Skip to main content
SpringerLink
Log in

Malware Classification Using Image Representation

  • Conference paper
  • First Online:
Cyber Security Cryptography and Machine Learning (CSCML 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11527))

Abstract

In the recent years, there has been a rapid rise in the number of files submitted to anti-virus companies for analysis. It has become very difficult to analyse the functionality of each file manually. Malware developers have been highly successful in evading signature-based detection techniques. Most of the prevailing static analysis techniques involve a tool to parse the executable, and extract features or signatures. Most of the dynamic analysis techniques involve the binary file to be run in a sand-boxed environment to examine its behaviour. This can be easily thwarted by hiding the malicious activities of the file if it is being run inside a virtual environment. Hence, there has been a need to explore new approaches to overcome the limitations of static or dynamic analysis such as time intensity, resource consumption, scalability. In this paper, we have explored a new technique to represent malware as images. We have used 37, 374 samples belonging to 22 families and then applied deep neural network architectures such as ResNet-50 architecture including a dense Convolutional Neural Network (CNN) for classifying images. By converting the executable into an image representation, we have made our analysis process free from the problems faced by standard static and dynamic analyses. With our models, we have been able to get an accuracy of 98.98%, and 99.40% in classifying malware samples by using deep CNN, and ResNet-50 respectively on our dataset. In this paper, we have also compared the results of our proposed model on our collected dataset with the results obtained on publically available datasets like Malimg having 9,339 samples belonging to 25 families. We also present our findings on the limitation of this method through experimentation on packed and previously unseen classes of malware.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 74.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Cohen, F.: Computer Viruses: Theory and experiments (1987). http://web.eecs.umich.edu/~aprakash/eecs588/handouts/cohen-viruses.html

    Article  Google Scholar 

  2. Online malware report generator (2004). https://www.virustotal.com/

  3. Kolbitsch, C., Anubis (2011). https://seclab.cs.ucsb.edu/academic/projects/projects/anubis/

  4. Virusshare - malware repository (2011). https://virusshare.com/

  5. Malshare- malware repository (2012). http://malshare.com/

  6. Kaspersky Cybercrime, Inc.: How profitable is the business? (2014). https://blog.kaspersky.com/cybercrime-inc-how-profitable-is-the-business/15034/

  7. Ida: About (2015). https://www.hex-rays.com/products/ida/

  8. Ict: Facts and figures (2016). http://www.itu.int/en/ITU-D/Statistics/Documents/facts/ICTFactsFigures2016.pdf

  9. Pandalabs-quaterly report (2016). http://www.pandasecurity.com/mediacenter/src/uploads/2016/05/Pandalabs-2016-T1-EN-LR.pdf

  10. Vx heaven dataset (2016). https://archive.org/download/vxheaven-windows-virus-collection

  11. Virustotal- daily statistics (2017). https://www.virustotal.com/en/statistics/

  12. Airbnb engineering & data science - image classification (2018). https://medium.com/airbnb-engineering/categorizing-listing-photos-at-airbnb-f9483f3ab7e3

  13. Contagio-malware dump (2018). http://contagiodump.blogspot.com/

  14. Packer-tool upx 3.95, 26 August 2018. https://github.com/upx/upx/releases/tag/v3.95

  15. Ollydbg v1.10, 27 September 2013. http://www.ollydbg.de/

  16. Cerbr ransomware, 29 March 2017. https://www.securityweek.com/cerber-ransomware-tries-evade-machine-learning-security

  17. Bahdanau, D., Cho, K., Bengio, Y.: Neural machine translation by jointly learning to align and translate. arXiv preprint arXiv:1409.0473 (2014)

  18. Bazrafshan, Z., Hashemi, H., Fard, S.M.H., Hamzeh, A.: A survey on heuristic malware detection techniques. In: The 5th Conference on Information and Knowledge Technology, pp. 113–120. IEEE (2013)

    Google Scholar 

  19. Bengio, Y., Simard, P., Frasconi, P., et al.: Learning long-term dependencies with gradient descent is difficult. IEEE Trans. Neural Netw. 5(2), 157–166 (1994)

    Article  Google Scholar 

  20. Glorot, X., Bengio, Y.: Understanding the difficulty of training deep feedforward neural networks. In: Proceedings of the Thirteenth International Conference on Artificial Intelligence and Statistics, pp. 249–256 (2010)

    Google Scholar 

  21. Han, K., Lim, J.H., Im, E.G.: Malware analysis method using visualization of binary files. In: Proceedings of the 2013 Research in Adaptive and Convergent Systems, pp. 317–321. ACM (2013)

    Google Scholar 

  22. He, K., Zhang, X., Ren, S., Sun, J.: Deep residual learning for image recognition. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 770–778 (2016)

    Google Scholar 

  23. Kalash, M., Rochan, M., Mohammed, N., Bruce, N.D., Wang, Y., Iqbal, F.: Malware classification with deep convolutional neural networks. In: 2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS), pp. 1–5. IEEE (2018)

