A novel framework for image-based malware detection with a deep neural network

The rapid growth in the number of malware and its variants has seriously affected the secu-rity of the Internet. In recent years, deep leaming combined with visualization technology has been proven to have good results in malware detection. In this paper, we propose a novel visual malware detection framework based on deep neural networks. Firstly, executable file samples are collected and converted into bytes files and asm files through disassembly technology. In this way, a balanced experimental dataset with our labeled normal software dataset and a widely used malware dataset (BIG 2015) is constructed. Secondly, visualization technology combined with data augmentation is used to further convert the samples into three-channel RGB images, so as to extract high-dimensional intrinsic features from data samples. Finally, we present a deep neural network architecture, i.e. SERLA (SEResNet50 + Bi-LSTM + Attention) to improve the performance of the detection method. After performance evaluation, the results show that our model stands out among other neural network mod -els and state-of-the-art methods for malware detection and classification. Furthermore, our study verifies the superiority of three-channel RGB images compared to grayscale images in malware detection, compares the contribution of different channels, and indicates that data augmentation technology can contribute to malware recognition using visualization technology. This paper provides new ideas and methods for other researchers to carry out malware detection and classification. (c) 2021 Elsevier Ltd. All rights reserved.

Automated summary

This paper proposes a novel visual malware detection framework based on deep neural networks, converts samples into RGB images using visualization technology and data augmentation to extract intrinsic features, establishes a balanced dataset, and improves the performance of the detection method using a specific architecture.