Abstract
In the recent years, there has been a rapid rise in the number of files submitted to anti-virus companies for analysis. It has become very difficult to analyse the functionality of each file manually. Malware developers have been highly successful in evading signature-based detection techniques. Most of the prevailing static analysis techniques involve a tool to parse the executable, and extract features or signatures. Most of the dynamic analysis techniques involve the binary file to be run in a sand-boxed environment to examine its behaviour. This can be easily thwarted by hiding the malicious activities of the file if it is being run inside a virtual environment. Hence, there has been a need to explore new approaches to overcome the limitations of static or dynamic analysis such as time intensity, resource consumption, scalability. In this paper, we have explored a new technique to represent malware as images. We have used 37, 374 samples belonging to 22 families and then applied deep neural network architectures such as ResNet-50 architecture including a dense Convolutional Neural Network (CNN) for classifying images. By converting the executable into an image representation, we have made our analysis process free from the problems faced by standard static and dynamic analyses. With our models, we have been able to get an accuracy of 98.98%, and 99.40% in classifying malware samples by using deep CNN, and ResNet-50 respectively on our dataset. In this paper, we have also compared the results of our proposed model on our collected dataset with the results obtained on publically available datasets like Malimg having 9,339 samples belonging to 25 families. We also present our findings on the limitation of this method through experimentation on packed and previously unseen classes of malware.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Cohen, F.: Computer Viruses: Theory and experiments (1987). http://web.eecs.umich.edu/~aprakash/eecs588/handouts/cohen-viruses.html
Online malware report generator (2004). https://www.virustotal.com/
Kolbitsch, C., Anubis (2011). https://seclab.cs.ucsb.edu/academic/projects/projects/anubis/
Virusshare - malware repository (2011). https://virusshare.com/
Malshare- malware repository (2012). http://malshare.com/
Kaspersky Cybercrime, Inc.: How profitable is the business? (2014). https://blog.kaspersky.com/cybercrime-inc-how-profitable-is-the-business/15034/
Ida: About (2015). https://www.hex-rays.com/products/ida/
Ict: Facts and figures (2016). http://www.itu.int/en/ITU-D/Statistics/Documents/facts/ICTFactsFigures2016.pdf
Pandalabs-quaterly report (2016). http://www.pandasecurity.com/mediacenter/src/uploads/2016/05/Pandalabs-2016-T1-EN-LR.pdf
Vx heaven dataset (2016). https://archive.org/download/vxheaven-windows-virus-collection
Virustotal- daily statistics (2017). https://www.virustotal.com/en/statistics/
Airbnb engineering & data science - image classification (2018). https://medium.com/airbnb-engineering/categorizing-listing-photos-at-airbnb-f9483f3ab7e3
Contagio-malware dump (2018). http://contagiodump.blogspot.com/
Packer-tool upx 3.95, 26 August 2018. https://github.com/upx/upx/releases/tag/v3.95
Ollydbg v1.10, 27 September 2013. http://www.ollydbg.de/
Cerbr ransomware, 29 March 2017. https://www.securityweek.com/cerber-ransomware-tries-evade-machine-learning-security
Bahdanau, D., Cho, K., Bengio, Y.: Neural machine translation by jointly learning to align and translate. arXiv preprint arXiv:1409.0473 (2014)
Bazrafshan, Z., Hashemi, H., Fard, S.M.H., Hamzeh, A.: A survey on heuristic malware detection techniques. In: The 5th Conference on Information and Knowledge Technology, pp. 113–120. IEEE (2013)
Bengio, Y., Simard, P., Frasconi, P., et al.: Learning long-term dependencies with gradient descent is difficult. IEEE Trans. Neural Netw. 5(2), 157–166 (1994)
Glorot, X., Bengio, Y.: Understanding the difficulty of training deep feedforward neural networks. In: Proceedings of the Thirteenth International Conference on Artificial Intelligence and Statistics, pp. 249–256 (2010)
