Image-Based Malware Classification Using QR and Aztec Codes

TL;DR

This paper explores transforming executable features into QR and Aztec codes to improve malware classification with CNNs, showing mixed results across datasets and highlighting potential and challenges of this innovative approach.

Contribution

Introduces a novel image conversion method using QR and Aztec codes for malware detection, and designs CNN architectures tailored to these codes for improved classification.

Findings

CNNs on QR and Aztec codes outperform on one dataset

CNNs underperform compared to traditional methods on another dataset

The approach shows promise but requires further research

Abstract

In recent years, the use of image-based techniques for malware detection has gained prominence, with numerous studies demonstrating the efficacy of deep learning approaches such as Convolutional Neural Networks (CNN) in classifying images derived from executable files. In this paper, we consider an innovative method that relies on an image conversion process that consists of transforming features extracted from executable files into QR and Aztec codes. These codes capture structural patterns in a format that may enhance the learning capabilities of CNNs. We design and implement CNN architectures tailored to the unique properties of these codes and apply them to a comprehensive analysis involving two extensive malware datasets, both of which include a significant corpus of benign samples. Our results yield a split decision, with CNNs trained on QR and Aztec codes outperforming the state of the art on one of the datasets, but underperforming more typical techniques on the other dataset. These results indicate that the use of QR and Aztec codes as a form of feature engineering holds considerable promise in the malware domain, and that additional research is needed to better understand the relative strengths and weaknesses of such an approach.