Comparative Analysis of Imbalanced Malware Byteplot Image Classification using Transfer Learning

TL;DR

This study compares six machine learning models for malware image classification across datasets with varying class imbalance, revealing how imbalance affects convergence and model performance, with ResNet50, EfficientNetB0, and DenseNet169 performing well.

Contribution

It provides a comparative analysis of multiple models on imbalanced malware datasets, highlighting their effectiveness and convergence behavior in cybersecurity applications.

Findings

More class imbalance reduces epochs for convergence.

High variance in model performance across datasets.

ResNet50, EfficientNetB0, DenseNet169 handle imbalance well.

Abstract

Cybersecurity is a major concern due to the increasing reliance on technology and interconnected systems. Malware detectors help mitigate cyber-attacks by comparing malware signatures. Machine learning can improve these detectors by automating feature extraction, identifying patterns, and enhancing dynamic analysis. In this paper, the performance of six multiclass classification models is compared on the Malimg dataset, Blended dataset, and Malevis dataset to gain insights into the effect of class imbalance on model performance and convergence. It is observed that the more the class imbalance less the number of epochs required for convergence and a high variance across the performance of different models. Moreover, it is also observed that for malware detectors ResNet50, EfficientNetB0, and DenseNet169 can handle imbalanced and balanced data well. A maximum precision of 97% is obtained for the imbalanced dataset, a maximum precision of 95% is obtained on the intermediate imbalance dataset, and a maximum precision of 95% is obtained for the perfectly balanced dataset.