Malware homology determination using visualized images and feature fusion

Abstract: The family homology determination of malware has become a research hotspot as the number of malware variants are on the rise. However, existing studies on malware visualization only determines homology based on the global structure features of executable, which leads creators of some malware variants with the same structure intentionally set to misclassify them as the same family. We sought to develop a homology determination method using the fusion of global structure features and local fine-grained features … Show more

“…Accuracy F-measure Gibert et al [46] Grayscale image + CNN 0.9750 0.9400 Le et al [47] Byte + CNN 0.9861 0.9714 Çayır et al [48] CapsNet + bagging 0.9956 0.982 Tekerek and Yapici [49] Byte + B2IMG 0.9986 0.9237 Zhu et al [50] Multiple feature 0.9905 0.9852 Tis article Proposed method 0.9999 0.9899…”

“…Tis section presents a comparative analysis of only the relevant literature on classifcation model experiments using the Microsoft dataset. Te fnal results are shown in Table 4, showing the accuracy and Fmeasure corresponding to diferent methods, such as byte-and image-based malware classifcation (Gibert et al [46], Le et al [47], Çayır et al [48], and Tekerek and Yapici [49]) and multi-feature-based malware classifcation (Zhu et al [50]). Based on the research of Nataraj et al [27], Gibert et al [46] converted malware binary samples into 128 × 128 grayscale images.…”

“…Tekerek and Yapici [49] proposed a new method of conversion called B2IMG, which converts the extracted features into grayscale and RGB images. Zhu et al [50] combined global structural features with local semantic features and extracted bytecodes and opcodes were converted into images for feature fusion. Tey completed malware sample classifcation through a dual-branch CNN.…”

Image-Based Malware Classification Method with the AlexNet Convolutional Neural Network Model

“…Accuracy F-measure Gibert et al [46] Grayscale image + CNN 0.9750 0.9400 Le et al [47] Byte + CNN 0.9861 0.9714 Çayır et al [48] CapsNet + bagging 0.9956 0.982 Tekerek and Yapici [49] Byte + B2IMG 0.9986 0.9237 Zhu et al [50] Multiple feature 0.9905 0.9852 Tis article Proposed method 0.9999 0.9899…”

“…Tis section presents a comparative analysis of only the relevant literature on classifcation model experiments using the Microsoft dataset. Te fnal results are shown in Table 4, showing the accuracy and Fmeasure corresponding to diferent methods, such as byte-and image-based malware classifcation (Gibert et al [46], Le et al [47], Çayır et al [48], and Tekerek and Yapici [49]) and multi-feature-based malware classifcation (Zhu et al [50]). Based on the research of Nataraj et al [27], Gibert et al [46] converted malware binary samples into 128 × 128 grayscale images.…”

“…Tekerek and Yapici [49] proposed a new method of conversion called B2IMG, which converts the extracted features into grayscale and RGB images. Zhu et al [50] combined global structural features with local semantic features and extracted bytecodes and opcodes were converted into images for feature fusion. Tey completed malware sample classifcation through a dual-branch CNN.…”

Image-Based Malware Classification Method with the AlexNet Convolutional Neural Network Model

TP-Detect: trigram-pixel based vulnerability detection for Ethereum smart contracts

Malware detection based on visualization of recombined API instruction sequence