Malware classification using compact image features and multiclass support vector machines. (1st July 2020)
- Record Type:
- Journal Article
- Title:
- Malware classification using compact image features and multiclass support vector machines. (1st July 2020)
- Main Title:
- Malware classification using compact image features and multiclass support vector machines
- Authors:
- Ghouti, Lahouari
Imam, Muhammad - Abstract:
- Abstract : Malware and malicious code do not only incur considerable costs and losses but impact negatively the reputation of the targeted organisations. Malware developers, hackers, and information security specialists are continuously improving their strategies to defeat each other. Unfortunately, there is no one‐size‐fits‐all solution to detect and eradicate any malware. This situation is aggravated more by the undetected vulnerabilities that usually impair computer software and internet tools. Such vulnerabilities will remain undetected until fully exploited by malware developers, which will eventually cause considerable financial and reputation losses. In this paper, we propose a novel scheme to detect and classify malware using only image representations of the malware binaries. Highly discriminative features of the malware category and structure are extracted in a compact subspace using principal component analysis. Then, an optimised support vector machine model classifies the extracted features into malware categories. Unlike existing classification models, our solution requires simple algebraic dot products to classify malware based on representative digital images. To assess its performance, publicly‐available image datasets, Malimg, Ember and BIG 2015, are considered. Our performance analysis indicates that their classifier outperforms state‐of‐the‐art models and attains classification accuracies of 0.998, 0.911, and 0.997 using Malimg, Ember and BIG 2015 malwareAbstract : Malware and malicious code do not only incur considerable costs and losses but impact negatively the reputation of the targeted organisations. Malware developers, hackers, and information security specialists are continuously improving their strategies to defeat each other. Unfortunately, there is no one‐size‐fits‐all solution to detect and eradicate any malware. This situation is aggravated more by the undetected vulnerabilities that usually impair computer software and internet tools. Such vulnerabilities will remain undetected until fully exploited by malware developers, which will eventually cause considerable financial and reputation losses. In this paper, we propose a novel scheme to detect and classify malware using only image representations of the malware binaries. Highly discriminative features of the malware category and structure are extracted in a compact subspace using principal component analysis. Then, an optimised support vector machine model classifies the extracted features into malware categories. Unlike existing classification models, our solution requires simple algebraic dot products to classify malware based on representative digital images. To assess its performance, publicly‐available image datasets, Malimg, Ember and BIG 2015, are considered. Our performance analysis indicates that their classifier outperforms state‐of‐the‐art models and attains classification accuracies of 0.998, 0.911, and 0.997 using Malimg, Ember and BIG 2015 malware datasets, respectively. … (more)
- Is Part Of:
- IET information security. Volume 14:Number 4(2020)
- Journal:
- IET information security
- Issue:
- Volume 14:Number 4(2020)
- Issue Display:
- Volume 14, Issue 4 (2020)
- Year:
- 2020
- Volume:
- 14
- Issue:
- 4
- Issue Sort Value:
- 2020-0014-0004-0000
- Page Start:
- 419
- Page End:
- 429
- Publication Date:
- 2020-07-01
- Subjects:
- security of data -- feature extraction -- image representation -- principal component analysis -- Internet -- invasive software -- learning (artificial intelligence) -- image classification -- support vector machines
BIG2015 malware datasets -- malware categories -- optimised support vector machine model -- malware category -- highly discriminative features -- malware binaries -- Internet tools -- impair computer software -- undetected vulnerabilities -- information security specialists -- malware developers -- multiclass support vector machines -- compact image features -- malware classification
Computer security -- Periodicals
Cryptography -- Periodicals
Computer networks -- Security measures -- Periodicals
Database security -- Periodicals
005.8 - Journal URLs:
- https://ietresearch.onlinelibrary.wiley.com/journal/17518717 ↗
http://digital-library.theiet.org/content/journals/iet-ifs ↗
http://www.ietdl.org/IET-IFS ↗
http://www.theiet.org/ ↗ - DOI:
- 10.1049/iet-ifs.2019.0189 ↗
- Languages:
- English
- ISSNs:
- 1751-8709
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4363.252660
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 16469.xml