Skip to main content

A Malicious Code Family Classification Method Based on RGB Images and Lightweight Model

  • Conference paper
  • First Online:
Neural Information Processing (ICONIP 2023)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1968))

Included in the following conference series:

  • 905 Accesses

Abstract

In recent years, malware attacks have been a constant threat to network security, and the problem of how to classify malicious code families quickly and accurately urgently needs to be addressed. Traditional malicious code family classification methods are affected by the proliferation of variants to lead to failure and are no longer adequate for the current stage of research. The visualization method can maximize the malicious code core performance on the image, and the grayscale image has the problem of few and single features. In this paper, we propose a new malicious code visualization method. Specifically, we first convert the original malicious file into a byte file and an asm file using the IDA Pro tool. Secondly, we extract the opcode sequences in the asm file and the byte sequences in the byte file and convert them into a three-channel RGB image by using visualization techniques, which allows for a more comprehensive representation of the features of the malicious sample. Finally, we propose a new neural network architecture, the MobileNetV2 lightweight model combined with Convolutional Block Attention Module (MVCBAM) approach for training and prediction. In addition, we conduct various contrast experiments on the BIG2015 dataset and the Malimg dataset. The Experiments show that the classification accuracy of our proposed model on the two datasets is 99.90\(\%\) and 99.95\(\%\), and the performance of our proposed model was maintained with fewer network parameters than the original MobileNetV2 model and has higher accuracy and faster speed than other advanced methods.

Supported by organization x.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Chaganti, R., Ravi, V., Pham, T.D.: Image-based malware representation approach with efficient net convolutional neural networks for effective malware classification. J. Inf. Secur. Appl. 69, 103306 (2022)

    Google Scholar 

  2. Conti, M., Khandhar, S., Vinod, P.: A few-shot malware classification approach for unknown family recognition using malware feature visualization. Comput. Secur. 122, 102887 (2022)

    Article  Google Scholar 

  3. Jian, Y., Kuang, H., Ren, C., Ma, Z., Wang, H.: A novel framework for image-based malware detection with a deep neural network. Comput. Secur. 109, 102400 (2021)

    Article  Google Scholar 

  4. Kumar, S., Janet, B.: DTMIC: deep transfer learning for malware image classification. J. Inf. Secur. Appl. 64, 103063 (2022)

    Google Scholar 

  5. Kumar, S., et al.: MCFT-CNN: malware classification with fine-tune convolution neural networks using traditional and transfer learning in internet of things. Futur. Gener. Comput. Syst. 125, 334–351 (2021)

    Article  Google Scholar 

  6. Liu, L., Wang, B.S., Yu, B., Zhong, Q.X.: Automatic malware classification and new malware detection using machine learning. Front. Inf. Technol. Electron. Eng. 18(9), 1336–1347 (2017)

    Article  Google Scholar 

  7. Nataraj, L., Karthikeyan, S., Jacob, G., Manjunath, B.S.: Malware images: visualization and automatic classification. In: Proceedings of the 8th International Symposium on Visualization for Cyber Security, pp. 1–7 (2011)

    Google Scholar 

  8. Ni, S., Qian, Q., Zhang, R.: Malware identification using visualization images and deep learning. Comput. Secur. 77, 871–885 (2018)

    Article  Google Scholar 

  9. Pinhero, A., et al.: Malware detection employed by visualization and deep neural network. Comput. Secur. 105, 102247 (2021)

    Google Scholar 

  10. Qiao, Y., Jiang, Q., Jiang, Z., Gu, L.: A multi-channel visualization method for malware classification based on deep learning. In: 2019 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE), pp. 757–762. IEEE (2019)

    Google Scholar 

  11. Sandler, M., Howard, A., Zhu, M., Zhmoginov, A., Chen, L.C.: Mobilenetv 2: inverted residuals and linear bottlenecks. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 4510–4520 (2018)

    Google Scholar 

  12. Sebastio, S., et al.: Optimizing symbolic execution for malware behavior classification. Comput. Secur. 93, 101775 (2020)

    Google Scholar 

  13. Shen, G., Chen, Z., Wang, H., Chen, H., Wang, S.: Feature fusion-based malicious code detection with dual attention mechanism and BILSTM. Comput. Secur. 119, 102761 (2022)

    Article  Google Scholar 

  14. Tang, C., Xu, L., Yang, B., Tang, Y., Zhao, D.: GRU-based interpretable multivariate time series anomaly detection in industrial control system. Comput. Secur. 103094 (2023)

