Recent Advances in Image based Malware Classification through the Lens of Deep Learning - A Systematic Literature Review
Keywords:
Image-based malware classification, Deep learning, Malware detection, Transfer learning, Visualization-based malware detection,, Malware classificationAbstract
Image-based malware classification using deep learning (DL) models has shown as a promising approach for detecting and classifying malware on various platforms such as Windows, Android, and IoT devices. In this systematic literature review, we explore recent advancements in image-based malware classification through the lens of deep learning. We reviewed 30 research papers published between 2019 and 2023, which employed different DL models such as ResNet, CNN, Inception-v1, LSTM, VGG-16, DenseNet, Inception-v3, and EfficientNetB0 CNN for image-based malware classification. Our review found that transfer learning is a popular technique for training DL models for malware detection. In order to improve the performance of deep learning models and increase the size of the training datasets, data augmentation techniques were also used. Visualization-based techniques like class activation mapping and saliency mapping were used to interpret the results and identify the regions of an image responsible for malware detection. The review also highlighted some limitations of existing research, including the limited availability of large-scale annotated datasets for training deep learning models, high false positive and false negative rates in object detection, limited generalizability of deep learning models to new environments and scenarios, and privacy concerns with using image-based malware detection, especially when it comes to collecting and using personal data. Future research directions include developing more robust deep learning models that are less sensitive to changes in the data distribution and incorporating human expertise to improve model interpretability. Furthermore, the creation of larger, diverse, and representative datasets for training and testing deep learning models is essential to ensure that the models can perform well in real-world settings. In conclusion, our review suggests that deep learning-based techniques have great potential for detecting and classifying malware through image-based approaches. Further research in this area can lead to more effective malware detection and improved security for various devices.
Downloads
References
O. Fedor, "93 Must-Know Ransomware Statistics 2022]," Antivirus Guide, 2022. Online]. Available: https://www. antivirusguide .com/ cybersecurity/ransomware-statistics/?gclid=CjwKCAiAlp2fBh BPEiwA2Q10D7CFIAhWIQvYVNcVVwt8DiCfGyz6gxMhL W0sfhphyviVxMHgoC6p ThoC7rsQAvD_BwE.
SolarWinds, "SolarWinds supply chain attack explained: Why organizations were not prepared," CSO Online, 2020. Online]. Available: https://www.csoonline.com/article/3601508/solarwinds-supply-chain-attack-explained-why-organizations-were-not-prepared.html.
C. Burdova, "What Is Ryuk Ransomware?," Avast, 2022. Online]. Available: https://www.avast.com/c-ryuk-ransomware.
"Microsoft Exchange Server Vulnerabilities," Microsoft, 2021. Online]. Available: https://www.microsoft.com/en-us/microsoft-365/security/office-365-security/microsoft-exchange-server-vulnerabilities.
"Darkside ransomware," CISA, 2022. Online]. Available: https://us-cert.cisa.gov/ncas/alerts/aa21-062a.
"Babuk ransomware," TrendMicro, 2023. Online]. Available: https://www.trendmicro.com/en_us/research/21/b/babuk-ransomware-targets-enterprises.html.
"Exim vulnerability exploit," NIST, 2023. Online]. Available: https://nvd.nist.gov/vuln/detail/CVE-2019-15846.
M. Rees, "What Is Security Awareness Training And Why Is It Important?," Expert Insights, 2022. Online]. Available: https://expertinsights.com/insights/what-is-security-awareness-training-and-why-is-it-important/.
S. Venkatraman, M. Alazab, and R. Vinayakumar, "A hybrid deep learning image-based analysis for effective malware detection," Journal of Information Security and Applications, vol. 47, pp. 377-389, 2019.
K. He and D. S. Kim, "Malware detection with malware images using deep learning techniques," in 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), 2019, pp. 95-102.
Y. Jian, H. Kuang, C. Ren, Z. Ma, and H. Wang, "A novel framework for image-based malware detection with a deep neural network," Computers & Security, vol. 109, p. 102400, 2021.
A. Bensaoud, N. Abudawaood, and J. Kalita, "Classifying malware images with convolutional neural network models," International Journal of Network Security, vol. 22, no. 6, pp. 1022-1031, 2020.
Y. Liu, C. Tantithamthavorn, L. Li, and Y. Liu, "Deep learning for android malware defenses: a systematic literature review," ACM Journal of the ACM (JACM), vol. 69, no. 2, pp. 1-36, 2022.
U. E. H. Tayyab, F. B. Khan, M. H. Durad, A. Khan, and Y. S. Lee, "A survey of the recent trends in deep learning based malware detection," Journal of Cybersecurity and Privacy, vol. 2, no. 4, pp. 800-829, 2022.
C. Catal, G. Giray, and B. Tekinerdogan, "Applications of deep learning for mobile malware detection: A systematic literature review," Neural Computing and Applications, pp. 1-26, 2022.
