Malware classification by using deep learning framework

Abstract

In this paper, we propose an original deep learning framework for malware classifying based on the malware behavior data. Currently, machine learning techniques are becoming popular for classifying malware. However, most of the existing machine learning methods for malware classifying use shallow learning algorithms such as Support Vector Machine, decision trees, Random Forest, and Naive Bayes. Recently, a deep learning approach has shown superior performance compared to traditional machine learning algorithms, especially in tasks such as image classification. In this paper we present the approach, in which malware binaries are converted to a grayscale image. Specifically, data in the raw form are converted into a 2D decimal valued matrix to represent an image. We propose here an original DNN architecture with deep denoising Autoencoder for feature compression, since the autoencoder is much more advantageous due to the ability to model complex nonlinear functions compared to principal component analysis (PCA) which is restricted to a linear map. The compressed malware features are then classified with a deep neural network. Preliminary test results are quite promising, with 96% classification accuracy on a malware database of 6000 samples with six different families of malware compared to SVM and Random Forest algorithms. © 2021, The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG.