Comparison of Feature Extraction and Classification Techniques of PE Malware

Neel, Leena El; Copiaco, Abigail; Obaid, Walid; Mukhtar, Husameldin

doi:10.1109/icspis57063.2022.10002693

Cited by 5 publications

(3 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Expanding upon our prior research efforts documented in [53,54], it is evident that the utilization of image-based features bestows advantages in the detection and categorization of malware within image and PE file formats. Hence, this study extends the previous approach by incorporating image transforms to develop a comprehensive classifier that is capable of detecting malicious files across different file types, including PDFs, Microsoft Office documents, and PE files.…”

Section: Feature Extraction Using Grayscale-based Image Transformsmentioning

confidence: 94%

See 1 more Smart Citation

A Neural Network Approach to a Grayscale Image-Based Multi-File Type Malware Detection System

Copiaco,

El Neel,

Nazzal

et al. 2023

Applied Sciences

Self Cite

View full text Add to dashboard Cite

This study introduces an innovative all-in-one malware identification model that significantly enhances convenience and resource efficiency in classifying malware across diverse file types. Traditional malware identification methods involve the extraction of static and dynamic features, followed by comparisons with signature-based databases or machine learning-based classifiers. However, many malware detection applications that rely on transfer learning and image transformation suffer from excessive resource consumption. In recent years, transfer learning has emerged as a powerful tool for developing effective classifiers, leveraging pre-trained neural network models. In this research, we comprehensively explore various pre-trained network architectures, including compact and conventional networks, as well as series and directed acyclic graph configurations for malware classification. Our approach utilizes grayscale transform-based features as a standardized set of characteristics, streamlining malware classification across various file types. To ensure the robustness and generalization of our classification models, we integrate multiple datasets into the training process. Remarkably, we achieve an optimal model with 96% accuracy, while maintaining a modest 5 MB size using the SqueezeNet classifier. Overall, our model efficiently classifies malware across file types, reducing the computational load, which can be useful for cybersecurity professionals and organizations.

show abstract

Section: Feature Extraction Using Grayscale-based Image Transformsmentioning

confidence: 94%

“…This section provides a detailed description of the datasets used, feature engineering, and training process. It is worth noting that this work is a continuation of our prior research, including [53], which focuses on the categorization of malware within PE files, and [54], which concentrates on the distinction of malicious images.…”

Section: Methodsmentioning

confidence: 99%

A Neural Network Approach to a Grayscale Image-Based Multi-File Type Malware Detection System

Copiaco,

El Neel,

Nazzal

et al. 2023

Applied Sciences

Self Cite

View full text Add to dashboard Cite

show abstract

“…Deep learning models, such as Deep Neural Networks (DNNs), known for their enhanced representation capabilities through depth, have been employed to improve fea-ture hierarchies, offering more abstraction in problem-solving [34,35,36]. Techniques like Opcode sequence analysis and RNN-Auto Encoders have been used for generating file access sequences, aiding in malware classification [37,38,39,40,41]. The role of deep learning in ransomware detection has been recognized, particularly in the efficient classification of zero-day ransomware variants.…”

Section: Ransomware Detectionmentioning

confidence: 99%

Ransomware Detection with Opcode Analysis and GAN-Based Unsupervised Learning

Zhong,

Kang

2024

Preprint

View full text Add to dashboard Cite

This study introduces an innovative approach to ransomware detection utilizing opcode analysis combined with Generative Adversarial Networks (GANs). Focusing on the dynamic nature of modern ransomware threats, the research develops a method that leverages unsupervised learning to detect both known and novel ransomware variants. The study begins by examining the evolution of ransomware, from its initial focus on Windows-based systems to the current sophisticated attacks on various platforms. It then explores the implementation of a GAN-based model, capable of discerning ransomware through complex opcode patterns. Experimental results demonstrate the model's effectiveness across several ransomware families, with high accuracy, precision, recall, and F1-scores. The research further delves into the implications of advanced ransomware detection techniques, challenges in adapting to evolving ransomware strategies, the integration of AI in cybersecurity, and future directions in ransomware mitigation. This paper contributes significantly to the field of cybersecurity by providing an advanced, adaptable, and efficient tool for ransomware detection, marking a step forward in combating the increasing ransomware threat.

show abstract