Abstract
In recent years, malware attacks have been a constant threat to network security, and the problem of how to classify malicious code families quickly and accurately urgently needs to be addressed. Traditional malicious code family classification methods are affected by the proliferation of variants to lead to failure and are no longer adequate for the current stage of research. The visualization method can maximize the malicious code core performance on the image, and the grayscale image has the problem of few and single features. In this paper, we propose a new malicious code visualization method. Specifically, we first convert the original malicious file into a byte file and an asm file using the IDA Pro tool. Secondly, we extract the opcode sequences in the asm file and the byte sequences in the byte file and convert them into a three-channel RGB image by using visualization techniques, which allows for a more comprehensive representation of the features of the malicious sample. Finally, we propose a new neural network architecture, the MobileNetV2 lightweight model combined with Convolutional Block Attention Module (MVCBAM) approach for training and prediction. In addition, we conduct various contrast experiments on the BIG2015 dataset and the Malimg dataset. The Experiments show that the classification accuracy of our proposed model on the two datasets is 99.90\(\%\) and 99.95\(\%\), and the performance of our proposed model was maintained with fewer network parameters than the original MobileNetV2 model and has higher accuracy and faster speed than other advanced methods.
Supported by organization x.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Chaganti, R., Ravi, V., Pham, T.D.: Image-based malware representation approach with efficient net convolutional neural networks for effective malware classification. J. Inf. Secur. Appl. 69, 103306 (2022)
Conti, M., Khandhar, S., Vinod, P.: A few-shot malware classification approach for unknown family recognition using malware feature visualization. Comput. Secur. 122, 102887 (2022)
Jian, Y., Kuang, H., Ren, C., Ma, Z., Wang, H.: A novel framework for image-based malware detection with a deep neural network. Comput. Secur. 109, 102400 (2021)
Kumar, S., Janet, B.: DTMIC: deep transfer learning for malware image classification. J. Inf. Secur. Appl. 64, 103063 (2022)
Kumar, S., et al.: MCFT-CNN: malware classification with fine-tune convolution neural networks using traditional and transfer learning in internet of things. Futur. Gener. Comput. Syst. 125, 334–351 (2021)
Liu, L., Wang, B.S., Yu, B., Zhong, Q.X.: Automatic malware classification and new malware detection using machine learning. Front. Inf. Technol. Electron. Eng. 18(9), 1336–1347 (2017)
Nataraj, L., Karthikeyan, S., Jacob, G., Manjunath, B.S.: Malware images: visualization and automatic classification. In: Proceedings of the 8th International Symposium on Visualization for Cyber Security, pp. 1–7 (2011)
Ni, S., Qian, Q., Zhang, R.: Malware identification using visualization images and deep learning. Comput. Secur. 77, 871–885 (2018)
Pinhero, A., et al.: Malware detection employed by visualization and deep neural network. Comput. Secur. 105, 102247 (2021)
Qiao, Y., Jiang, Q., Jiang, Z., Gu, L.: A multi-channel visualization method for malware classification based on deep learning. In: 2019 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE), pp. 757–762. IEEE (2019)
Sandler, M., Howard, A., Zhu, M., Zhmoginov, A., Chen, L.C.: Mobilenetv 2: inverted residuals and linear bottlenecks. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 4510–4520 (2018)
Sebastio, S., et al.: Optimizing symbolic execution for malware behavior classification. Comput. Secur. 93, 101775 (2020)
Shen, G., Chen, Z., Wang, H., Chen, H., Wang, S.: Feature fusion-based malicious code detection with dual attention mechanism and BILSTM. Comput. Secur. 119, 102761 (2022)
