A Convolutional Transformation Network for Malware Classification

Vu, Duc-Ly; Nguyen, Trong-Kha; Nguyên, Tam; Nguyen, Tu N.; Massacci, Fabio; Phung, Phu H.

doi:10.1109/nics48868.2019.9023876

Cited by 53 publications

(17 citation statements)

References 35 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Vu et al [45] proposed a CNN-based architecture with transformations on the input images such as byte class, gradient, Hilbert, entropy, and hybrid image transformation with GIST and CNN-based models. Their GIST with grayscale images produced 94.27% accuracy and CNN performs the best with hybrid image transformation (HIT) technique.…”

Section: Related Workmentioning

confidence: 99%

Image-Based Malware Classification Using VGG19 Network and Spatial Convolutional Attention

et al. 2021

View full text Add to dashboard Cite

In recent years the amount of malware spreading through the internet and infecting computers and other communication devices has tremendously increased. To date, countless techniques and methodologies have been proposed to detect and neutralize these malicious agents. However, as new and automated malware generation techniques emerge, a lot of malware continues to be produced, which can bypass some state-of-the-art malware detection methods. Therefore, there is a need for the classification and detection of these adversarial agents that can compromise the security of people, organizations, and countless other forms of digital assets. In this paper, we propose a spatial attention and convolutional neural network (SACNN) based on deep learning framework for image-based classification of 25 well-known malware families with and without class balancing. Performance was evaluated on the Malimg benchmark dataset using precision, recall, specificity, precision, and F1 score on which our proposed model with class balancing reached 97.42%, 97.95%, 97.33%, 97.11%, and 97.32%. We also conducted experiments on SACNN with class balancing on benign class, also produced above 97%. The results indicate that our proposed model can be used for image-based malware detection with high performance, despite being simpler as compared to other available solutions.

show abstract

Section: Related Workmentioning

confidence: 99%

Image-Based Malware Classification Using VGG19 Network and Spatial Convolutional Attention

et al. 2021

View full text Add to dashboard Cite

show abstract

“…VGG-based and ResNet-based advanced architectures are also exploited [26,[32][33][34]. Differently, Vu et al [35] developed a novel approach using hybrid transformation to convert malware to color images that convey malware semantics to perform malware classification tasks.…”

Section: Malware Imagementioning

confidence: 99%

“…Conv-4 embedding can be improved or replaced with a more powerful embedding architecture such as ResNet [34] and residual attention network [56]. Second, using multiple methods to construct hybrid malware images such as entropy and gradients in [35] is a possible way to extract more information for model training. Third, in our design, the embedding module is common and shared by all malware classes, including those unseen ones.…”

Section: Future Workmentioning

confidence: 99%

ConvProtoNet: Deep Prototype Induction towards Better Class Representation for Few-Shot Malware Classification

Tang

Wang

2020

Applied Sciences

View full text Add to dashboard Cite

Traditional malware classification relies on known malware types and significantly large datasets labeled manually which limits its ability to recognize new malware classes. For unknown malware types or new variants of existing malware containing only a few samples each class, common classification methods often fail to work well due to severe overfitting. In this paper, we propose a new neural network structure called ConvProtoNet which employs few-shot learning to address the problem of scarce malware samples while prevent from overfitting. We design a convolutional induction module to replace the insufficient prototype reduction in most few-shot models and generates more appropriate class-level malware prototypes for classification. We also adopt meta-learning scheme to make classifier robust enough to adapt unseen malware classes without fine-tuning. Even in extreme conditions where only 5 samples in each class are provided, ConvProtoNet still achieves more than 70% accuracy on average and outperforms other traditional malware classification methods or existed few-shot models in experiments conducted on several datasets. Extra experiments across datasets illustrate that ConvProtoNet learns general knowledge of malware which is dataset-invariant and careful model analysis proves effectiveness of ConvProtoNet in few-shot malware classification.

show abstract

“…Thanks to this approach, more features of binaries are carried in the images, resulting in a higher accuracy rate of classification compared with existing methods. Readers might be also interested in an earlier version of this work, archived on ArXiv.org, 47 in which we report preliminary results of a similar approach with a smaller scale of dataset and experiments.…”

Section: Related Workmentioning

confidence: 99%

HIT4Mal: Hybrid image transformation for malware classification

Nguyen

Nguyên

et al. 2019

Trans Emerging Tel Tech

Self Cite

View full text Add to dashboard Cite

Modern malware evolves various detection avoidance techniques to bypass the state‐of‐the‐art detection methods. An emerging trend to deal with this issue is the combination of image transformation and machine learning models to classify and detect malware. However, existing works in this field only perform simple image transformation methods. These simple transformations have not considered color encoding and pixel rendering techniques on the performance of machine learning classifiers. In this article, we propose a novel approach to encoding and arranging bytes from binary files into images. These developed images contain statistical (eg, entropy) and syntactic artifacts (eg, strings), and their pixels are filled up using space‐filling curves. Thanks to these features, our encoding method surpasses existing methods demonstrated by extensive experiments. In particular, our proposed method achieved 93.01% accuracy using the combination of the entropy encoding and character class scheme on the Hilbert curve.

show abstract

A Convolutional Transformation Network for Malware Classification

Cited by 53 publications

References 35 publications

Image-Based Malware Classification Using VGG19 Network and Spatial Convolutional Attention

Image-Based Malware Classification Using VGG19 Network and Spatial Convolutional Attention

ConvProtoNet: Deep Prototype Induction towards Better Class Representation for Few-Shot Malware Classification

HIT4Mal: Hybrid image transformation for malware classification

Contact Info

Product

Resources

About