MCTVD: A malware classification method based on three-channel visualization and deep learning

With the rapid increase in the number of malware, the detection and classification of malware have become more challenging. In recent years, many malware classification methods based on malware visualization and deep learning have been proposed. However, the malware images generated by these methods do not retain the semantic and statistical properties with a small and uniform size. This article gives definitions of extracted content and filling mode to characterize the critical factors for the malware visualization task and proposes a new malware visualization method based on assembly instructions and Markov transfer matrices to characterize malware. Thus, a m alware c lassification method based on t hreechannel v isualization and d eep learning (MCTVD) is proposed. In MCTVD, its malware image has a small and uniform size, and its convolutional neural network has few convolutional and pooling layers. Experimental results show that MCTVD can achieve an accuracy of 99.44% on Microsoft's public malware dataset under 10-fold cross-validation and thus could be a highly competitive candidate for malware classification.

Automated summary

With the increase in malware, the detection and classification of malware have become more challenging. Various methods based on malware visualization and deep learning have been proposed, but they fail to retain the semantic and statistical properties in the generated malware images, which are often large and inconsistent in size. This article proposes a new malware visualization method based on assembly instructions and Markov transfer matrices, which effectively characterizes malware. It also introduces a competitive malware classification method, MCTVD, based on three-channel visualization and deep learning, achieving an accuracy of 99.44% on Microsoft's public malware dataset.