Malware Image Analysis: A Deep Learning Perspective on Security Analysis

Abstract

Malware, also referred to as malicious software, encompasses software deliberately designed to disrupt or harm the normal operations of a computer system. There has been a surge in malware attacks in recent times, resulting in substantial financial losses for various entities such as enterprises, governments, financial institutions, healthcare providers, and others. This surge is attributed to the ease with which the reuse of scripts can generate novel forms of malware. Effective antivirus software relies on the classification of malware to safeguard against such attacks. Previous studies have employed both static and dynamic assessments; however, these approaches exhibit notable limitations in the context of reverse engineering. In this research, we introduce DenseMal, a visually-assisted malware classification system. It stands out for its rapid and accurate classification capabilities. Through a comprehensive evaluation on the publicly accessible MalIMG dataset, we scrutinized various approaches and their classifiers. DenseMal utilizes a contrast-limited adaptive histogram equalization method on images of malware samples to enhance the similarity between components belonging to the same malware family. This enhancement significantly boosts DenseMal's precision in identifying malware families. To ensure the efficacy of our framework, we initially developed a proof-of-concept implementation, subjecting it to meticulous testing. The results of extensive testing affirm that DenseMal adeptly classifies malware samples, achieving an average accuracy, precision, and recall of 96.79%, 89.91%, and 89.92%, respectively. Moreover, security engineers benefit from a user-friendly visualization tool that leverages DenseMal, facilitating further validation of its effectiveness.