Abstract
The increasing volume and types of malwares bring a great threat to network security. The malware binary detection with deep convolutional neural networks (CNNs) has been proved to be an effective method. However, the existing malware classification methods based on CNNs are unsatisfactory to this day because of their poor extraction ability, insufficient accuracy of malware classification, and high cost of detection time. To solve these problems, a novel approach, namely, multiscale feature fusion convolutional neural networks (MFFCs), was proposed to achieve an effective classification of malware based on malware visualization utilizing deep learning, which can defend against malware variants and confusing malwares. The approach firstly converts malware code binaries into grayscale images, and then, these images will be normalized in size by utilizing the MFFC model to identify malware families. Comparative experiments were carried out to verify the performance of the proposed method. The results indicate that the MFFC stands out among the recent advanced methods with an accuracy of 98.72% and an average cost of 5.34 milliseconds on the Malimg dataset. Our method can effectively identify malware and detect variants of malware families, which has excellent feature extraction capability and higher accuracy with lower detection time.
Highlights
Malware is a kind of malicious software that does harmful actions on computer systems, including viruses, worms, Trojan horses, and spyware [1]
Comparison of the Performance with Different Malware Image Sizes. e input shape of the image to the CNN model is fixed limited by the full connection layer, but different input shapes of the malware image will get the different performance of the model
When the input shape of the malware image is 256 × 256, the model achieves the highest accuracy of 98.72%, and its parameters are 1,104,041
Summary
Malware is a kind of malicious software that does harmful actions on computer systems, including viruses, worms, Trojan horses, and spyware [1]. Erefore, quick and accurate methods to detect and classify malwares and their variants are highly desired in the professional field. Feature vectors of malware represent the basic feature in malware detection. According to the different categories of malware feature vectors, malware analysis can be divided into dynamic analysis and static analysis. Static analysis, based on disassembling the malicious code, does not execute malicious code. E traditional methods of static analysis extract the attribute code, opcodes, and binary profiles of malware as a feature to identify sample malpractice. Dynamic analysis is the practice of running an executable file and analyzing its behavior in a sandbox, simulator, and virtual machine. Alazab et al [4, 5] indicated that static analysis does better than dynamic analysis in the aspect of speed and effectiveness, because it can capture the information related to structural properties
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
