Image-Based malware classification using ensemble of CNN architectures (IMCEC)

Both researchers and malware authors have demonstrated that malware scanners are unfortunately limited and are easily evaded by simple obfuscation techniques. This paper proposes a novel ensemble convolutional neural networks (CNNs) based architecture for effective detection of both packed and unpac...

Full description

Saved in:
Bibliographic Details
Published in:Computers & security 2020-05, Vol.92, p.101748-12, Article 101748
Main Authors: Vasan, Danish, Alazab, Mamoun, Wassan, Sobia, Safaei, Babak, Zheng, Qin
Format: Article
Language:English
Subjects:
Accuracy
Artificial neural networks
Cybersecurity
Deep learning
Ensemble of CNNs
False alarms
Feature extraction
Fine-tuning
Image classification
Malware
Scanners
Softmax
SVMs
Transfer learning
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Both researchers and malware authors have demonstrated that malware scanners are unfortunately limited and are easily evaded by simple obfuscation techniques. This paper proposes a novel ensemble convolutional neural networks (CNNs) based architecture for effective detection of both packed and unpacked malware. We have named this method Image-based Malware Classification using Ensemble of CNNs (IMCEC). Our main assumption is that based on their deeper architectures different CNNs provide different semantic representations of the image; therefore, a set of CNN architectures makes it possible to extract features with higher qualities than traditional methods. Experimental results show that IMCEC is particularly suitable for malware detection. It can achieve a high detection accuracy with low false alarm rates using malware raw-input. Result demonstrates more than 99% accuracy for unpacked malware and over 98% accuracy for packed malware. IMCEC is flexible, practical and efficient as it takes only 1.18 s on average to identify a new malware sample.
ISSN:0167-4048
1872-6208
DOI:10.1016/j.cose.2020.101748