Malware classification by using deep learning framework

Toai, Tran Kim; Šenkeřík, Roman; Hanh, Vo Thi Xuan; Zelinka, Ivan

dc.title	Malware classification by using deep learning framework	en
dc.contributor.author	Toai, Tran Kim
dc.contributor.author	Šenkeřík, Roman
dc.contributor.author	Hanh, Vo Thi Xuan
dc.contributor.author	Zelinka, Ivan
dc.relation.ispartof	Advances in Intelligent Systems and Computing
dc.identifier.issn	2194-5357 Scopus Sources, Sherpa/RoMEO, JCR
dc.identifier.isbn	978-3-03-062323-4
dc.date.issued	2021
utb.relation.volume	1284
dc.citation.spage	84
dc.citation.epage	92
dc.event.title	5th International Conference on Green Technology and Sustainable Development, GTSD 2020
dc.event.location	online
dc.event.sdate	2020-11-27
dc.event.edate	2020-11-28
dc.type	conferenceObject
dc.language.iso	en
dc.publisher	Springer Science and Business Media Deutschland GmbH
dc.identifier.doi	10.1007/978-3-030-62324-1_8
dc.relation.uri	https://link.springer.com/chapter/10.1007/978-3-030-62324-1_8
dc.subject	classification	en
dc.subject	deep learning	en
dc.subject	machine learning	en
dc.subject	malware detection	en
dc.subject	random forest	en
dc.subject	SVM	en
dc.description.abstract	In this paper, we propose an original deep learning framework for malware classifying based on the malware behavior data. Currently, machine learning techniques are becoming popular for classifying malware. However, most of the existing machine learning methods for malware classifying use shallow learning algorithms such as Support Vector Machine, decision trees, Random Forest, and Naive Bayes. Recently, a deep learning approach has shown superior performance compared to traditional machine learning algorithms, especially in tasks such as image classification. In this paper we present the approach, in which malware binaries are converted to a grayscale image. Specifically, data in the raw form are converted into a 2D decimal valued matrix to represent an image. We propose here an original DNN architecture with deep denoising Autoencoder for feature compression, since the autoencoder is much more advantageous due to the ability to model complex nonlinear functions compared to principal component analysis (PCA) which is restricted to a linear map. The compressed malware features are then classified with a deep neural network. Preliminary test results are quite promising, with 96% classification accuracy on a malware database of 6000 samples with six different families of malware compared to SVM and Random Forest algorithms. © 2021, The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG.	en
utb.faculty	Faculty of Applied Informatics
dc.identifier.uri	http://hdl.handle.net/10563/1010048
utb.identifier.obdid	43883336
utb.identifier.scopus	2-s2.0-85096609141
utb.source	d-scopus
dc.date.accessioned	2020-12-09T01:52:46Z
dc.date.available	2020-12-09T01:52:46Z
utb.contributor.internalauthor	Šenkeřík, Roman
utb.fulltext.affiliation	Tran Kim Toai 1,3, Roman Senkerik 2, Vo Thi Xuan Hanh 3, Ivan Zelinka 1 1 VSB-Technical University of Ostrava, 17, Listopadu 15/2172, 708 33 Ostrava-Poruba, Czech Republic {tran.kim.toai.st,ivan.zelinka}@vsb.cz 2 Faculty of Applied Informatics, Tom as Bata University in Zlin, T. G. Masaryka 5555, 760 01 Zlin, Czech Republic senkerik@utb.cz 3 Faculty of Economics, HCMC University of Technology and Education, No. 1, Vo van Ngan Street, Linh Chieu Ward, Ho Chi Minh, Vietnam {toaitk,hanhvtx}@hcmute.edu.vn
utb.fulltext.dates	-
utb.scopus.affiliation	VSB-Technical University of Ostrava, 17, Listopadu 15/2172, Ostrava-Poruba, 708 33, Czech Republic; Faculty of Applied Informatics, Tomas Bata University in Zlin, T. G. Masaryka 5555, Zlin, 760 01, Czech Republic; Faculty of Economics, HCMC University of Technology and Education, No. 1, Vo van Ngan Street, Linh Chieu Ward, Ho Chi Minh, Viet Nam
utb.fulltext.faculty	Faculty of Applied Informatics