Visual attention for malware classification

Abstract

Amidst the extensive global integration of computer systems and augmented connectivity, there have been numerous difficulties within ensuring confidentiality, integrity and availability across all systems. Malware is an ever-present and persistent challenge for security systems of all sorts. Numerous malware detection methods have been proposed, with traditional approaches no longer providing the necessary protection against evolving attack methodologies and strategies. In recent years, machine learning for malware detection has been investigated with great success. In addition, the analysis of application operation code, or opcode, due to its unavoidable nature, can reveal necessary information about software intention. Visualization of opcode data allows for simple data augmentation and texture analysis. The proposed approach utilizes a simple visual attention module to perform a binary classification task on program data, focusing on visualized application opcode data. The proposed model is tested with an ARM-based Internet of Things (IoT) application opcode dataset. In addition, a comparative analysis, using numerous metrics, is conducted on the proposed model’s performance along with several other algorithms. The results indicate that the proposed method outperformed all other tested techniques in accuracy, recall, precision, and F-score.