    Google Scholar 

  15. Tang, Y., Qi, X., Jing, J., Liu, C., Dong, W.: BHMDC: a byte and hex n-gram based malware detection and classification method. Comput. Secur. 128, 103118 (2023)

    Article  Google Scholar 

  16. Vasan, D., Alazab, M., Wassan, S., Naeem, H., Safaei, B., Zheng, Q.: IMCFN: image-based malware classification using fine-tuned convolutional neural network architecture. Comput. Netw. 171, 107138 (2020)

    Article  Google Scholar 

  17. Xiao, G., Li, J., Chen, Y., Li, K.: MALFCS: an effective malware classification framework with automated feature extraction based on deep convolutional neural networks. J. Parallel Distrib. Comput. 141, 49–58 (2020)

    Article  Google Scholar 

  18. Xu, L., Wang, B., Yang, M., Zhao, D., Han, J.: Multi-mode attack detection and evaluation of abnormal states for industrial control network. J. Comput. Res. Develop. 58(11), 2333–2349 (2021)

    Google Scholar 

  19. Xu, L., Wang, B., Wang, L., Zhao, D., Han, X., Yang, S.: Plc-seiff: a programmable logic controller security incident forensics framework based on automatic construction of security constraints. Comput. Secur. 92, 101749 (2020)

    Article  Google Scholar 

  20. Xu, L., Wang, B., Wu, X., Zhao, D., Zhang, L., Wang, Z.: Detecting semantic attack in SCADA system: a behavioral model based on secondary labeling of states-duration evolution graph. IEEE Trans. Netw. Sci. Eng. 9(2), 703–715 (2021)

    Article  MathSciNet  Google Scholar 

  21. Xue, D., Li, J., Lv, T., Wu, W., Wang, J.: Malware classification using probability scoring and machine learning. IEEE Access 7, 91641–91656 (2019)

    Article  Google Scholar 

  22. Yang, N., He, C.: Malaria detection based on resnet+ cbam attention mechanism. In: 2022 3rd International Conference on Information Science, Parallel and Distributed Systems (ISPDS), pp. 271–275. IEEE (2022)

    Google Scholar 

  23. Zhao, D., Xiao, G., Wang, Z., Wang, L., Xu, L.: Minimum dominating set of multiplex networks: definition, application, and identification. IEEE Trans. Syst. Man Cybernet. Syst. 51(12), 7823–7837 (2020)

    Article  Google Scholar 

  24. Zhu, J., Jang-Jaccard, J., Singh, A., Welch, I., Harith, A.S., Camtepe, S.: A few-shot meta-learning based Siamese neural network using entropy features for ransomware classification. Comput. Secur. 117, 102691 (2022)

    Article  Google Scholar 

  25. Zou, B., Cao, C., Tao, F., Wang, L.: IMCLNet: a lightweight deep neural network for image-based malware classification. J. Inf. Secur. Appl. 70, 103313 (2022)

    Google Scholar 

Download references

Acknowledgements

This work was supported in part by the Natural Science Foundation of Shandong Province (ZR2021MF132 and ZR2020YQ06), in part by the National Natural Science Foundation of China (62172244), in part by the National Major Program for Technological Innovation 2030-New Generation Artifical Intelligence (2020AAA0107700), in part by the Innovation Ability Pormotion Project for Small and Medium-sized Technology-based Enterprise of Shandong Province (2022TSGC2098), in part by the Pilot Project for Integrated Innovation of Science, Education and Industry of Qilu University of Technology (Shandong Academy of Sciences) (2022JBZ01-01), in part by the Taishan Scholars Program (tsqn202211210), in part of by the Graduate Education and Teaching Reform Research Project of Shandong Province (SDYJG21177), in part by the Education Reform Project of Qilu University of Technology (2021yb63).

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Shumian Yang .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Sun, C., Zhao, D., Yang, S., Xu, L., Li, X. (2024). A Malicious Code Family Classification Method Based on RGB Images and Lightweight Model. In: Luo, B., Cheng, L., Wu, ZG., Li, H., Li, C. (eds) Neural Information Processing. ICONIP 2023. Communications in Computer and Information Science, vol 1968. Springer, Singapore. https://doi.org/10.1007/978-981-99-8181-6_12

Download citation

  • DOI: https://doi.org/10.1007/978-981-99-8181-6_12

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-99-8180-9

  • Online ISBN: 978-981-99-8181-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics