A malware classification method based on memory dump grayscale image

Effective analysis of malware is of great significance in guaranteeing the reliability of the system operation. Malware can easily escape from existing dynamic analysis methods. Aiming at the deficiencies of current methods for detecting malware dynamically, a method of using hardware features is proposed, namely, a memory dump file is extracted and converted into a grayscale image, the image is converted into a fixed size, and the image feature is extracted using histogram of gradient, and the currently popular classifier algorithm is used to classify malware. Experiments are conducted using actual malware samples and the effectiveness of using memory dump file image is verified. This method is superior to the recently proposed hardware performance counter detection method. (C) 2018 Elsevier Ltd. All rights reserved.