Abstract
With the rapid increase in the amount and type of malware, traditional methods of malware detection and family classification for IoT applications through static and dynamic analysis have been greatly challenged. In this paper, a new simple and effective attention module of Convolutional Neural Networks (CNNs), named as Depthwise Efficient Attention Module (DEAM), is proposed and combined with a DenseNet to propose a new malware detection and family classification model. Based on the good effect of the DenseNet in the field of image classification and the visual similarity of the malware family on images, the gray-scale image transformed from malware is input into the model combined with the DEAM and DenseNet for malware detection, and then the family classification is carried out. The DEAM is a general lightweight attention module improved based on the Convolutional Block Attention Module (CBAM), which can strengthen the attention to the characteristics of malware and improve the model effect. We use the MalImg dataset, Microsoft malware classification challenge dataset (BIG 2015), and our dataset constructed by the two above-mentioned datasets to verify the effectiveness of the proposed model in family classification and malware detection. Experimental results show that the proposed model achieves 99.3% in terms of accuracy for malware detection on our dataset and achieves 98.5% and 97.3% in terms of accuracy for family classification on the MalImg dataset and BIG 2015 dataset, respectively. The model can reliably detect IoT malware and classify its families.
Highlights
Malware is a kind of software program designed to access a computer system and perform useless or harmful operations
Is paper proposes a new general lightweight attention module, Depthwise Efficient Attention Module (DEAM), which can be widely used to improve the performance of Convolutional Neural Networks (CNNs), while not increasing the amount of calculation
In order to better perform malware detection and family classification of malware, we proposed a new method based on DenseNet and the attention mechanism
Summary
Malware is a kind of software program designed to access a computer system and perform useless or harmful operations. We convert the malware samples into gray-scale images and apply DenseNet with Depthwise Efficient Attention Module to the images In this process, DEAM can generate feature attention maps to strengthen the attention to malware features, to improve the effectiveness of detection and family classification. Is paper proposes a new general lightweight attention module, DEAM, which can be widely used to improve the performance of CNNs, while not increasing the amount of calculation. It consists of both the Improved Efficient Channel Attention (IECA) and a new spatial attention mechanism, Depthwise Spatial Attention (DSA).
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
