MALITE: Lightweight Malware Detection and Classification for Constrained Devices

TL;DR

MALITE introduces lightweight malware detection methods suitable for resource-constrained devices, utilizing image-based analysis and low-resource machine learning models to accurately classify malware with minimal computational and memory requirements.

Contribution

The paper presents MALITE, a novel lightweight malware analysis system with two models, suitable for devices with limited resources, outperforming existing methods in efficiency and accuracy.

Findings

MALITE-MN and MALITE-HRF achieve high accuracy in malware classification.

Both models consume significantly fewer resources than state-of-the-art techniques.

Effective malware detection on resource-constrained devices like IoT and mobile platforms.

Abstract

Today, malware is one of the primary cyberthreats to organizations. Malware has pervaded almost every type of computing device including the ones having limited memory, battery and computation power such as mobile phones, tablets and embedded devices like Internet-of-Things (IoT) devices. Consequently, the privacy and security of the malware infected systems and devices have been heavily jeopardized. In recent years, researchers have leveraged machine learning based strategies for malware detection and classification. Malware analysis approaches can only be employed in resource constrained environments if the methods are lightweight in nature. In this paper, we present MALITE, a lightweight malware analysis system, that can classify various malware families and distinguish between benign and malicious binaries. MALITE converts a binary into a gray scale or an RGB image and employs low memory and battery power consuming as well as computationally inexpensive malware analysis strategies. We have designed MALITE-MN, a lightweight neural network based architecture and MALITE-HRF, an ultra lightweight random forest based method that uses histogram features extracted by a sliding window. We evaluate the performance of both on six publicly available datasets (Malimg, Microsoft BIG, Dumpware10, MOTIF, Drebin and CICAndMal2017), and compare them to four state-of-the-art malware classification techniques. The results show that MALITE-MN and MALITE-HRF not only accurately identify and classify malware but also respectively consume several orders of magnitude lower resources (in terms of both memory as well as computation capabilities), making them much more suitable for resource constrained environments.