Byte-level malware classification based on markov images and deep learning

Abstract

In recent years, malware attacks have become serious security threats and have caused huge losses. Due to the rapid growth of malware variants, how to quickly and accurately classify malware is critical to cyber security. As traditional methods based on machine learning are limited by feature engineering and difficult to process vast amounts of malware quickly, malware classification based on malware images and deep learning has become an effective solution. However, the accuracy rate of existing method based on gray images and deep learning (GDMC) still needs to be improved. Moreover, it is heavily dependent on the amount of training dataset. To improve the accuracy, this paper proposes a byte-level malware classification method based on markov images and deep learning referred to as MDMC. The main step in MDMC is converting malware binaries into markov images according to bytes transfer probability matrixs. Then the deep convolutional neural network is used for markov images classification. The experiments are conducted on two malware datasets, the Microsoft dataset and the Drebin dataset. The average accuracy rates of MDMC are respectively 99.264% and 97.364% on the two datasets. Further experiments on different proportions of training dataset and testing dataset also show that MDMC has better performance than GDMC.