Warning: pg_query(): Query failed: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 in /dati/webiit-old/includes/database.pgsql.inc on line 138 Warning: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 query: SELECT data, created, headers, expire, serialized FROM cache_page WHERE cid = 'https://www-old.iit.cnr.it/node/59505' in /dati/webiit-old/includes/database.pgsql.inc on line 159 Warning: pg_query(): Query failed: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 in /dati/webiit-old/includes/database.pgsql.inc on line 138 Warning: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 query: SELECT data, created, headers, expire, serialized FROM cache_page WHERE cid = 'https://www-old.iit.cnr.it/node/59505' in /dati/webiit-old/includes/database.pgsql.inc on line 159 Image-based Malware Family Detection: An Assessment between Feature Extraction and Classification Techniques | IIT - CNR - Istituto di Informatica e Telematica
IIT Home Page CNR Home Page

Image-based Malware Family Detection: An Assessment between Feature Extraction and Classification Techniques

The increasing number of malware in mobile environment follows the continuous growth of the app stores, which required constant research in new malware detection approaches, considering also the weaknesses of signature-based anti-malware software. Fortunately, most of the malware are composed of well-known pieces of code, thus can be grouped into families sharing the same malicious behaviour. One interesting approach, which makes use of Image Classification techniques, proposes to convert the malware binaries to images, extract feature vectors and classifying them with supervised machine learning models. Realizing that researchers usually evaluate their solutions on private datasets, it is difficult to establish whether a model can be generalized on another dataset, making it difficult to compare the performance of the various models. This paper presents a comparison between different combination of feature vector extraction methods and machine learning models. The methodology aimed to evaluate feature extractors and supervised machine learning algorithms, and it was tested on more than 20 thousand images of malware, grouped into 10 different malware families. The best classifier, a combination of GIST descriptors and Random Forest classifiers, achieved an accuracy of 0.97 on average.

ORCID: https://orcid.org/0000-0001-7060-6233


IoTBDS 2020 : 5th International Conference on Internet of Things, Big Data and Security, Praga (virtuale), 2020

Autori esterni: Antonella Santone (Università del Molise)
Autori IIT:

Tipo: Contributo in atti di convegno
Area di disciplina: Computer Science & Engineering

File: abstract_2020.pdf

Attività: Sicurezza di dispositivi mobili