Malware Detection Using Frequency Domain-Based Image Visualization and Deep Learning

TL;DR

This paper introduces a novel malware detection method using image visualization of executables in the DCT domain combined with deep learning, achieving high accuracy without disassembly or behavioral analysis.

Contribution

The paper presents a new approach that transforms malware binaries into images using DCT and N-gram counts, and trains neural networks for detection, outperforming traditional static analysis methods.

Findings

96% binary classification accuracy on the MaleX dataset

Deep neural networks outperform shallow models and traditional image features

Method generalizes well to unseen malware samples

Abstract

We propose a novel method to detect and visualize malware through image classification. The executable binaries are represented as grayscale images obtained from the count of N-grams (N=2) of bytes in the Discrete Cosine Transform (DCT) domain and a neural network is trained for malware detection. A shallow neural network is trained for classification, and its accuracy is compared with deep-network architectures such as ResNet that are trained using transfer learning. Neither dis-assembly nor behavioral analysis of malware is required for these methods. Motivated by the visual similarity of these images for different malware families, we compare our deep neural network models with standard image features like GIST descriptors to evaluate the performance. A joint feature measure is proposed to combine different features using error analysis to get an accurate ensemble model for improved classification performance. A new dataset called MaleX which contains around 1 million malware and benign Windows executable samples is created for large-scale malware detection and classification experiments. Experimental results are quite promising with 96% binary classification accuracy on MaleX. The proposed model is also able to generalize well on larger unseen malware samples and the results compare favorably with state-of-the-art static analysis-based malware detection algorithms.