for seen binaries and more than 91% accuracy for never-seen-before binaries. Beyond that, $D^{2}4D$ outperforms 33 existing anti-malware. The extracted features prove robust in identifying seen and never-seen-before binaries based on the experimental analysis, comparison with the state-of-the-art models, and ablation study.