Malicious Software-based Image Classification Via Deep Convolutional Neural Networks

Ghada Alagel; Khaled Elgdamsi

doi:10.64516/7nyq3z88

Authors

Ghada Alagel Electrical and Electronic Department, Faculty of Engineering, University of Tripoli, Libya Author
Khaled Elgdamsi Electrical and Electronic Department, Faculty of Engineering, University of Tripoli, Libya Author

DOI:

https://doi.org/10.64516/7nyq3z88

Keywords:

Cybersecurity, Malware Classification, Deep Learning, Convolutional Neural Networks

Abstract

Malicious software (Malware) classification is an important factor in the security of the computer systems. On the other hand, currently utilized signature-based methods cannot provide accurate detection of zero-day attacks and the ability to group malware variants into families with similar characteristics makes possible to create mitigation strategies that work for a whole class of programs. This paper presents two malware family classification approaches, the first system based on transfer learning, using Convolutional Neural Networks pertained on ImageNet database by adapting the last layers to malware family classification, while the second system uses the DCNN as a bottleneck feature extractor and use these features to train a multiclass classifier using traditional machine learning algorithms, namely, support vector machines (SVM), k-Nearest Neighbor (KNN) and Naïve Bayes (NB), the main benefit of this method that it does not require any disassembly or execution of the actual malware code. The experimental results showed that the first proposed approach could effectively be used to classify malware families with an accuracy of 92.0% using AlexNet and 88.8% using GoogleNet, while SVM classifier achieving an accuracy of 88.8% with AlexNet and 86.4% with GoogleNet gave best results using the second approach. Achieved automatic malware classification can be very valuable to anti-malware industry and security researches

References

1. K. Chumachenko, “Machine Learning Methods for Malware Detection and Classification,” Proc. 21st Pan-Hellenic Conf. Informatics - PCI 2017, p. 93, 2017.

2. A. Krizhevsky, I. Sutskever, and G. E. Hinton, “ImageNet Classification with Deep Convolutional Neural Networks,” in 25th International Conference on Neural Information Processing Systems, vol. 60, no. 6, pp. 1097–1105, 2012.

3. Z. Cui, F. Xue, X. Cai, Y. Cao, G. G. Wang, and J. Chen, “Detection of Malicious Code Variants Based on Deep Learning,” IEEE Trans. Ind. Informatics, vol. 14, no. 7, pp. 3187–3196, 2018.

4. M. Kalash, M. Rochan, N. Mohammed, N. D. B. Bruce, Y. Wang, and F. Iqbal, “Malware Classification with Deep Convolutional Neural Networks,” 2018 9th IFIP Int. Conf. New Technol. Mobil. Secur. NTMS 2018 - Proc., vol. 2018-Janua, pp. 1–5, 2018.

5. L. Nataraj, S. Karthikeyan, G. Jacob, and B. S. Manjunath, “Malware images: Visualization and automatic classification,” ACM Int. Conf. Proceeding Ser., no. July, 2011.

6. R. Ronen, M. Radu, C. Feuerstein, E. Yom-Tov, and M. Ahmadi, “Microsoft Malware Classification Challenge,” CODASPY 2016 - Proc. 6th ACM Conf. Data Appl. Secur. Priv., pp. 183–194, 2016.

7. Bojan Kolosnjaji, Apostolis Zarras, George Webster and C. E., “Deep Learning for Classification of Malware System Call Sequences,” AI 2016 Adv. Artif. Intell. AI 2016. Lect. Notes Comput. Sci., vol. 9992, pp. 403–415, 2016.

8. A. Bensaoud, N. Abudawaood, and J. Kalita, “Classifying Malware Images with Convolutional Neural Network Models,” 2020.

9. D. Gibert, C. Mateu, J. Planes, and R. Vicens, “Using convolutional neural networks for classification of malware represented as images,” J. Comput. Virol. Hacking Tech., vol. 15, no. 1, pp. 15–28, 2019.

10. A. Patil and M. Rane, “Convolutional Neural Networks: An Overview and Its Applications in Pattern Recognition,” Smart Innov. Syst. Technol., vol. 195, pp. 21–30, 2021.

11. C. Szegedy et al., “Going Deeper with Convolutions,” in IEEE conference on computer vision and pattern recognition (CVPR), pp. 1–9, 2015.

12. Takuya Yoshioka , Nobutaka Ito , Marc Delcroix , Atsunori Ogawa , Keisuke Kinoshita , Masakiyo Fujimoto, “THE NTT CHIME-3 SYSTEM : ADVANCES IN SPEECH ENHANCEMENT AND RECOGNITION FOR MOBILE MULTI-MICROPHONE DEVICES” NTT Communication Science Laboratories , NT,” pp. 436–443, 2015.

13. R. Jing and Y. Zhang, “A view of support vector machines algorithm on classification problems,” Proc. - 2010 Int. Conf. Multimed. Commun. Mediacom 2010, pp. 13–16, 2010.

14. J. Laaksonen and E. Oja, “Classification with learning k-nearest neighbors,” IEEE Int. Conf. Neural Networks - Conf. Proc., vol. 3, pp. 1480–1483, 1996.

15. Bharadwaj, K. B. Prakash, and G. R. Kanagachidambaresan, Pattern Recognition and Machine Learning. 2021.

16. E. Rezende, G. Ruppert, T. Carvalho, F. Ramos, and P. De Geus, “Malicious software classification using transfer learning of ResNet-50 deep neural network,” Proc. - 16th IEEE Int. Conf. Mach. Learn. Appl. ICMLA 2017, vol. 2017-Decem, pp. 1011–1014, 2017.