    Google Scholar 

  24. Kong, D., Yan, G.: Discriminant malware distance learning on structural information for automated malware classification. In: Proceedings of the 19th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 1357–1365. ACM (2013)

    Google Scholar 

  25. Lin, Z., Feng, M., Santos, C.N.D., Yu, M., Xiang, B., Zhou, B., Bengio, Y.: A structured self-attentive sentence embedding. arXiv preprint arXiv:1703.03130 (2017)

  26. Liu, L., Wang, B.S., Yu, B., Zhong, Q.X.: Automatic malware classification and new malware detection using machine learning. Front. Inf. Technol. Electron. Eng. 18(9), 1336–1347 (2017)

    Article  Google Scholar 

  27. Makandar, A., Patrot, A.: Malware analysis and classification using artificial neural network. In: 2015 International Conference on Trends in Automation, Communications and Computing Technology (I-TACT-15), pp. 1–6. IEEE (2015)

    Google Scholar 

  28. Makandar, A., Patrot, A.: Malware class recognition using image processing techniques. In: 2017 International Conference on Data Management, Analytics and Innovation (ICDMAI), pp. 76–80. IEEE (2017)

    Google Scholar 

  29. Makandar, A., Patrot, A.: Wavelet statistical feature based malware class recognition and classification using supervised learning classifier. Orient. J. Comput. Sci. Technol. 10(2), 400–406 (2017)

    Article  Google Scholar 

  30. Narayanan, B.N., Djaneye-Boundjou, O., Kebede, T.M.: Performance analysis of machine learning and pattern recognition algorithms for malware classification. In: 2016 IEEE National Aerospace and Electronics Conference (NAECON) and Ohio Innovation Summit (OIS), pp. 338–342. IEEE (2016)

    Google Scholar 

  31. Nataraj, L., Karthikeyan, S., Jacob, G., Manjunath, B.: Malware images: visualization and automatic classification. In: Proceedings of the 8th International Symposium on Visualization for Cyber Security, p. 4. ACM (2011)

    Google Scholar 

  32. Ollmann, G.: The evolution of commercial malware development kits and colour-by-numbers custom malware. Comput. Fraud Secur. 2008(9), 4–7 (2008)

    Article  Google Scholar 

  33. Raghakot.: Resnet (2015). https://github.com/raghakot/keras-resnet

  34. Santos, I., Nieves, J., Bringas, P.G.: Semi-supervised learning for unknown malware detection. In: Abraham, A., Corchado, J.M., González, S.R., De Paz Santana, J.F. (eds.) International Symposium on Distributed Computing and Artificial Intelligence. Advances in Intelligent and Soft Computing, vol. 91, pp. 415–422. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19934-9_53

    Chapter  Google Scholar 

  35. Seok, S., Kim, H.: Visualized malware classification based-on convolutional neural network. J. Korea Inst. Inf. Secur. Cryptology 26(1), 197–208 (2016)

    Article  Google Scholar 

  36. Torralba, A., Murphy, K.P., Freeman, W.T., Rubin, M.A.: Context-based vision system for place and object recognition (2003)

    Google Scholar 

  37. Vinod, P., Jaipur, R., Laxmi, V., Gaur, M.: Survey on malware detection methods. In: Proceedings of the 3rd Hackers Workshop on Computer and Internet Security (IITKHACK 2009), pp. 74–79 (2009)

    Google Scholar 

  38. Yakura, H., Shinozaki, S., Nishimura, R., Oyama, Y., Sakuma, J.: Malware analysis of imaged binary samples by convolutional neural network with attention mechanism. In: Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy, pp. 127–134. ACM (2018)

    Google Scholar 

Download references

Acknowledgement

This work was partially funded by Science and Engineering Research Board, Government of India.

Author information

Authors and Affiliations

  1. C3I Center, Department of CSE, Indian Institute of Technology, Kanpur, India

    Ajay Singh, Anand Handa, Nitesh Kumar & Sandeep Kumar Shukla

Authors
  1. Ajay Singh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Anand Handa
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nitesh Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Sandeep Kumar Shukla
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Anand Handa .

Editor information

Editors and Affiliations

  1. Ben-Gurion University of the Negev, Beer-Sheva, Israel

    Shlomi Dolev

  2. Ben-Gurion University of the Negev, Beer-Sheva, Israel

    Danny Hendler

  3. Tata Consultancy Services, Chennai, India

    Sachin Lodha

  4. Columbia University and Google, New York, NY, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Singh, A., Handa, A., Kumar, N., Shukla, S.K. (2019). Malware Classification Using Image Representation. In: Dolev, S., Hendler, D., Lodha, S., Yung, M. (eds) Cyber Security Cryptography and Machine Learning. CSCML 2019. Lecture Notes in Computer Science(), vol 11527. Springer, Cham. https://doi.org/10.1007/978-3-030-20951-3_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-20951-3_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-20950-6

  • Online ISBN: 978-3-030-20951-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation