Vision-Based Malware Detection: A Transfer Learning Approach Using Optimal ECOC-SVM Configuration

Wong, W. K.; Juwono, Filbert H.; Apriono, Catur

doi:10.1109/access.2021.3131713

Cited by 35 publications

(12 citation statements)

References 20 publications

(22 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…According to Table 6, our proposed approach outperforms the state-of-the-art approaches, with the best recall (98.67%), F1-score (98.70%), and accuracy (98.68%). Although [35] had the best precision rate, our approach outperformed it in terms of recall, F1-score, and accuracy. These significant improvements are attributed to the usage of TL and ensembling strategies, which aid in producing excellent outcomes, with 0.47% accuracy improvement, 0.55% F1score improvement, and 0.93% recall improvement by reusing and fusing the knowledge collected from previously trained models.…”

Section: Comparison With Similar Workmentioning

confidence: 82%

“…Previously presented studies are time-consuming and provide a high level of complexity to assure the detection and classification tasks, and this is due mainly to the rising varieties and volume of IoT malware data [18,35]. Indeed, the translation of raw data into feature vectors for use by new or conventional CNN architectures necessitates a high level of engineering and technological expertise.…”

mentioning

confidence: 99%

See 1 more Smart Citation

A Novel Detection and Multi-Classification Approach for IoT-Malware Using Random Forest Voting of Fine-Tuning Convolutional Neural Networks

Atitallah

Driss

Almomani

2022

Sensors

View full text Add to dashboard Cite

The Internet of Things (IoT) is prone to malware assaults due to its simple installation and autonomous operating qualities. IoT devices have become the most tempting targets of malware due to well-known vulnerabilities such as weak, guessable, or hard-coded passwords, a lack of secure update procedures, and unsecured network connections. Traditional static IoT malware detection and analysis methods have been shown to be unsatisfactory solutions to understanding IoT malware behavior for mitigation and prevention. Deep learning models have made huge strides in the realm of cybersecurity in recent years, thanks to their tremendous data mining, learning, and expression capabilities, thus easing the burden on malware analysts. In this context, a novel detection and multi-classification vision-based approach for IoT-malware is proposed. This approach makes use of the benefits of deep transfer learning methodology and incorporates the fine-tuning method and various ensembling strategies to increase detection and classification performance without having to develop the training models from scratch. It adopts the fusion of 3 CNNs, ResNet18, MobileNetV2, and DenseNet161, by using the random forest voting strategy. Experiments are carried out using a publicly available dataset, MaleVis, to assess and validate the suggested approach. MaleVis contains 14,226 RGB converted images representing 25 malware classes and one benign class. The obtained findings show that our suggested approach outperforms the existing state-of-the-art solutions in terms of detection and classification performance; it achieves a precision of 98.74%, recall of 98.67%, a specificity of 98.79%, F1-score of 98.70%, MCC of 98.65%, an accuracy of 98.68%, and an average processing time per malware classification of 672 ms.

show abstract

Section: Comparison With Similar Workmentioning

confidence: 82%

mentioning

confidence: 99%

A Novel Detection and Multi-Classification Approach for IoT-Malware Using Random Forest Voting of Fine-Tuning Convolutional Neural Networks

Atitallah

Driss

Almomani

2022

Sensors

View full text Add to dashboard Cite

show abstract

“…In [ 13 ], a method for searching for malware using deep learning is proposed. The binary code of the programs is used for both training and testing.…”

Section: Discussionmentioning

confidence: 99%

“…There is a sufficient number of methodological approaches and methods for the analysis of MC [ 9 , 10 , 11 ]. However, the primary task is to determine the architecture of the processor (hereinafter–Architecture), for execution on which this MC is intended [ 12 , 13 , 14 ]. This is necessary to select the appropriate tools designed to analyze only a specific set of machine instructions.…”

Section: Introductionmentioning

confidence: 99%

Analytical Modeling for Identification of the Machine Code Architecture of Cyberphysical Devices in Smart Homes

