Malware Detection Using Frequency Domain-Based Image Visualization and Deep Learning

Mohammed, Tajuddin Manhar; Nataraj, Lakshmanan; Chikkagoudar, Satish; Chandrasekaran, Shivkumar; Manjunath, B.S.

doi:10.48550/arxiv.2101.10578

Cited by 3 publications

(6 citation statements)

References 61 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Mohammed et al 22 presented an image classification-based technique for detecting and visualizing malware. The executable binaries are represented as grayscale pictures in the discrete Cosine transform domain, and a neural network is trained to identify malware.…”

Section: Literature Surveymentioning

confidence: 99%

Enhanced capsule network‐based executable files malware detection and classification—deep learning approach

Shelar,

Rao

2023

Concurrency and Computation

View full text Add to dashboard Cite

SummaryMalware has considerably increased recently, posing a serious security danger to both people and enterprises. In order to distinguish and stop the negative effects of malware, a variety of machine and deep learning approaches have been used to detect it. However, while extracting malware features, the feature‐to‐feature spatial hierarchy is not taken into account by the existing techniques and as a result, information is lost during the pooling operation. Hence, a modified capsule deep neural network was developed in which discriminative features are extracted from three channel image derived from malware binary with considering feature‐to‐feature spatial hierarchy. Also, conventional capsule deep neural network is modified by adding a global average pooling layer before fully connected layer thereby classified the dataset as malicious or benign without any loss of information. Moreover, these malwares were not accurately classified based on their families using existing variants of convolutional neural network (CNN) since malware family variants can modify due to minute changes in malware binaries. Hence, a hybrid deep convolutional neural network (DCNN) and long‐short‐term memory (LSTM) has been utilized that determine minute changes in malware binaries using LSTM without vanishing gradient issue and effectively perform malware family classification using DCNN. As a result, the proposed approach successfully identifies malware in executable files and categorizes malware into families with 98.5% accuracy.

show abstract

Section: Literature Surveymentioning

confidence: 99%

Enhanced capsule network‐based executable files malware detection and classification—deep learning approach

Shelar,

Rao

2023

Concurrency and Computation

View full text Add to dashboard Cite

show abstract

“…[16] devised an architecture to accept Markov image along with greyscale and RGB images, diversifying the information extracted from the binary file. [12] investigated an alternative by directly recording the frequency count of each byte bigram, and then performing discrete cosine transform (DCT) to desparsify the image.…”

Section: A Binary Sequence Classificationmentioning

confidence: 99%

“…The baseline for comparison against ImgConvAttn is the 3C2D model, implemented based on the description provided by [12]. The original design, proposed by [13], is a shallow CNN consisting of 3 convolution-and-max-pooling layers and 2 fully connected layers with training dropout.…”

Section: ) Imgconvattnmentioning

confidence: 99%

“…The original design, proposed by [13], is a shallow CNN consisting of 3 convolution-and-max-pooling layers and 2 fully connected layers with training dropout. [12] added dropouts to the fully connected layer to improve model robustness. For each model, we experimented with two image types: bigram frequency and greyscale.…”

Section: ) Imgconvattnmentioning

confidence: 99%

“…Traditionally, this entails converting the byte sequence into a greyscale image [9]. However, more recently, some research investigated converting the byte sequence into frequency domain, such as [10]- [12]. Many works, such as [13]- [16], also designed different convolutional neural network (CNNs) architectures to improve malware classification performance.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Self-Attentive Models for Real-Time Malware Classification

Zhang²,

Kinawi³

et al. 2022

IEEE Access

View full text Add to dashboard Cite

Malware classification is a critical task in cybersecurity, as it offers insights into the threats that malware poses to the victim device and helps in the design of countermeasures. For realtime malware classification, due to the large amount of potential malware present in the network, there is a challenge of achieving high classification accuracy while maintaining low inference latency. We first introduce two self-attention transformer-based classifiers, SeqConvAttn and ImgConvAttn, to replace the currently predominant CNN-based classifiers. We then devise a file-size-aware two-stage framework to combine the two proposed models, thereby controlling the tradeoff between accuracy and latency for realtime classification. To assess our proposed designs, we conduct experiments on three malware datasets, the Microsoft Malware Classification Challenge (BIG 2015) and two selected subsets from the BODMAS PE malware dataset, BODMAS-11 and BODMAS-49. We show that our transformer-based designs can achieve better classification accuracy than traditional CNN-based designs. Furthermore, we show that the proposed two-stage framework can reduce the average model inference latency while maintaining superior accuracy, thereby fulfilling the requirements of real-time classification.

show abstract

Examining the Performance of Various Pretrained Convolutional Neural Network Models in Malware Detection

Abdulazeez,

Ahmed,

Hammad

2024

Applied Sciences

View full text Add to dashboard Cite

A significant quantity of malware is created on purpose every day. Users of smartphones and computer networks now mostly worry about malware. These days, malware detection is a major concern in the cybersecurity area. Several factors can impact malware detection performance, such as inappropriate features and classifiers, extensive domain knowledge, imbalanced data environments, computational complexity, and resource usage. A significant number of existing malware detection methods have been impacted by these factors. Therefore, in this paper, we will first identify and determine the best features and classifiers and then use them in order to propose the malware detection method. The comparative strategy and proposed malware detection procedure consist of four basic steps: malware transformation (converting images of malware from RGB to grayscale), feature extraction (using the ResNet-50, DenseNet-201, GoogLeNet, AlexNet, and SqueezeNet models), feature selection (using PCA method), classification (including GDA, KNN, logistic, SVM, RF, and ensemble learning), and evaluation (using accuracy and error evaluation metrics). Unbalanced Malimg datasets are used in experiments to validate the efficacy of the results that were obtained. According to the comparison findings, KNN is the best machine learning classifier. It outperformed the other classifiers in the Malimg datasets in terms of both accuracy and error. In addition, DenseNet201 is the best pretrained model in the Malimg dataset. Therefore, the proposed DenseNet201-KNN methods had an accuracy rate of 96% and a minimal error rate of 3.07%. The proposed methods surpass existing state-of-the-art approaches. The proposed feature extraction is computationally quicker than most other methods since it uses a lightweight design and fewer feature vector dimensions.

show abstract

Malware Detection Using Frequency Domain-Based Image Visualization and Deep Learning

Cited by 3 publications

References 61 publications

Enhanced capsule network‐based executable files malware detection and classification—deep learning approach

Enhanced capsule network‐based executable files malware detection and classification—deep learning approach

Self-Attentive Models for Real-Time Malware Classification

Examining the Performance of Various Pretrained Convolutional Neural Network Models in Malware Detection

Contact Info

Product

Resources

About