Article Details

Copyright Statement: This is an open access article licensed under a Creative Commons Attribution 4.0 International License, which permits unrestricted use, distribution, and reproduction in any medium, even commercially as long as the original work is properly cited.

Empirical Analysis of Learning-based Malware Detection Methods using Image Visualization

Author 1: Abdullah Sheneamer
Author 2: Essa Alhazmi
Author 3: James Henrydoss

Download PDF

Digital Object Identifier (DOI) : 10.14569/IJACSA.2022.01304106

Article Published in International Journal of Advanced Computer Science and Applications(IJACSA), Volume 13 Issue 4, 2022.

Abstract: Malware, a short name for malicious software is an emerging cyber threat. Various researchers have proposed ways to build advanced malware detectors that can mitigate threat actors and enable effective cybersecurity decisions in the past. Recent research implements malware detectors based on visualized images of malware executable files. In this framework, a malware binary is converted into an image, and by extracting image features and applying machine learning methods, the malware is identified based on image similarity. In this research work, we implement the Image visualization-based malware detection method and conduct an empirical analysis of vari-ous learners for selecting a candidate learning classifier that can provide better prediction performance. We evaluate our framework using the following malware datasets, Search And RetrieVAl of Malware (SARVAM), Xue-dataset, and Canadian Institutes for Cyber Security (CIC) datasets. Our experiments include the following learning algorithms, Linear Regression, Random Forest, K-Nearest Neighbor (KNN), Classification and Decision Tree (CART), Support Vector Machine (SVM), Multi-Layer Perceptron (MLP), and deep learning-based Convolutional Neural Network (CNN). This image-visualization-based method proves to be effective in terms of prediction accuracy. Some conclusions emerge from our initial study and find that a Con-volutional Neural Network (CNN) algorithm provides relatively better performance when used against SARvAM and various malware datasets. The CNN model achieved a high performance of F1-score and accuracy in the binary classification task reaching 95.70% and 99.50%, consecutively. The model in the multi-classification task achieved of 95.96% and 99.30% (F1-score and accuracy) for detecting malware types. We find that the KNN model outperforms other traditional classifiers.

Keywords: Malware detection; malware analysis; deep learning; machine learning; malware features

Abdullah Sheneamer, Essa Alhazmi and James Henrydoss, “Empirical Analysis of Learning-based Malware Detection Methods using Image Visualization” International Journal of Advanced Computer Science and Applications(IJACSA), 13(4), 2022. http://dx.doi.org/10.14569/IJACSA.2022.01304106

@article{Sheneamer2022,
title = {Empirical Analysis of Learning-based Malware Detection Methods using Image Visualization},
journal = {International Journal of Advanced Computer Science and Applications},
doi = {10.14569/IJACSA.2022.01304106},
url = {http://dx.doi.org/10.14569/IJACSA.2022.01304106},
year = {2022},
publisher = {The Science and Information Organization},
volume = {13},
number = {4},
author = {Abdullah Sheneamer and Essa Alhazmi and James Henrydoss}
}

IJACSA

Upcoming Conferences

Future of Information and Communication Conference (FICC) 2023

2-3 March 2023

Computing Conference 2023

22-23 June 2023

IntelliSys 2023

7-8 September 2023

Future Technologies Conference (FTC) 2023

2-3 November 2023