Malware Classification with Improved Convolutional Neural Network Model

Full Text (PDF, 1003KB), PP.30-43

Views: 0 Downloads: 0

Author(s)

Sumit S. Lad 1,* Amol C. Adamuthe 2

1. Dept. of CSE, Rajarambapu Institute of Technology, Rajaramnagar, Sangli, Maharashtra, India

2. Dept. of CS&IT, Rajarambapu Institute of Technology, Rajaramnagar, Sangli, Maharashtra, India

* Corresponding author.

DOI: https://doi.org/10.5815/ijcnis.2020.06.03

Received: 1 Jun. 2022 / Revised: 16 Jun. 2020 / Accepted: 24 Jun. 2020 / Published: 8 Dec. 2020

Index Terms

Malware classification, image classification, convolutional neural network, support vector machine

Abstract

Malware is a threat to people in the cyber world. It steals personal information and harms computer systems. Various developers and information security specialists around the globe continuously work on strategies for detecting malware. From the last few years, machine learning has been investigated by many researchers for malware classification. The existing solutions require more computing resources and are not efficient for datasets with large numbers of samples. Using existing feature extractors for extracting features of images consumes more resources. This paper presents a Convolutional Neural Network model with pre-processing and augmentation techniques for the classification of malware gray-scale images. An investigation is conducted on the Malimg dataset, which contains 9339 gray-scale images. The dataset created from binaries of malware belongs to 25 different families. To create a precise approach and considering the success of deep learning techniques for the classification of raising the volume of newly created malware, we proposed CNN and Hybrid CNN+SVM model. The CNN is used as an automatic feature extractor that uses less resource and time as compared to the existing methods. Proposed CNN model shows (98.03%) accuracy which is better than other existing CNN models namely VGG16 (96.96%), ResNet50 (97.11%) InceptionV3 (97.22%), Xception (97.56%). The execution time of the proposed CNN model is significantly reduced than other existing CNN models. The proposed CNN model is hybridized with a support vector machine. Instead of using Softmax as activation function, SVM performs the task of classifying the malware based on features extracted by the CNN model. The proposed fine-tuned model of CNN produces a well-selected features vector of 256 Neurons with the FC layer, which is input to SVM. Linear SVC kernel transforms the binary SVM classifier into multi-class SVM, which classifies the malware samples using the one-against-one method and delivers the accuracy of 99.59%.

Cite This Paper

Sumit S. Lad, Amol C. Adamuthe, "Malware Classification with Improved Convolutional Neural Network Model", International Journal of Computer Network and Information Security(IJCNIS), Vol.12, No.6, pp.30-43, 2020. DOI: 10.5815/ijcnis.2020.06.03

Reference

[1] Symantec, Inc. Internet Security Threat Report Vol.24, 2020. https://docs.broadcom.com/docs/istr-24-2019-en

[2] Malwarebytes Inc. 2020 State of Malware Report February,2020 https://resources.malwarebytes.com/files/2020/02/2020_State-of-Malware-Report.pdf

[3] F. M. Services and S. Report, “HR-Trends 2020,” HR-Trends 2020, 2019, doi: 10.34157/9783648132616.

[4] Moser, Andreas, Christopher Kruegel, and Engin Kirda. “Limits of static analysis for malware detection.” In Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007), pp. 421-430. IEEE, 2007, doi: 10.1109/ACSAC.2007.21

[5] Damodaran, Anusha, Fabio Di Troia, Corrado Aaron Visaggio, Thomas H. Austin, and Mark Stamp. “A comparison of static, dynamic, and hybrid analysis for malware detection.” Journal of Computer Virology and Hacking Techniques 13, no. 1 (2017): 1-12, doi: 10.1007/s11416-015-0261-z

[6] Sharif, Monirul, Vinod Yegneswaran, Hassen Saidi, Phillip Porras, and Wenke Lee. “Eureka: A framework for enabling static malware analysis.” In European Symposium on Research in Computer Security, pp. 481-500. Springer, Berlin, Heidelberg, 2008, doi: 10.1007/978-3-540-88313-5_31.

[7] Nataraj, Lakshmanan, Vinod Yegneswaran, Phillip Porras, and Jian Zhang. “A comparative assessment of malware classification using binary texture analysis and dynamic analysis.” In Proceedings of the 4th ACM Workshop on Security and Artificial Intelligence, pp. 21-30. 2011, doi: 10.1145/2046684.2046689.

[8] Nataraj, Lakshmanan, Sreejith Karthikeyan, Gregoire Jacob, and Bangalore S. Manjunath. “Malware images: visualization and automatic classification.” In Proceedings of the 8th international symposium on visualization for cyber security, pp. 1-7. 2011, doi: 10.1145/2016904.2016908.