Z. Wang, Q. Liu, and Y. Chi, "Review of android malware detection based on deep learning," IEEE Access, vol. 8, pp. 181102-181126, 2020.
J. Qiu, J. Zhang, W. Luo, L. Pan, S. Nepal, and Y. Xiang, "A survey of android malware detection with deep neural models," ACM Computing Surveys (CSUR), vol. 53, no. 6, pp. 1-36, 2020.
R. Kumars, M. Alazab, and W. Wang, "A survey of intelligent techniques for Android malware detection," in Malware Analysis Using Artificial Intelligence and Deep Learning, Cham: Springer, 2021, pp. 121-162.
D. Pant and R. Bista, "Image-based Malware Classification using Deep Convolutional Neural Network and Transfer Learning," in 2021 3rd International Conference on Advanced Information Science and System (AISS 2021), 2021, pp. 1-6.
R. Kumar, Z. Xiaosong, R. U. Khan, I. Ahad, and J. Kumar, "Malicious code detection based on image processing using deep learning," in Proceedings of the 2018 International Conference on Computing and Artificial Intelligence, 2018, pp. 81-85.
M. Xiao, C. Guo, G. Shen, Y. Cui and C. Jiang, "Image-based malware classification using section distribution information," Computers & Security, vol. 110, p. 102420, 2021.
N. Bhodia, P. Prajapati, F. Di Troia, and M. Stamp, "Transfer learning for image-based malware classification," arXiv preprint arXiv:1903.11551, 2019.
N. Marastoni, R. Giacobazzi, and M. Dalla Preda, "Data augmentation and transfer learning to classify malware images in a deep learning context," Journal of Computer Virology and Hacking Techniques, vol. 17, pp. 279-297, 2021.
R. U. Khan, X. Zhang, and R. Kumar, "Analysis of ResNet and GoogleNet models for malware detection," Journal of Computer Virology and Hacking Techniques, vol. 15, pp. 29-37, 2019.
A. I. Alzahrani, M. Ayadi, M. M. Asiri, A. Al-Rasheed, and A. Ksibi, "Detecting the Presence of Malware and Identifying the Type of Cyber Attack Using Deep Learning and VGG-16 Techniques," Electronics, vol. 11, no. 22, pp. 3665, 2022.
A. Darem, J. Abawajy, A. Makkar, A. Alhashmi, and S. Alanazi, "Visualization and deep-learning-based malware variant detection using OpCode-level features," Future Generation Computer Systems, vol. 125, pp. 314-323, 2021.
J. Hemalatha, S. A. Roseline, S. Geetha, S. Kadry, and R. Damaševičius, "An efficient densenet-based deep learning model for malware detection," Entropy, vol. 23, no. 3, pp. 344, 2021.
I. Obaidat, M. Sridhar, K. M. Pham, and P. H. Phung, "Jadeite: A novel image-behavior-based approach for java malware detection using deep learning," Computers & Security, vol. 113, pp. 102547, 2022.
S. K. J. Rizvi, W. Aslam, M. Shahzad, S. Saleem, and M. M. Fraz, "PROUD-MAL: static analysis-based progressive framework for deep unsupervised malware classification of windows portable executable," Complex & Intelligent Systems, pp. 1-13, 2022.
X. Huang, L. Ma, W. Yang, and Y. Zhong, "A method for windows malware detection based on deep learning," Journal of Signal Processing Systems, vol. 93, pp. 265-273, 2021.
H. Deng, C. Guo, G. Shen, Y. Cui, and Y. Ping, "MCTVD: A malware classification method based on three-channel visualization and deep learning," Computers & Security, vol. 126, p. 103084, 2023.
K. Bakour and H. M. Ünver, "DeepVisDroid: android malware detection by hybridizing image-based features with deep learning techniques," Neural Computing and Applications, vol. 33, pp. 11499-11516, 2021.
K. Bakour and H. M. Ünver, "VisDroid: Android malware classification based on local and global image features, bag of visual words and machine learning techniques," Neural Computing and Applications, vol. 33, pp. 3133-3153, 2020.
P. Yadav, N. Menon, V. Ravi, S. Vishvanathan, and T. D. Pham, "A two-stage deep learning framework for image-based android malware detection and variant classification," Computational Intelligence, vol. 38, no. 5, pp. 1748-1771, 2022.
N. Daoudi, J. Samhi, A. K. Kabore, K. Allix, T. F. Bissyandé, and J. Klein, "Dexray: a simple, yet effective deep learning approach to android malware detection based on image representation of bytecode," in Deployable Machine Learning for Security Defense: Second International Workshop, MLHat 2021, Virtual Event, August 15, 2021, Proceedings 2, Springer International Publishing, 2021, pp. 81-106.
V. Sihag, S. Prakash, G. Choudhary, N. Dragoni, and I. You, "DIMDA: Deep Learning and Image-Based Malware Detection for Android," in Futuristic Trends in Networks and Computing Technologies: Select Proceedings of Fourth International Conference on FTNCT 2021, Singapore, Springer Nature Singapore, Nov. 2022, pp. 895-906.
