Malware classification using compact image features and multiclass support vector machines

Abstract

Malware and malicious code do not only incur considerable costs and losses but impact negatively the reputation of the targeted organisations. Malware developers, hackers, and information security specialists are continuously improving their strategies to defeat each other. Unfortunately, there is no one-size-fits-all solution to detect and eradicate any malware. This situation is aggravated more by the undetected vulnerabilities that usually impair computer software and internet tools. Such vulnerabilities will remain undetected until fully exploited by malware developers, which will eventually cause considerable financial and reputation losses. In this paper, we propose a novel scheme to detect and classify malware using only image representations of the malware binaries. Highly discriminative features of the malware category and structure are extracted in a compact subspace using principal component analysis. Then, an optimised support vector machine model classifies the extracted features into malware categories. Unlike existing classification models, our solution requires simple algebraic dot products to classify malware based on representative digital images. To assess its performance, publicly-available image datasets, Malimg, Ember and BIG 2015, are considered. Our performance analysis indicates that their classifier outperforms state-of-the-art models and attains classification accuracies of 0.998, 0.911, and 0.997 using Malimg, Ember and BIG 2015 malware datasets, respectively.