An Efficient Malware Classification Method Based on the AIFS-IDL and Multi-Feature Fusion

Abstract

In recent years, the presence of malware has been growing exponentially, resulting in enormous demand for efficient malware classification methods. However, the existing machine learning-based classifiers have high false positive rates and cannot effectively classify malware variants, packers, and obfuscation. To address this shortcoming, this paper proposes an efficient deep learning-based method named AIFS-IDL (Atanassov Intuitionistic Fuzzy Sets-Integrated Deep Learning), which uses static features to classify malware. The proposed method first extracts six types of features from the disassembly and byte files and then fuses them to solve the single-feature problem in traditional classification methods. Next, Atanassov’s intuitionistic fuzzy set-based method is used to integrate the result of the three deep learning models, namely, GRU (Temporal Convolutional Network), TCN (Temporal Convolutional Network), and CNN (Convolutional Neural Networks), which improves the classification accuracy and generalizability of the classification model. The proposed method is verified by experiments and the results show that the proposed method can effectively improve the accuracy of malware classification compared to the existing methods. Experiments were carried out on the six types of features of malicious code and compared with traditional classification algorithms and ensemble learning algorithms. A variety of comparative experiments show that the classification accuracy rate of integrating multi-feature, multi-model aspects can reach 99.92%. The results show that, compared with other static classification methods, this method has better malware identification and classification ability.