CNN vs ELM for Image-Based Malware Classification

TL;DR

This paper compares CNN and ELM models for image-based malware classification, demonstrating that ELMs achieve similar accuracy to CNNs with significantly faster training times, using visual features without code disassembly.

Contribution

It introduces a novel approach of using image analysis for malware classification and compares the efficiency and accuracy of CNN and ELM models on this task.

Findings

ELMs achieve comparable accuracy to CNNs.

ELMs require less than 2% of CNN training time.

Image-based features enable malware classification without disassembly.

Abstract

Research in the field of malware classification often relies on machine learning models that are trained on high-level features, such as opcodes, function calls, and control flow graphs. Extracting such features is costly, since disassembly or code execution is generally required. In this paper, we conduct experiments to train and evaluate machine learning models for malware classification, based on features that can be obtained without disassembly or execution of code. Specifically, we visualize malware samples as images and employ image analysis techniques. In this context, we focus on two machine learning models, namely, Convolutional Neural Networks (CNN) and Extreme Learning Machines (ELM). Surprisingly, we find that ELMs can achieve accuracies on par with CNNs, yet ELM training requires less than~2\%\ of the time needed to train a comparable CNN.