Next Article in Journal
An Integrated Graph Model for Document Summarization
Previous Article in Journal
Vital, Sophia, and Co.—The Quest for the Legal Personhood of Robots
Article Menu

Export Article

Open AccessArticle
Information 2018, 9(9), 231; https://doi.org/10.3390/info9090231

CryptoKnight: Generating and Modelling Compiled Cryptographic Primitives

1
School of Informatics, The University of Edinburgh, Edinburgh EH8 9YL, UK
2
Division of Cyber Security, Abertay University, Dundee DD1 1HG, UK
*
Author to whom correspondence should be addressed.
Received: 12 July 2018 / Revised: 3 September 2018 / Accepted: 6 September 2018 / Published: 10 September 2018
Full-Text   |   PDF [411 KB, uploaded 10 September 2018]   |  

Abstract

Cryptovirological augmentations present an immediate, incomparable threat. Over the last decade, the substantial proliferation of crypto-ransomware has had widespread consequences for consumers and organisations alike. Established preventive measures perform well, however, the problem has not ceased. Reverse engineering potentially malicious software is a cumbersome task due to platform eccentricities and obfuscated transmutation mechanisms, hence requiring smarter, more efficient detection strategies. The following manuscript presents a novel approach for the classification of cryptographic primitives in compiled binary executables using deep learning. The model blueprint, a Dynamic Convolutional Neural Network (DCNN), is fittingly configured to learn from variable-length control flow diagnostics output from a dynamic trace. To rival the size and variability of equivalent datasets, and to adequately train our model without risking adverse exposure, a methodology for the procedural generation of synthetic cryptographic binaries is defined, using core primitives from OpenSSL with multivariate obfuscation, to draw a vastly scalable distribution. The library, CryptoKnight, rendered an algorithmic pool of AES, RC4, Blowfish, MD5 and RSA to synthesise combinable variants which automatically fed into its core model. Converging at 96% accuracy, CryptoKnight was successfully able to classify the sample pool with minimal loss and correctly identified the algorithm in a real-world crypto-ransomware application. View Full-Text
Keywords: cryptography; deep learning; reverse engineering cryptography; deep learning; reverse engineering
Figures

Figure 1

This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited (CC BY 4.0).
SciFeed

Share & Cite This Article

MDPI and ACS Style

Hill, G.; Bellekens, X. CryptoKnight: Generating and Modelling Compiled Cryptographic Primitives. Information 2018, 9, 231.

Show more citation formats Show less citations formats

Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Related Articles

Article Metrics

Article Access Statistics

1

Comments

[Return to top]
Information EISSN 2078-2489 Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert
Back to Top