MCFT-CNN: Malware classification with fine-tune convolution neural networks using traditional and transfer learning in Internet of Things

Abstract

With ever-increasing, internet-connected devices provide an opportunity to fulfil the attacker’s malicious intention. They use malicious programs to compromise the devices and use them to infect others also. The security researchers are straggling to develop a technique that detects all the malware accurately because of the use of invincible techniques in the development of malware such as strong encryption, obfuscation, polymorphic and metamorphic engine. In this context, this paper proposes a novel malware classification with fine-tune convolution neural networks (MCFT-CNN) model. The MCFT-CNN model detects the unknown malware sample without feature engineering and prior knowledge of binary code analysis or reverse engineering, even the advanced evading techniques used to develop the malware. The model uses deep transfer learning to classify the malware images to their respective malware families. The proposed model enhances the ResNet50 model by altering the last layer with a fully connected dense layer. The output of fully connected dense layer and knowledge of ImageNet model are supplied to softmax layer for malware classification. The model is trained with MalImg malware datasets. The proposed model reported 99.18% accuracy and 5.14ms prediction time. The model also shows consistent performance with a relatively larger dataset (Microsoft malware challenge dataset, approximately 500GB) with 98.63% accuracy and 5.15ms prediction time. The proposed model shows consistent efficacy with two benchmark datasets that clarify the model’s generalisability to perform on the diverse datasets.