J. Geremias, E. K. Viegas, A. O. Santin, A. Britto, and P. Horchulhack, "Towards multi-view android malware detection through image-based deep learning," in 2022 International Wireless Communications and Mobile Computing (IWCMC), IEEE, May 2022, pp. 572-577.
H. J. Zhu, W. Gu, L. M. Wang, Z. C. Xu, and V. S. Sheng, "Android malware detection based on multi-head squeeze-and-excitation residual network," Expert Systems with Applications, vol. 212, p. 118705, 2023.
D. Ö. Şahin, B. K. Yazar, S. Akleylek, E. Kiliç, and D. Giri, "On the Android Malware Detection System Based on Deep Learning," in Smart Applications with Advanced Machine Learning and Human-Centred Problem Design, Cham, Springer International Publishing, 2023, pp. 453-466.
Z. Ren, H. Wu, Q. Ning, I. Hussain, and B. Chen, "End-to-end malware detection for android IoT devices using deep learning," Ad Hoc Networks, vol. 101, p. 102098, 2020.
D. Vasan, M. Alazab, S. Wassan, H. Naeem, B. Safaei, and Q. Zheng, "IMCFN: Image-based malware classification using fine-tuned convolutional neural network architecture," Computer Networks, vol. 171, p. 107138, 2020.
A. P. Namanya, I. U. Awan, J. P. Disso, and M. Younas, "Similarity hash based scoring of portable executable files for efficient malware detection in IoT," Future Generation Computer Systems, vol. 110, pp. 824-832, 2020.
H. T. Nguyen, Q. D. Ngo, and V. H. Le, "A novel graph-based approach for IoT botnet detection," International Journal of Information Security, vol. 19, no. 5, pp. 567-577, 2020.
M. Dib, S. Torabi, E. Bou-Harb, and C. Assi, "A multi-dimensional deep learning framework for iot malware classification and family attribution," IEEE Transactions on Network and Service Management, vol. 18, no. 2, pp. 1165-1177, 2021.
R. Chaganti, V. Ravi, and T. D. Pham, "Deep learning based cross architecture internet of things malware detection and classification," Computers & Security, vol. 120, p. 102779, 2022.
M. Ghahramani, R. Taheri, M. Shojafar, R. Javidan, and S. Wan, "Deep Image: A precious image based deep learning method for online malware detection in IoT Environment," arXiv preprint arXiv:2204.01690, 2022.
Q. Li, J. Mi, W. Li, J. Wang, and M. Cheng, "CNN-based malware variants detection method for internet of things," IEEE Internet of Things Journal, vol. 8, no. 23, pp. 16946-16962, 2021.
A. Anand, S. Rani, D. Anand, H. M. Aljahdali, and D. Kerr, "An efficient CNN-based deep learning model to detect malware attacks (CNN-DMA) in 5G-IoT healthcare applications," Sensors, vol. 21, no. 19, p. 6346, 2021.
M. Asam, S. H. Khan, A. Akbar, S. Bibi, T. Jamal, A. Khan, et al., "IoT malware detection architecture using a novel channel boosted and squeezed CNN," Scientific Reports, vol. 12, no. 1, pp. 1-12, 2022.
H. Naeem, B. M. Alshammari, and F. Ullah, "Explainable Artificial Intelligence-Based IoT Device Malware Detection Mechanism Using Image Visualization and Fine-Tuned CNN-Based Transfer Learning Model," Computational Intelligence and Neuroscience, 2022.
C. Wang, Z. Zhao, F. Wang, and Q. Li, "A novel malware detection and family classification scheme for IoT based on DEAM and DenseNet," Security and Communication Networks, pp. 1-16, 2021.
enifa Sabeena, S. ., & Antelin Vijila, S. . (2023). Moulded RSA and DES (MRDES) Algorithm for Data Security. International Journal on Recent and Innovation Trends in Computing and Communication, 11(2), 154–162. https://doi.org/10.17762/ijritcc.v11i2.6140
Esposito, M., Kowalska, A., Hansen, A., Rodríguez, M., & Santos, M. Optimizing Resource Allocation in Engineering Management with Machine Learning. Kuwait Journal of Machine Learning, 1(2). Retrieved from http://kuwaitjournals.com/index.php/kjml/article/view/115
Downloads
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
All papers should be submitted electronically. All submitted manuscripts must be original work that is not under submission at another journal or under consideration for publication in another form, such as a monograph or chapter of a book. Authors of submitted papers are obligated not to submit their paper for publication elsewhere until an editorial decision is rendered on their submission. Further, authors of accepted papers are prohibited from publishing the results in other publications that appear before the paper is published in the Journal unless they receive approval for doing so from the Editor-In-Chief.
IJISAE open access articles are licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. This license lets the audience to give appropriate credit, provide a link to the license, and indicate if changes were made and if they remix, transform, or build upon the material, they must distribute contributions under the same license as the original.
