TY - GEN
T1 - Performance comparison of visualization-based malware detection and classification techniques
AU - Shah, Syed Shakir Hameed
AU - Jamil, Norziana
AU - Khan, Atta Ur Rehman
N1 - Publisher Copyright:
© 2022 IEEE.
PY - 2022
Y1 - 2022
N2 - Cybercriminals use malware or malicious software to cause harm to the victim. Malware is a continuous source of concern for security teams. Malware analysis techniques, including static, dynamic, hybrid, and memory analysis, are used to comprehend the behavior and its impact. The aforementioned malware analysis techniques require domain knowledge to extract the artifacts from suspicious files, which is not always possible. A visualization approach, in which malware files are transformed into images, is one of the recently used techniques by researchers for malware detection and classification. In this paper, we apply four widely used techniques based on the visualization using a new dataset of memory dump files of malware families and benign classes. These visualization techniques include a histogram of oriented gradients (HOG) with multilayer perceptron (MLP), convolutional neural network (CNN) with pretrained weight of visual geometry group 16 (VGG), Transfer learning of VGG16 with support vector machine (SVM), and integration of global image descriptor (GIST) and HOG with SVM. Among the selected techniques, CNN with a pretrained weight of VGG16 outperformed the other techniques in terms of accuracy, precision, recall, and f1-score. Apart from the performance metrics, the results of selected techniques are also analyzed in terms of computational cost and memory utilization.
AB - Cybercriminals use malware or malicious software to cause harm to the victim. Malware is a continuous source of concern for security teams. Malware analysis techniques, including static, dynamic, hybrid, and memory analysis, are used to comprehend the behavior and its impact. The aforementioned malware analysis techniques require domain knowledge to extract the artifacts from suspicious files, which is not always possible. A visualization approach, in which malware files are transformed into images, is one of the recently used techniques by researchers for malware detection and classification. In this paper, we apply four widely used techniques based on the visualization using a new dataset of memory dump files of malware families and benign classes. These visualization techniques include a histogram of oriented gradients (HOG) with multilayer perceptron (MLP), convolutional neural network (CNN) with pretrained weight of visual geometry group 16 (VGG), Transfer learning of VGG16 with support vector machine (SVM), and integration of global image descriptor (GIST) and HOG with SVM. Among the selected techniques, CNN with a pretrained weight of VGG16 outperformed the other techniques in terms of accuracy, precision, recall, and f1-score. Apart from the performance metrics, the results of selected techniques are also analyzed in terms of computational cost and memory utilization.
KW - Deep Learning
KW - Dynamic Analysis
KW - Machine Learning
KW - Memory Analysis
KW - Static Analysis
UR - http://www.scopus.com/inward/record.url?scp=85146882806&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85146882806&partnerID=8YFLogxK
U2 - 10.1109/ICET56601.2022.10004652
DO - 10.1109/ICET56601.2022.10004652
M3 - Conference contribution
AN - SCOPUS:85146882806
T3 - 2022 17th International Conference on Emerging Technologies, ICET 2022
SP - 200
EP - 205
BT - 2022 17th International Conference on Emerging Technologies, ICET 2022
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 17th International Conference on Emerging Technologies, ICET 2022
Y2 - 29 November 2022 through 30 November 2022
ER -
