Byte-level malware classification based on markov images and deep learning

Yuan, Baoguo; Wang, Junfeng; Liu, Dong; Guo, Wen; Wu, Peng; Xu-Hua, Bao

doi:10.1016/j.cose.2020.101740

Cited by 131 publications

(53 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In order to increase the accuracy of the CNN, authors in [20] used Markov images with the CNN instead of gray images. Therefore, the malware samples were converted to Markov images before training the CNN.…”

Section: Literature Reviewmentioning

confidence: 99%

“…Therefore, we can say that processing the dataset in different ways while using the same classifier method result in various classification accuracy. This is evident since the authors in [18,19] and [20] used the same method, which was CNN; however, different techniques of processing datasets were applied. In [18], the malware samples were converted to grayscale images.…”

Section: Literature Reviewmentioning

confidence: 99%

“…In [18], the malware samples were converted to grayscale images. In [19], they were converted to color images, and in [20], converted to Markov images. Most of the state-of-art solutions are usually developed to assess security triad of Blockchain technology in public sector applications [21].…”

Section: Literature Reviewmentioning

confidence: 99%

See 2 more Smart Citations

High Performance Classification Model to Identify Ransomware Payments for Heterogeneous Bitcoin Networks

Al‐Haija

Alsulami

2021

Electronics

View full text Add to dashboard Cite

The Bitcoin cryptocurrency is a worldwide prevalent virtualized digital currency conceptualized in 2008 as a distributed transactions system. Bitcoin transactions make use of peer-to-peer network nodes without a third-party intermediary, and the transactions can be verified by the node. Although Bitcoin networks have exhibited high efficiency in the financial transaction systems, their payment transactions are vulnerable to several ransomware attacks. For that reason, investigators have been working on developing ransomware payment identification techniques for bitcoin transactions’ networks to prevent such harmful cyberattacks. In this paper, we propose a high performance Bitcoin transaction predictive system that investigates the Bitcoin payment transactions to learn data patterns that can recognize and classify ransomware payments for heterogeneous bitcoin networks. Specifically, our system makes use of two supervised machine learning methods to learn the distinguishing patterns in Bitcoin payment transactions, namely, shallow neural networks (SNN) and optimizable decision trees (ODT). To validate the effectiveness of our solution approach, we evaluate our machine learning based predictive models on a recent Bitcoin transactions dataset in terms of classification accuracy as a key performance indicator and other key evaluation metrics such as the confusion matrix, positive predictive value, true positive rate, and the corresponding prediction errors. As a result, our superlative experimental result was registered to the model-based decision trees scoring 99.9% and 99.4% classification detection (two-class classifier) and accuracy (multiclass classifier), respectively. Hence, the obtained model accuracy results are superior as they surpassed many state-of-the-art models developed to identify ransomware payments in bitcoin transactions.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

Section: Literature Reviewmentioning

confidence: 99%

See 1 more Smart Citation

High Performance Classification Model to Identify Ransomware Payments for Heterogeneous Bitcoin Networks

Al‐Haija

Alsulami

2021

Electronics

View full text Add to dashboard Cite

show abstract

“…Venkatraman, Alazab & Vinayakumar (2019) proposed a hybrid architecture method based on CNN and gated recurrent unit (GRU) to classify malware images. Yuan et al (2020) converte malware binaries into markov images according to bytes transfer probability matrixs. Then the deep CNN is used for markov images classification.…”

Section: Introductionmentioning

confidence: 99%

“…However, most of the existing visualization schemes (Nataraj et al, 2011a;Nataraj et al, 2011b;Han et al, 2015;Cui et al, 2018;Venkatraman, Alazab & Vinayakumar, 2019;Yuan et al, 2020;Ghouti & Imam, 2020;Chu, Liu & Zhu, 2020) convert the whole portable executable (PE) format binary malware file into an image and the feature information contained in the image is typically contained in the global structure of the file. The code segment image only takes a small part of the whole malware image, and is a compiled "black box feature", which leads to the neglect of the specific semantic information contained in the code segment.…”

Section: Introductionmentioning

confidence: 99%

Malware homology determination using visualized images and feature fusion

Zhu

Huang

Wang

et al. 2021

PeerJ Computer Science

View full text Add to dashboard Cite

The family homology determination of malware has become a research hotspot as the number of malware variants are on the rise. However, existing studies on malware visualization only determines homology based on the global structure features of executable, which leads creators of some malware variants with the same structure intentionally set to misclassify them as the same family. We sought to develop a homology determination method using the fusion of global structure features and local fine-grained features based on malware visualization. Specifically, the global structural information of the malware executable file was converted into a bytecode image, and the opcode semantic information of the code segment was extracted by the n-gram feature model to generate an opcode image. We also propose a dual-branch convolutional neural network, which features the opcode image and bytecode image as the final family classification basis. Our results demonstrate that the accuracy and F-measure of family homology classification based on the proposed scheme are 99.05% and 98.52% accurate, respectively, which is better than the results from a single image feature or other major schemes.

show abstract

Malicious code detection based on many‐objective transfer model

Zhang

Lan

et al. 2023

Concurrency and Computation

View full text Add to dashboard Cite

SummaryWith the rapid growth of malicious codes, personal privacy, and Internet security are seriously threatened. Existing transfer learning‐based malicious code detection improves detection accuracy by transferring pre‐trained neural networks. However, it cannot efficiently tune the structure and parameters of the neural networks. Here, we first propose a novel many‐objective transfer model. It mainly focuses on the detection accuracy and the total number of parameters of the neural network model. The optimal structure and parameters are captured from the pre‐trained neural network by many‐objective optimization algorithm. Second, the partitioned crossover‐mutation vector angle‐based evolutionary algorithm for unconstrained many‐objective optimization is proposed to solve the model. The algorithm performs crossover mutation operations in different ways on different regions of the candidate solution to improve population diversity. The simulation results show that the model can reduce the pre‐trained neural network structure by 49% while maintaining the accuracy in malicious code detection.

show abstract

Byte-level malware classification based on markov images and deep learning

Cited by 131 publications

References 7 publications

High Performance Classification Model to Identify Ransomware Payments for Heterogeneous Bitcoin Networks

High Performance Classification Model to Identify Ransomware Payments for Heterogeneous Bitcoin Networks

Malware homology determination using visualized images and feature fusion

Malicious code detection based on many‐objective transfer model

Contact Info

Product

Resources

About