Transfer Learning for Malware Multi-Classification

Document Type

Article

Publication Date

6-2019

Subject: LCSH

Computer security, Machine learning, Malware (Computer software), Anomaly detection (Computer security), Intrusion detection systems (Computer security), Neural networks (Computer science)

Disciplines

Computer Engineering | Computer Sciences | Electrical and Computer Engineering

Abstract

In this paper, we build on top of the MalConv neural networks learning architecture which was initially designed for malware/benign classification. We evaluate the transfer learning of MalConv for malware multi-class classification by extending its contribution in several directions: (1) We assess MalConv performance on a multi-classification problem using a new dataset composed of solely malware samples belonging to different malware families, (2) we evaluate MalConv on the raw bytes data as well as on the opcodes extracted from the reversed assembly samples and compare the results, (3) we validate the MalConv findings about regularization, and (4) we study MalConv performance when using a medium size dataset and limited computational resources and GPU. The obtained results show that MalConv performs equally well for multi-classification and its performance on raw byte sequences is comparable to opcodes sequences. DeCov regularization is shown to improve the accuracy results better than other regularization techniques.

DOI

10.1145/3331076.3331111

Publisher Citation

Mohamad Al Kadri, Mohamed Nassar, and Haidar Safa. 2019. Transfer learning for malware multi-classification. In Proceedings of the 23rd International Database Applications & Engineering Symposium (IDEAS '19). Association for Computing Machinery, New York, NY, USA, Article 19, 1–7. https://doi.org/10.1145/3331076.3331111

Link to Full Text

Check your library

Share

COinS