Detection of Malicious Binaries and Executables Using Machine Learning-based Detectors

In digital networks, the most common goal of cybercriminals is to steal high-privilege credentials or valuable data. By obtaining high-privilege credentials, cybercriminals can easily navigate, destroy, or steal an organization's data, such as bank details, personal data, and intellectual properties. With the advent of information technology and operational technology convergence like the Internet of things (IoT), it becomes more critical on protecting the high-privilege credentials as cybercriminals can have the power to control operational technologies such as industrial control systems (ICS) and supervisory control and data acquisition (SCADA). Unfortunately, even with this information, many organizations are easily susceptible to these attacks, especially manufacturing firms. This paper presents how cybercriminals from the Internet can utilize malicious payloads and executables to compromise an organization. The proposed approach also shows how organizations can detect those using an (ML) machine learning-based detection by collecting the malicious executables and binaries used in the attacks. Doing so could help organizations to be equipped with proper knowledge in understanding the underlying attack and, at the same time, implementing their detection mechanism specific to the cybercriminals attacking their network. The results show that the machine learning-based detector can identify the samples, whether malicious or benign.