Image-based malware classification using section distribution information

Recently, with the rapid increase in the number of malware, the traditional machine learning-based malware classification methods are faced with the severe challenge of ef-ficiently and accurately detecting a large number of malicious programs. To meet this chal-lenge, malware classification based on malware image and deep learning has become an effective solution. However, it is difficult to identify the section distribution information such as the number, order, and size of sections from the current gray images converted by the binary sequences of PE files. Therefore, this article proposes a novel visualization method that introduces the Colored Label boxes (CoLab) to mark the sections of a PE file to further emphasize the section distribution information in the converted malware image. Moreover, a malware classification method called MalCVS (Malware classification using Co-Lab image, VGG16, and Support vector machine) is constructed. The experimental results of the malware collected from VX-Heaven and Virusshare as well as the Microsoft Malware Classification Challenge dataset showed that MalCVS can effectively classify malware into families with high accuracy. The average accuracies of MalCVS are respectively 96.59% and 98.94% on the two datasets. (c) 2021 Elsevier Ltd. All rights reserved.

Automated summary

This paper presents a malware classification method based on PE files, using a new visualization method and deep learning technology to improve the accuracy and efficiency of malware classification.