Malware Classification using Deep Learning based Feature Extraction and Wrapper based Feature Selection Technique

TL;DR

This paper introduces a deep learning-based method for malware classification that combines static feature extraction from byte and ASM files with wrapper-based feature selection, achieving high accuracy in identifying malware families.

Contribution

It proposes a hybrid feature space combining CNN-extracted features and opcode features, along with a wrapper-based feature selection, for improved malware family classification.

Findings

Achieved log-loss of 0.09 in malware classification

Outperformed other classifiers in accuracy

Effective hybrid feature space improves detection

Abstract

In the case of malware analysis, categorization of malicious files is an essential part after malware detection. Numerous static and dynamic techniques have been reported so far for categorizing malware. This research presents a deep learning-based malware detection (DLMD) technique based on static methods for classifying different malware families. The proposed DLMD technique uses both the byte and ASM files for feature engineering, thus classifying malware families. First, features are extracted from byte files using two different Deep Convolutional Neural Networks (CNN). After that, essential and discriminative opcode features are selected using a wrapper-based mechanism, where Support Vector Machine (SVM) is used as a classifier. The idea is to construct a hybrid feature space by combining the different feature spaces to overcome the shortcoming of particular feature space and thus, reduce the chances of missing a malware. Finally, the hybrid feature space is used to train a Multilayer Perceptron, which classifies all nine different malware families. Experimental results show that proposed DLMD technique achieves log-loss of 0.09 for ten independent runs. Moreover, the proposed DLMD technique's performance is compared against different classifiers and shows its effectiveness in categorizing malware. The relevant code and database can be found at https://github.com/cyberhunters/Malware-Detection-Using-Machine-Learning.