A Bi-Modal Deep Learning Technique for Malware Classification

Abstract

In recent times, there has been a notable surge in the prevalence of intrusive malicious programs infiltrating our devices unbeknownst to us. The identification and categorization of such malware have commonly employed methodologies like static analysis, dynamic analysis, and hybrid analysis. With the abundance of extensive data and advances in deep learning models, a multitude of techniques have emerged for the detection and classification of malware. This paper introduces a bimodal approach for malware classification based on static features using the Microsoft Malware Classification Challenge (BIG 2015) dataset. It incorporates two input modes, one utilizing malware images and the other employing malware metadata. The methodology involves the transformation of raw byte files of malware into visually interpretable grayscale images. Additionally, a meticulous feature engineering process utilizes .asm files of malware to extract metadata. The proposed method employs various Convolutional Neural Network (CNN) layers for processing malware images derived from byte files, and a Deep Neural Network (DNN) to handle malware features extracted from .asm files. A hybrid feature map is generated by fusing the output of CNN and DNN, which is then passed to the classification layer. The model presented in this paper achieves an accuracy of 98.62\%, precision of 98.65\%, f1-score of 98.63%, and recall of 98.60%.