Kotenko

Izrailov

Buinevich

2022

Sensors

View full text Add to dashboard Cite

Ensuring the security of modern cyberphysical devices is the most important task of the modern world. The reason for this is that such devices can cause not only informational, but also physical damage. One of the approaches to solving the problem is the static analysis of the machine code of the firmware of such devices. The situation becomes more complicated in the case of a Smart Home, since its devices can have different processor architectures (means instruction sets). In the case of cyberphysical devices of the Smart Home, the destruction of machine code due to physical influences is also possible. Therefore, the first step is to correctly identify the processor architecture. In the interests of this, a machine code model is proposed that has a formal notation and takes into account the possibility of code destruction. The article describes the full cycle of research (including experiment) in order to obtain this model. The model is based on byte-frequency machine code signatures. The experiment resulted in obtaining template signatures for the Top-16 processor architectures: Alpha, X32, Amd64, Arm64, Hppa64, I486, I686, Ia64, Mips, Mips64, Ppc, Ppc64, RiscV64, S390, S390x and Sparc64.

show abstract

“…A survey of such models is also discussed in [20], wherein CNNs, RNNs, LSTMs, & Gated Recurrent Units (GRUs) are analyzed for identification of IoT (Internet of Things) based malware signatures. Extensions to these models are discussed in [21,22,23]…”

Section: Literature Reviewmentioning

confidence: 99%

ACMFNN: Design of an augmented convolutional model for intelligent cross-domain malware localization via forensic neural networks

Pateriya

Tomar

2022

Preprint

View full text Add to dashboard Cite

Classification of malwares from spatial & temporal data patterns requires efficient design of deep learning models. These models deploy methods for feature extraction, feature selection, classification & post-processing to perform this task. A wide variety of high-efficiency malware analysis models are proposed by researchers, and most of them are application-specific, thus cannot be scaled to multiple domains. Out of these, only a few of these models are targeted towards identification of malware locations. In order to improve malware detection scalability, and localization performance, this text proposes a novel augmented convolutional model (ACM) for intelligent cross-domain malware analysis via forensic neural networks (FNNs). The FNNs are designed as an integration of multiple augmented convolutional models, which include different optimizers & feature extraction units. In this design, each of these units are customized to improve their feature extraction & selection capabilities, which assists in improving classification performance. Results of classification are given to an ACM layer, which performs feature augmentation to localize malware positions in input data. The proposed model was evaluated on multiple malware datasets, including Electro RAT, Pegasus, SkyGoFree, Viking Horde, Bat Skull, Yesmile, Wirenet, Jigsaw, Satana, Tapaoux, etc. It was observed that the proposed model was able to classify these malwares with an average accuracy of 98.5%, which makes it useful for real-time malware analysis. The model was also able to achieve an average localization accuracy of 79.6% across these datasets, thereby assisting forensic experts to obtain an approximate estimate of malware locations in input data streams. This performance was compared with some of the recently proposed malware detection models, and it was observed that the proposed ACMFNN method has 8% better precision, 6.5% better recall, and 9.4% better classification accuracy when compared with these methods on the same dataset. Due to augmented convolutional model, it was observed that the proposed approach had 15% better localization accuracy, 19% better localization precision, and 14% better localization recall when compared with these methods. Thereby indicating that the propose model is applicable for a wide variety of malware detection & localization application deployments.

show abstract

Vision-Based Malware Detection: A Transfer Learning Approach Using Optimal ECOC-SVM Configuration

Cited by 35 publications

References 20 publications

A Novel Detection and Multi-Classification Approach for IoT-Malware Using Random Forest Voting of Fine-Tuning Convolutional Neural Networks

A Novel Detection and Multi-Classification Approach for IoT-Malware Using Random Forest Voting of Fine-Tuning Convolutional Neural Networks

Analytical Modeling for Identification of the Machine Code Architecture of Cyberphysical Devices in Smart Homes

ACMFNN: Design of an augmented convolutional model for intelligent cross-domain malware localization via forensic neural networks

Contact Info

Product

Resources

About