Malware classification by using deep learning framework

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F70883521%3A28140%2F21%3A63544418" target="_blank" >RIV/70883521:28140/21:63544418 - isvavai.cz</a>

Výsledek na webu

<a href="http://dx.doi.org/10.1007/978-3-030-62324-1_8" target="_blank" >http://dx.doi.org/10.1007/978-3-030-62324-1_8</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1007/978-3-030-62324-1_8" target="_blank" >10.1007/978-3-030-62324-1_8</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Malware classification by using deep learning framework

Popis výsledku v původním jazyce

In this paper, we propose an original deep learning framework for malware classifying based on the malware behavior data. Currently, machine learning techniques are becoming popular for classifying malware. However, most of the existing machine learning methods for malware classifying use shallow learning algorithms such as Support Vector Machine, decision trees, Random Forest, and Naive Bayes. Recently, a deep learning approach has shown superior performance compared to traditional machine learning algorithms, especially in tasks such as image classification. In this paper we present the approach, in which malware binaries are converted to a grayscale image. Specifically, data in the raw form are converted into a 2D decimal valued matrix to represent an image. We propose here an original DNN architecture with deep denoising Autoencoder for feature compression, since the autoencoder is much more advantageous due to the ability to model complex nonlinear functions compared to principal component analysis (PCA) which is restricted to a linear map. The compressed malware features are then classified with a deep neural network. Preliminary test results are quite promising, with 96% classification accuracy on a malware database of 6000 samples with six different families of malware compared to SVM and Random Forest algorithms. © 2021, The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG.

Název v anglickém jazyce

Malware classification by using deep learning framework

Popis výsledku anglicky

In this paper, we propose an original deep learning framework for malware classifying based on the malware behavior data. Currently, machine learning techniques are becoming popular for classifying malware. However, most of the existing machine learning methods for malware classifying use shallow learning algorithms such as Support Vector Machine, decision trees, Random Forest, and Naive Bayes. Recently, a deep learning approach has shown superior performance compared to traditional machine learning algorithms, especially in tasks such as image classification. In this paper we present the approach, in which malware binaries are converted to a grayscale image. Specifically, data in the raw form are converted into a 2D decimal valued matrix to represent an image. We propose here an original DNN architecture with deep denoising Autoencoder for feature compression, since the autoencoder is much more advantageous due to the ability to model complex nonlinear functions compared to principal component analysis (PCA) which is restricted to a linear map. The compressed malware features are then classified with a deep neural network. Preliminary test results are quite promising, with 96% classification accuracy on a malware database of 6000 samples with six different families of malware compared to SVM and Random Forest algorithms. © 2021, The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

—

Návaznosti

I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace

Rok uplatnění

2021

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Advances in Intelligent Systems and Computing

ISBN

978-303062323-4

ISSN

21945357

e-ISSN

—

Počet stran výsledku

9

Strana od-do

84-92

Název nakladatele

Springer Science and Business Media Deutschland GmbH

Místo vydání

Berlín

Místo konání akce

Da Nang City

Datum konání akce

27. 11. 2020

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

—