Classifying Malware Images with Convolutional Neural Network Models

TL;DR

This paper evaluates various convolutional neural network models, including Inception V3, for static malware image classification, achieving high accuracy and outperforming existing methods on the Malimg dataset.

Contribution

It introduces the use of multiple CNN architectures, including SVM-enhanced models, for malware classification, demonstrating superior accuracy over prior approaches.

Findings

Inception V3 achieved 99.24% accuracy.

CNN models outperform previous state-of-the-art methods.

Support vector machine integration enhances neural network performance.

Abstract

Due to increasing threats from malicious software (malware) in both number and complexity, researchers have developed approaches to automatic detection and classification of malware, instead of analyzing methods for malware files manually in a time-consuming effort. At the same time, malware authors have developed techniques to evade signature-based detection techniques used by antivirus companies. Most recently, deep learning is being used in malware classification to solve this issue. In this paper, we use several convolutional neural network (CNN) models for static malware classification. In particular, we use six deep learning models, three of which are past winners of the ImageNet Large-Scale Visual Recognition Challenge. The other three models are CNN-SVM, GRU-SVM and MLP-SVM, which enhance neural models with support vector machines (SVM). We perform experiments using the Malimg dataset, which has malware images that were converted from Portable Executable malware binaries. The dataset is divided into 25 malware families. Comparisons show that the Inception V3 model achieves a test accuracy of 99.24%, which is better than the accuracy of 98.52% achieved by the current state-of-the-art system called the M-CNN model.