Saved in:
Bibliographic Details
Main Authors: Fujii, Shota, Yamagishi, Rei
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2411.14905
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866916492300255232
author Fujii, Shota
Yamagishi, Rei
author_facet Fujii, Shota
Yamagishi, Rei
contents Large language models (LLMs) are becoming more advanced and widespread and have shown their applicability to various domains, including cybersecurity. Static malware analysis is one of the most important tasks in cybersecurity; however, it is time-consuming and requires a high level of expertise. Therefore, we conducted a demonstration experiment focusing on whether an LLM can be used to support static analysis. First, we evaluated the ability of the LLM to explain malware functionality. The results showed that the LLM can generate descriptions that cover functions with an accuracy of up to 90.9\%. In addition, we asked six static analysts to perform a pseudo static analysis task using LLM explanations to verify that the LLM can be used in practice. Through subsequent questionnaires and interviews with the participants, we also demonstrated the practical applicability of LLMs. Lastly, we summarized the problems and required functions when using an LLM as static analysis support, as well as recommendations for future research opportunities.
format Preprint
id arxiv_https___arxiv_org_abs_2411_14905
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle Feasibility Study for Supporting Static Malware Analysis Using LLM
Fujii, Shota
Yamagishi, Rei
Cryptography and Security
Large language models (LLMs) are becoming more advanced and widespread and have shown their applicability to various domains, including cybersecurity. Static malware analysis is one of the most important tasks in cybersecurity; however, it is time-consuming and requires a high level of expertise. Therefore, we conducted a demonstration experiment focusing on whether an LLM can be used to support static analysis. First, we evaluated the ability of the LLM to explain malware functionality. The results showed that the LLM can generate descriptions that cover functions with an accuracy of up to 90.9\%. In addition, we asked six static analysts to perform a pseudo static analysis task using LLM explanations to verify that the LLM can be used in practice. Through subsequent questionnaires and interviews with the participants, we also demonstrated the practical applicability of LLMs. Lastly, we summarized the problems and required functions when using an LLM as static analysis support, as well as recommendations for future research opportunities.
title Feasibility Study for Supporting Static Malware Analysis Using LLM
topic Cryptography and Security
url https://arxiv.org/abs/2411.14905