Improved capsule networks based on Nash equilibrium for malicious code classification

Abstract

With the cutting-edge technology and artificial intelligence, various types of malware have seriously attacked cyberspace, thus relying on the deep learning to maintain high accuracy on malware classification was the solution. After the malware binaries are changed into grayscale images as network inputs, most of the existing methods deal with the observed substantial visual similarities in image texture for malware as if they were from the same family. In addition, the patterns among the different families should include exclusive features, which are prerequisite for malicious code classification. However, the previous methods do not focus on the feature extraction. To solve this problem, we propose an improved capsule network based on the Nash equilibrium for malicious code classification. From the perspective of game theory, extracting of the exclusive features can be viewed as a noncooperative game through a novel dynamic routing embedded with the Nash equilibrium process in the proposed method. The three most recent datasets are used in the evaluation period. Five indicators are calculated to test the general performance and ability to distinguish the malware categories between the Nash capsule networks, traditional capsule network and CNN. Experiments show that the classification effect of the proposed method is better than that of the traditional machine learning methods.CCS CONCEPTS: Computing Methodologies, Malware Classification, Nash Equilibrium, Machine learning, Deep Learning, Capsule Network