[9] Makandar, Aziz, and Anita Patrot. “Overview of malware analysis and detection.” International Journal of Computer Applications 975 (2015): 8887.

[10] Kumar, Gaurav, and Pradeep Kumar Bhatia. “A detailed review of feature extraction in image processing systems.” In 2014 Fourth international conference on advanced computing & communication technologies, pp. 5-12. IEEE, 2014, doi: 10.1109/ACCT.2014.74.

[11] Shaheen, Fatma, Brijesh Verma, and Md Asafuddoula. “Impact of automatic feature extraction in deep learning architecture.” In 2016 International Conference on Digital Image Computing: Techniques and Applications (DICTA), pp. 1-8. IEEE, 2016, doi: 10.1109/DICTA.2016.7797053.

[12] Horn, Z. C., L. Auret, J. T. McCoy, Chris Aldrich, and B. M. Herbst. “Performance of convolutional neural networks for feature extraction in froth flotation sensing.” IFAC-PapersOnLine 50, no. 2 (2017): 13-18, doi: 10.1016/j.ifacol.2017.12.003

[13] Schmidt, A-D., Rainer Bye, H-G. Schmidt, Jan Clausen, Osman Kiraz, Kamer A. Yuksel, Seyit Ahmet Camtepe, and Sahin Albayrak. “Static analysis of executables for collaborative malware detection on android.” In 2009 IEEE International Conference on Communications, pp. 1-5. IEEE, 2009, doi: 10.1109/ICC.2009.5199486.

[14] Iwamoto, Kazuki, and Katsumi Wasaki. “Malware classification based on extracted api sequences using static analysis.” In Proceedings of the Asian Internet Engineering Conference, pp. 31-38. 2012, doi: 10.1145/2402599.2402604

[15] Anderson, Blake, Daniel Quist, Joshua Neil, Curtis Storlie, and Terran Lane. “Graph-based malware detection using dynamic analysis.” Journal in computer Virology 7, no. 4 (2011): 247-258, doi: 10.1007/s11416-011-0152-x

[16] Schultz, Matthew G., Eleazar Eskin, F. Zadok, and Salvatore J. Stolfo. “Data mining methods for detection of new malicious executables.” In Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001, pp. 38-49. IEEE, 2000, doi: 10.1109/SECPRI.2001.924286.

[17] Kalash, Mahmoud, Mrigank Rochan, Noman Mohammed, Neil DB Bruce, Yang Wang, and Farkhund Iqbal. “Malware classification with deep convolutional neural networks.” In 2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS), pp. 1-5. IEEE, 2018, doi: 10.1109/NTMS.2018.8328749

[18] Akarsh, S., K. Simran, Prabaharan Poornachandran, Vijay Krishna Menon, and K. P. Soman. “Deep Learning Framework and Visualization for Malware Classification.” In 2019 5th International Conference on Advanced Computing & Communication Systems (ICACCS), pp. 1059-1063. IEEE, 2019, doi: 10.1109/ICACCS.2019.8728471.

[19] Vasan, Danish, Mamoun Alazab, Sobia Wassan, Hamad Naeem, Babak Safaei, and Qin Zheng. “IMCFN: Image-based malware classification using fine-tuned convolutional neural network architecture.” Computer Networks 171 (2020): 107138, doi: 10.1016/j.comnet.2020.107138.

[20] Pascanu, Razvan, Jack W. Stokes, Hermineh Sanossian, Mady Marinescu, and Anil Thomas. “Malware classification with recurrent networks.” In 2015 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pp. 1916-1920. IEEE, 2015, doi: 10.1109/ICASSP.2015.7178304.

[21] Agarap, Abien Fred. “An architecture combining convolutional neural networks (CNN) and support vector machine (SVM) for image classification.” arXiv preprint arXiv:1712.03541 (2017).

[22] Rezende, Edmar, Guilherme Ruppert, Tiago Carvalho, Fabio Ramos, and Paulo De Geus. “Malicious software classification using transfer learning of resnet-50 deep neural network.” In 2017 16th IEEE International Conference on Machine Learning and Applications (ICMLA), pp. 1011-1014. IEEE, 2017, doi: 10.1109/ICMLA.2017.00-19

[23] Tang, Yichuan. “Deep learning using linear support vector machines.” arXiv preprint arXiv:1306.0239 (2013).

