Image-based Malware Classification: A Space Filling Curve Approach

O’Shaughnessy, Stephen

doi:10.1109/vizsec48167.2019.9161583

Cited by 11 publications

(9 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…O'Shaughnessy [32] proposed a novel method for visualizing and classifying Windows malware using Space-Filling Curves (SFCs). The binary image was converted using SFC, and the images were trained using the KNN-HOG and GIST algorithms.…”

Section: A Image Visualizationmentioning

confidence: 99%

Android Ransomware Analysis Using Convolutional Neural Network and Fuzzy Hashing Features

Rodriguez-Bazan,

Sidorov,

Escamilla-Ambrosio

2023

IEEE Access

View full text Add to dashboard Cite

Most of the time, cybercriminals look for new ways to bypass security controls by improving their attacks. In the 1980s, attackers developed malware to kidnap user data by requesting payment. Malware is called a ransomware. Recently, they have demanded payment in Bitcoin or any other cryptocurrency. Ransomware is one of the most dangerous threats on the Internet, and this type of malware could affect almost all devices. Malware cipher device data, making them inaccessible to users. In this study, a new method for Android ransomware classification was proposed. This method implements a Convolutional Neural Network (CNN) for malware classification using images. This paper presents a novel method for transforming an Android Application Package (APK) into a grayscale image. The image creation relies on using Natural Language Processing (NLP) techniques for text cleaning and Fuzzy Hashing to represent the decompiled code from the APK in a set of hashes after preprocessing using NLP techniques. The image is composed of n fuzzy hashes that represent the APK. This method was tested on a dataset of 7,765 Android ransomware samples obtained from external researchers and public sources. The accuracy of the proposed method was higher than that of other methods in the literature.

show abstract

Section: A Image Visualizationmentioning

confidence: 99%

Android Ransomware Analysis Using Convolutional Neural Network and Fuzzy Hashing Features

Rodriguez-Bazan,

Sidorov,

Escamilla-Ambrosio

2023

IEEE Access

View full text Add to dashboard Cite

show abstract

“…The malicious files contained known malware classes and the algorithm achieved an overall detection rate of 74% when trained with optimal parameters. Another study published by [41] paired binvis.io image generation with several machine learning models to perform classification of known malware families. The model accuracy achieved a score of 91% under the knearest neighbours (KNN) algorithm and outperformed the work published in 2011 by [42] when tested at previously unknown files.…”

Section: Research Related To Binvisiomentioning

confidence: 99%

“…These experiments were originally mentioned in Section 2. In their approach, the authors [40,41,43,44] used the BinVis algorithm to generate images which are used as input to the objective of feature classification. Their aim was to conduct either malware/benign filetype classification [40], malware family classification [41], or malware/benign IoT traffic classification [43,44].…”

Section: Comparison With Previous Applications Based On Binvismentioning

confidence: 99%

“…Ref. [41] recognized the need for AV programs to perform malware family classification, and employed computer vision techniques to provide a scalable solution. For this reason, he performed data conversion while experimenting with three factors of the image conversion and classification process: a variety of space-filling curves, different feature extraction techniques, and various statistical learning models.…”

Section: O'shaughnessy's Experimentsmentioning

confidence: 99%

See 1 more Smart Citation

SAGMAD—A Signature Agnostic Malware Detection System Based on Binary Visualisation and Fuzzy Sets

et al. 2022

View full text Add to dashboard Cite

Image conversion of byte-level data, or binary visualisation, is a relevant approach to security applications interested in malicious activity detection. However, in practice, binary visualisation has always been seen to have great limitations when dealing with large volumes of data, and would be a reluctant candidate as the core building block of an intrusion detection system (IDS). This is due to the requirements of computational time when processing the flow of byte data into image format. Machine intelligence solutions based on colour tone variations that are intended for pattern recognition would overtax the process. In this paper, we aim to solve this issue by proposing a fast binary visualisation method that uses Fuzzy Set theory and the H-indexing space filling curve. Our model can assign different colour tones on a byte, allowing it to be influenced by neighbouring byte values while preserving optimal locality indexing. With this work, we wish to establish the first steps in pursuit of a signature-free IDS. For our experiment, we used 5000 malicious and benign files of different sizes. Our methodology was tested on various platforms, including GRNET’s High-Performance Computing services. Further improvements in computation time allowed larger files to convert in roughly 0.5 s on a desktop environment. Its performance was also compared with existing machine learning-based detection applications that used traditional binary visualisation. Despite lack of optimal tuning, SAGMAD was able to achieve 91.94% accuracy, 90.63% precision, 92.7% recall, and an F-score of 91.61% on average when tested within previous binary visualisation applications and following their parameterisation scheme. The results exceeded malware file-based experiments and were similar to network intrusion applications. Overall, the results demonstrated here prove our method to be a promising mechanism for a fast AI-based signature-agnostic IDS.

show abstract

“…In their experiments, the input image was obtained by mapping the time series into a two-dimensional image for each sEMG channel, which is similar to our technique. SFCs were also used for malware classification and detection [12,13]. In their work the authors have mapped the code of the program, which can be viewed as a sequence of bytes, to pixels of an image.…”

Section: Introductionmentioning

confidence: 99%

A novel audio representation using space filling curves

Mari¹,

Salarian²

2022

Preprint

View full text Add to dashboard Cite

Since convolutional neural networks (CNNs) have revolutionized the image processing field, they have been widely applied in the audio context. A common approach is to convert the one-dimensional audio signal time series to twodimensional images using a time-frequency decomposition method. Also it is common to discard the phase information. In this paper, we propose to map one-dimensional audio waveforms to two-dimensional images using space filling curves (SFCs). These mappings do not compress the input signal, while preserving its local structure. Moreover, the mappings benefit from progress made in deep learning and the large collection of existing computer vision networks. We test eight SFCs on two keyword spotting problems. We show that the Z curve yields the best results due to its shift equivariance under convolution operations. Additionally, the Z curve produces comparable results to the widely used mel frequency cepstral coefficients across multiple CNNs.

show abstract

Image-based Malware Classification: A Space Filling Curve Approach

Cited by 11 publications

References 19 publications

Android Ransomware Analysis Using Convolutional Neural Network and Fuzzy Hashing Features

Android Ransomware Analysis Using Convolutional Neural Network and Fuzzy Hashing Features

SAGMAD—A Signature Agnostic Malware Detection System Based on Binary Visualisation and Fuzzy Sets

A novel audio representation using space filling curves

Contact Info

Product

Resources

About