Tang, C., Xu, L., Yang, B., Tang, Y., Zhao, D.: GRU-based interpretable multivariate time series anomaly detection in industrial control system. Comput. Secur. 103094 (2023)
Tang, Y., Qi, X., Jing, J., Liu, C., Dong, W.: BHMDC: a byte and hex n-gram based malware detection and classification method. Comput. Secur. 128, 103118 (2023)
Vasan, D., Alazab, M., Wassan, S., Naeem, H., Safaei, B., Zheng, Q.: IMCFN: image-based malware classification using fine-tuned convolutional neural network architecture. Comput. Netw. 171, 107138 (2020)
Xiao, G., Li, J., Chen, Y., Li, K.: MALFCS: an effective malware classification framework with automated feature extraction based on deep convolutional neural networks. J. Parallel Distrib. Comput. 141, 49–58 (2020)
Xu, L., Wang, B., Yang, M., Zhao, D., Han, J.: Multi-mode attack detection and evaluation of abnormal states for industrial control network. J. Comput. Res. Develop. 58(11), 2333–2349 (2021)
Xu, L., Wang, B., Wang, L., Zhao, D., Han, X., Yang, S.: Plc-seiff: a programmable logic controller security incident forensics framework based on automatic construction of security constraints. Comput. Secur. 92, 101749 (2020)
Xu, L., Wang, B., Wu, X., Zhao, D., Zhang, L., Wang, Z.: Detecting semantic attack in SCADA system: a behavioral model based on secondary labeling of states-duration evolution graph. IEEE Trans. Netw. Sci. Eng. 9(2), 703–715 (2021)
Xue, D., Li, J., Lv, T., Wu, W., Wang, J.: Malware classification using probability scoring and machine learning. IEEE Access 7, 91641–91656 (2019)
Yang, N., He, C.: Malaria detection based on resnet+ cbam attention mechanism. In: 2022 3rd International Conference on Information Science, Parallel and Distributed Systems (ISPDS), pp. 271–275. IEEE (2022)
Zhao, D., Xiao, G., Wang, Z., Wang, L., Xu, L.: Minimum dominating set of multiplex networks: definition, application, and identification. IEEE Trans. Syst. Man Cybernet. Syst. 51(12), 7823–7837 (2020)
Zhu, J., Jang-Jaccard, J., Singh, A., Welch, I., Harith, A.S., Camtepe, S.: A few-shot meta-learning based Siamese neural network using entropy features for ransomware classification. Comput. Secur. 117, 102691 (2022)
Zou, B., Cao, C., Tao, F., Wang, L.: IMCLNet: a lightweight deep neural network for image-based malware classification. J. Inf. Secur. Appl. 70, 103313 (2022)
Acknowledgements
This work was supported in part by the Natural Science Foundation of Shandong Province (ZR2021MF132 and ZR2020YQ06), in part by the National Natural Science Foundation of China (62172244), in part by the National Major Program for Technological Innovation 2030-New Generation Artifical Intelligence (2020AAA0107700), in part by the Innovation Ability Pormotion Project for Small and Medium-sized Technology-based Enterprise of Shandong Province (2022TSGC2098), in part by the Pilot Project for Integrated Innovation of Science, Education and Industry of Qilu University of Technology (Shandong Academy of Sciences) (2022JBZ01-01), in part by the Taishan Scholars Program (tsqn202211210), in part of by the Graduate Education and Teaching Reform Research Project of Shandong Province (SDYJG21177), in part by the Education Reform Project of Qilu University of Technology (2021yb63).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Sun, C., Zhao, D., Yang, S., Xu, L., Li, X. (2024). A Malicious Code Family Classification Method Based on RGB Images and Lightweight Model. In: Luo, B., Cheng, L., Wu, ZG., Li, H., Li, C. (eds) Neural Information Processing. ICONIP 2023. Communications in Computer and Information Science, vol 1968. Springer, Singapore. https://doi.org/10.1007/978-981-99-8181-6_12
Download citation
DOI: https://doi.org/10.1007/978-981-99-8181-6_12
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-99-8180-9
Online ISBN: 978-981-99-8181-6
eBook Packages: Computer ScienceComputer Science (R0)