[24] He, Yuhang, and Long Chen. “Fast fashion guided clothing image retrieval: Delving deeper into what feature makes fashion.” In Asian Conference on Computer Vision, pp. 134-149. Springer, Cham, 2016, doi: 10.1007/978-3-319-54193-8_9

[25] Fang, Weili, Lieyun Ding, Hanbin Luo, and Peter ED Love. “Falls from heights: A computer vision-based approach for safety harness detection.” Automation in Construction 91 (2018): 53-61, doi: 10.1016/j.autcon.2018.02.018

[26] Eilertsen, Gabriel, Joel Kronander, Gyorgy Denes, Rafał K. Mantiuk, and Jonas Unger. “HDR image reconstruction from a single exposure using deep CNNs.” ACM Transactions on Graphics (TOG) 36, no. 6 (2017): 1-15, doi: 10.1145/3130800.3130816.

[27] Gupta, Harshit, Kyong Hwan Jin, Ha Q. Nguyen, Michael T. McCann, and Michael Unser. “CNN-based projected gradient descent for consistent CT image reconstruction.” IEEE transactions on medical imaging 37, no. 6 (2018): 1440-1453, doi: 10.1109/TMI.2018.2832656.

[28] Rachmadi, Reza Fuad, and I. Purnama. “Vehicle color recognition using convolutional neural networks.” arXiv preprint arXiv:1510.07391 (2015).

[29] Hou, Jun, Hong-Yi Su, Bo Yan, Hong Zheng, Zhao-Liang Sun, and Xiao-Cong Cai. “Classification of tongue color based on CNN.” In 2017 IEEE 2nd International Conference on Big Data Analysis (ICBDA)(, pp. 725-729. IEEE, 2017, doi: 10.1109/ICBDA.2017.8078731

[30] Szummer, Martin, and Rosalind W. Picard. “Indoor-outdoor image classification.” In Proceedings 1998 IEEE International Workshop on Content-Based Access of Image and Video Database, pp. 42-51. IEEE, 1998, doi: 10.1109/CAIVD.1998.646032

[31] Vailaya, Aditya, Anil Jain, and Hong Jiang Zhang. “On image classification: City images vs. landscapes.” Pattern recognition 31, no. 12 (1998): 1921-1935, doi: 10.1016/S0031-3203(98)00079-X

[32] LeCun, Yann, Bernhard Boser, John S. Denker, Donnie Henderson, Richard E. Howard, Wayne Hubbard, and Lawrence D. Jackel. “Backpropagation applied to handwritten zip code recognition.” Neural computation 1, no. 4 (1989): 541-551, doi: 10.1162/neco.1989.1.4.541.

[33] Samek, Wojciech, Alexander Binder, Grégoire Montavon, Sebastian Lapuschkin, and Klaus-Robert Müller. “Evaluating the visualization of what a deep neural network has learned.” IEEE transactions on neural networks and learning systems 28, no. 11 (2016): 2660-2673, doi: 10.1109/TNNLS.2016.2599820

[34] Simonyan, Karen, and Andrew Zisserman. “Very deep convolutional networks for large-scale image recognition.” arXiv preprint arXiv:1409.1556 (2014).

[35] Tindall, Lucas, Cuong Luong, and Andrew Saad. “Plankton classification using vgg16 network.” (2015).

[36] Zhao, Defang, Dandan Zhu, Jianwei Lu, Ye Luo, and Guokai Zhang. “Synthetic medical images using F&BGAN for improved lung nodules classification by multi-scale VGG16.” Symmetry 10, no. 10 (2018): 519, doi: 10.3390/sym10100519.

[37] Abas, Mohamad Aqib Haqmi, Nurlaila Ismail, Ahmad Ihsan Mohd Yassin, and Mohd Nasir Taib. “VGG16 for plant image classification with transfer learning and data augmentation.” International Journal of Engineering and Technology (UAE) 7 (2018): 90-94.

[38] He, Kaiming, Xiangyu Zhang, Shaoqing Ren, and Jian Sun. “Deep residual learning for image recognition.” In Proceedings of the IEEE conference on computer vision and pattern recognition, pp. 770-778. 2016, doi: 10.1109/CVPR.2016.90.

[39] Ray, Suhita. “Disease Classification within Dermascopic Images Using features extracted by ResNet50 and classification through Deep Forest.” arXiv preprint arXiv:1807.05711 (2018).

[40] Wen, Long, Xinyu Li, and Liang Gao. “A transfer convolutional neural network for fault diagnosis based on ResNet-50.” Neural Computing and Applications (2019): 1-14, doi: 10.1007/s00521-019-04097-w.

