DTMIC: Deep transfer learning for malware image classification

Kumar, Sanjeev; Janet, B.

doi:10.1016/j.jisa.2021.103063

Cited by 46 publications

(16 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Malware detection made substantial use of the concept of transfer learning. By employing the readily accessible pre-trained models such as VGG16 [ 39 , 41 , 45 , 46 ], Inception-V3 [ 46 ], Xception [ 51 , 52 , 62 ], ResNet [ 24 , 37 , 39 , 43 , 46 , 52 ], and others, existing works exploited transfer learning in the form of feature extraction or classification. These pre-trained models were typically developed using sizable image datasets outside the domain of our actual work.…”

Section: Methodsmentioning

confidence: 99%

“…Such a combination of NN was not previously utilized in the domain of malware detection. Previous works included extensive usage of CNN, CNN-based pre-trained models [ 25 , 37 , 39 , 41 , 43 , 44 , 45 , 46 , 50 , 52 , 62 ], shallow models such as Logistic Regression, Random Forest, Decision Tree, Bagging, SVM, etc., or an ensemble of these shallow models [ 35 , 42 , 48 , 57 ].…”

Section: Methodsmentioning

confidence: 99%

“…Kumar et al [ 46 ] leveraged the deep CNN architecture previously trained on ImageNet for classification. A CNN model was trained using grayscale images generated from Windows Portable Executable files as input.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Transfer Learning for Image-Based Malware Detection for IoT

Panda

Kumar

Marappan

et al. 2023

Sensors

View full text Add to dashboard Cite

The tremendous growth in online activity and the Internet of Things (IoT) led to an increase in cyberattacks. Malware infiltrated at least one device in almost every household. Various malware detection methods that use shallow or deep IoT techniques were discovered in recent years. Deep learning models with a visualization method are the most commonly and popularly used strategy in most works. This method has the benefit of automatically extracting features, requiring less technical expertise, and using fewer resources during data processing. Training deep learning models that generalize effectively without overfitting is not feasible or appropriate with large datasets and complex architectures. In this paper, a novel ensemble model, Stacked Ensemble—autoencoder, GRU, and MLP or SE-AGM, composed of three light-weight neural network models—autoencoder, GRU, and MLP—that is trained on the 25 essential and encoded extracted features of the benchmark MalImg dataset for classification was proposed. The GRU model was tested for its suitability in malware detection due to its lesser usage in this domain. The proposed model used a concise set of malware features for training and classifying the malware classes, which reduced the time and resource consumption in comparison to other existing models. The novelty lies in the stacked ensemble method where the output of one intermediate model works as input for the next model, thereby refining the features as compared to the general notion of an ensemble approach. Inspiration was drawn from earlier image-based malware detection works and transfer learning ideas. To extract features from the MalImg dataset, a CNN-based transfer learning model that was trained from scratch on domain data was used. Data augmentation was an important step in the image processing stage to investigate its effect on classifying grayscale malware images in the MalImg dataset. SE-AGM outperformed existing approaches on the benchmark MalImg dataset with an average accuracy of 99.43%, demonstrating that our method was on par with or even surpassed them.

show abstract

Section: Methodsmentioning

confidence: 99%

Section: Methodsmentioning

confidence: 99%

See 1 more Smart Citation

Transfer Learning for Image-Based Malware Detection for IoT

Panda

Kumar

Marappan

et al. 2023

Sensors

View full text Add to dashboard Cite

show abstract

“…In vision-based malware identification algorithms, the Android malware APKs or their extracted features are converted to visual 2D digital images before the classification and detection process. Therefore, the main features of the Android malware APKs can be extracted and obtained by the unzipping or decompilation processes [ 17 , 18 ]. Then, the resulting 1D binary vectors of the extracted features (i.e., Android manifest, SMALI, and Classes.dex) are transformed to 2D vectors (grayscale images).…”

Section: Introductionmentioning

confidence: 99%

Android malware analysis in a nutshell

2022

View full text Add to dashboard Cite

This paper offers a comprehensive analysis model for android malware. The model presents the essential factors affecting the analysis results of android malware that are vision-based. Current android malware analysis and solutions might consider one or some of these factors while building their malware predictive systems. However, this paper comprehensively highlights these factors and their impacts through a deep empirical study. The study comprises 22 CNN (Convolutional Neural Network) algorithms, 21 of them are well-known, and one proposed algorithm. Additionally, several types of files are considered before converting them to images, and two benchmark android malware datasets are utilized. Finally, comprehensive evaluation metrics are measured to assess the produced predictive models from the security and complexity perspectives. Consequently, guiding researchers and developers to plan and build efficient malware analysis systems that meet their requirements and resources. The results reveal that some factors might significantly impact the performance of the malware analysis solution. For example, from a security perspective, the accuracy, F1-score, precision, and recall are improved by 131.29%, 236.44%, 192%, and 131.29%, respectively, when changing one factor and fixing all other factors under study. Similar results are observed in the case of complexity assessment, including testing time, CPU usage, storage size, and pre-processing speed, proving the importance of the proposed android malware analysis model.

show abstract

“…Technique: CNN + RNN • Image representation: RGB image • Dataset: Microsoft Big 2015 • Malware format: Byte file (hexadecimal of the binary content), Assembly Code • Detecting Malware targeting: Windows • Feature extraction: SEResNet50 + Bi-LSTM • Classifier: Sigmoid • Result: 98.31% accuracy Kumar et al[41] proposed the DTMIC model, which uses a pre-trained CNN model VGG16 to perform feature extraction from the images. Extracted features are further fed into a fully-connected layer and then passed to the SoftMax classifier to identify the malware family.…”

mentioning

confidence: 99%

A Survey on Visualization-Based Malware Detection

Moawad¹,

Ebada²,

Al-Zoghby³

2022

Journal of Cyber Security

View full text Add to dashboard Cite

In computer security, the number of malware threats is increasing and causing damage to systems for individuals or organizations, necessitating a new detection technique capable of detecting a new variant of malware more efficiently than traditional anti-malware methods. Traditional antimalware software cannot detect new malware variants, and conventional techniques such as static analysis, dynamic analysis, and hybrid analysis are time-consuming and rely on domain experts. Visualization-based malware detection has recently gained popularity due to its accuracy, independence from domain experts, and faster detection time. Visualization-based malware detection uses the image representation of the malware binary and applies image processing techniques to the image. This paper aims to provide readers with a comprehensive understanding of malware detection and focuses on visualization-based malware detection.

show abstract

DTMIC: Deep transfer learning for malware image classification

Cited by 46 publications

References 30 publications

Transfer Learning for Image-Based Malware Detection for IoT

Transfer Learning for Image-Based Malware Detection for IoT

Android malware analysis in a nutshell

A Survey on Visualization-Based Malware Detection

Contact Info

Product

Resources

About