Deep Multi-Task Learning for Malware Image Classification

TL;DR

This paper introduces a deep multi-task learning framework for malware image classification that achieves over 99.87% accuracy on a large dataset, effectively detecting obfuscation techniques and advancing malware detection methods.

Contribution

The paper presents a novel multi-task learning approach using deep neural networks for malware image classification, demonstrating superior accuracy and robustness against obfuscation techniques.

Findings

Achieved over 99.87% accuracy across all tasks.

Effectively detects obfuscation methods like packing and encryption.

PReLU activation function yields the best performance.

Abstract

Malicious software is a pernicious global problem. A novel multi-task learning framework is proposed in this paper for malware image classification for accurate and fast malware detection. We generate bitmap (BMP) and (PNG) images from malware features, which we feed to a deep learning classifier. Our state-of-the-art multi-task learning approach has been tested on a new dataset, for which we have collected approximately 100,000 benign and malicious PE, APK, Mach-o, and ELF examples. Experiments with seven tasks tested with 4 activation functions, ReLU, LeakyReLU, PReLU, and ELU separately demonstrate that PReLU gives the highest accuracy of more than 99.87% on all tasks. Our model can effectively detect a variety of obfuscation methods like packing, encryption, and instruction overlapping, strengthing the beneficial claims of our model, in addition to achieving the state-of-art methods in terms of accuracy.