[41] Reddy, A. Sai Bharadwaj, and D. Sujitha Juliet. “Transfer Learning with ResNet-50 for Malaria Cell-Image Classification.” In 2019 International Conference on Communication and Signal Processing (ICCSP), pp. 0945-0949. IEEE, 2019, doi: 10.1109/ICCSP.2019.8697909

[42] Szegedy, Christian, Sergey Ioffe, Vincent Vanhoucke, and Alexander A. Alemi. “Inception-v4, inception-resnet and the impact of residual connections on learning.” In Thirty-first AAAI conference on artificial intelligence. 2017.

[43] Xia, Xiaoling, Cui Xu, and Bing Nan. “Inception-v3 for flower classification.” In 2017 2nd International Conference on Image, Vision and Computing (ICIVC), pp. 783-787. IEEE, 2017.

[44] Lin, Chunmian, Lin Li, Wenting Luo, Kelvin CP Wang, and Jiangang Guo. “Transfer learning based traffic sign recognition using inception-v3 model.” Periodica Polytechnica Transportation Engineering 47, no. 3 (2019): 242-250, doi: 10.3311/PPtr.11480.

[45] Ridell, Patric, and Henning Spett. “Training set size for skin cancer classification using Google's inception v3.” (2017).

[46] Chollet, François. “Xception: Deep learning with depthwise separable convolutions.” In Proceedings of the IEEE conference on computer vision and pattern recognition, pp. 1251-1258. 2017, doi: 10.1109/CVPR.2017.195

[47] Carreira, Joao, Henrique Madeira, and João Gabriel Silva. “Xception: Software fault injection and monitoring in processor functional units.” Dependable Computing and Fault Tolerant Systems 10 (1998): 245-266.

[48] Gajarsky, Tomas, and Hendrik Purwins. “An Xception residual recurrent neural network for audio event detection and tagging.” In Sound and Music Computing Conference. 2018.

[49] Kim, Hae-Jung. “Image-based malware classification using convolutional neural network.” In Advances in Computer Science and Ubiquitous Computing, pp. 1352-1357. Springer, Singapore, 2017, doi: 10.1007/978-981-10-7605-3_215.

[50] Singh, Ajay, Anand Handa, Nitesh Kumar, and Sandeep Kumar Shukla. “Malware classification using image representation.” In International Symposium on Cyber Security Cryptography and Machine Learning, pp. 75-92. Springer, Cham, 2019, doi: 10.1007/978-3-030-20951-3_6.

[51] Cortes, Corinna, and Vladimir Vapnik. “Support-vector networks.” Machine learning 20, no. 3 (1995): 273-297.

[52] Hsu, Chih-Wei, and Chih-Jen Lin. “A comparison of methods for multi-class support vector machines.” IEEE transactions on Neural Networks 13, no. 2 (2002): 415-425, doi: 10.1007/BF00994018.

[53] Platt, John C., Nello Cristianini, and John Shawe-Taylor. “Large margin DAGs for multi-class classification.” In Advances in neural information processing systems, pp. 547-553. 2000.

[54] Koshiba, Yoshiaki, and Shigeo Abe. “Comparison of L1 and L2 support vector machines.” In Proceedings of the International Joint Conference on Neural Networks, 2003., vol. 3, pp. 2054-2059. IEEE, 2003, doi: 10.1109/IJCNN.2003.1223724.

[55] L. Nataraj, “Malimg Dataset.” https://www.dropbox.com/s/ep8qjakfwh1rzk4/malimg_dataset.zip?dl=0.

[56] Powers, David Martin. “Evaluation: from precision, recall and F-measure to ROC, informedness, markedness and correlation.” (2011).

[57] Yajamanam, Sravani, Vikash Raja Samuel Selvin, Fabio Di Troia, and Mark Stamp. “Deep Learning versus Gist Descriptors for Image-based Malware Classification.” In ICISSP, pp. 553-561. 2018, doi: 10.5220/0006685805530561.

[58] Bhodia, Niket, Pratikkumar Prajapati, Fabio Di Troia, and Mark Stamp. “Transfer learning for image-based malware classification.” arXiv preprint arXiv:1903.11551 (2019).

[59] Cui, Zhihua, Fei Xue, Xingjuan Cai, Yang Cao, Gai-ge Wang, and Jinjun Chen. “Detection of malicious code variants based on deep learning.” IEEE Transactions on Industrial Informatics 14, no. 7 (2018): 3187-3196, doi: 10.1109/TII.2018.2822680.

[60] Yue, Songqing. “Imbalanced malware images classification: a CNN based approach.” arXiv preprint arXiv:1708.08042 (2017).