Han, K., Lim, J.H., Im, E.G.: Malware analysis method using visualization of binary files. In: Proceedings of the 2013 Research in Adaptive and Convergent Systems, pp. 317–321. ACM (2013)
He, K., Zhang, X., Ren, S., Sun, J.: Deep residual learning for image recognition. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 770–778 (2016)
Kalash, M., Rochan, M., Mohammed, N., Bruce, N.D., Wang, Y., Iqbal, F.: Malware classification with deep convolutional neural networks. In: 2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS), pp. 1–5. IEEE (2018)
Kong, D., Yan, G.: Discriminant malware distance learning on structural information for automated malware classification. In: Proceedings of the 19th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 1357–1365. ACM (2013)
Lin, Z., Feng, M., Santos, C.N.D., Yu, M., Xiang, B., Zhou, B., Bengio, Y.: A structured self-attentive sentence embedding. arXiv preprint arXiv:1703.03130 (2017)
Liu, L., Wang, B.S., Yu, B., Zhong, Q.X.: Automatic malware classification and new malware detection using machine learning. Front. Inf. Technol. Electron. Eng. 18(9), 1336–1347 (2017)
Makandar, A., Patrot, A.: Malware analysis and classification using artificial neural network. In: 2015 International Conference on Trends in Automation, Communications and Computing Technology (I-TACT-15), pp. 1–6. IEEE (2015)
Makandar, A., Patrot, A.: Malware class recognition using image processing techniques. In: 2017 International Conference on Data Management, Analytics and Innovation (ICDMAI), pp. 76–80. IEEE (2017)
Makandar, A., Patrot, A.: Wavelet statistical feature based malware class recognition and classification using supervised learning classifier. Orient. J. Comput. Sci. Technol. 10(2), 400–406 (2017)
Narayanan, B.N., Djaneye-Boundjou, O., Kebede, T.M.: Performance analysis of machine learning and pattern recognition algorithms for malware classification. In: 2016 IEEE National Aerospace and Electronics Conference (NAECON) and Ohio Innovation Summit (OIS), pp. 338–342. IEEE (2016)
Nataraj, L., Karthikeyan, S., Jacob, G., Manjunath, B.: Malware images: visualization and automatic classification. In: Proceedings of the 8th International Symposium on Visualization for Cyber Security, p. 4. ACM (2011)
Ollmann, G.: The evolution of commercial malware development kits and colour-by-numbers custom malware. Comput. Fraud Secur. 2008(9), 4–7 (2008)
Raghakot.: Resnet (2015). https://github.com/raghakot/keras-resnet
Santos, I., Nieves, J., Bringas, P.G.: Semi-supervised learning for unknown malware detection. In: Abraham, A., Corchado, J.M., González, S.R., De Paz Santana, J.F. (eds.) International Symposium on Distributed Computing and Artificial Intelligence. Advances in Intelligent and Soft Computing, vol. 91, pp. 415–422. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19934-9_53
Seok, S., Kim, H.: Visualized malware classification based-on convolutional neural network. J. Korea Inst. Inf. Secur. Cryptology 26(1), 197–208 (2016)
Torralba, A., Murphy, K.P., Freeman, W.T., Rubin, M.A.: Context-based vision system for place and object recognition (2003)
Vinod, P., Jaipur, R., Laxmi, V., Gaur, M.: Survey on malware detection methods. In: Proceedings of the 3rd Hackers Workshop on Computer and Internet Security (IITKHACK 2009), pp. 74–79 (2009)
Yakura, H., Shinozaki, S., Nishimura, R., Oyama, Y., Sakuma, J.: Malware analysis of imaged binary samples by convolutional neural network with attention mechanism. In: Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy, pp. 127–134. ACM (2018)
Acknowledgement
This work was partially funded by Science and Engineering Research Board, Government of India.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Singh, A., Handa, A., Kumar, N., Shukla, S.K. (2019). Malware Classification Using Image Representation. In: Dolev, S., Hendler, D., Lodha, S., Yung, M. (eds) Cyber Security Cryptography and Machine Learning. CSCML 2019. Lecture Notes in Computer Science(), vol 11527. Springer, Cham. https://doi.org/10.1007/978-3-030-20951-3_6
Download citation
DOI: https://doi.org/10.1007/978-3-030-20951-3_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-20950-6
Online ISBN: 978-3-030-20951-3
eBook Packages: Computer ScienceComputer Science (R0)