Efficientnet-Based Deep Learning for Malware Classification: A Dynamic Distribution Adaptation Approach

Year 2024, EARLY VIEW, 1 - 1

Ceren Umay Özten , Adem Tekerek

https://doi.org/10.2339/politeknik.1536669

Abstract

Malware is a general name given to all malicious software that threatens and prevents the use of information systems. Computers, which have become mandatory in daily life, are constantly under the threat of malware as well as facilitating human life. Therefore, the detection of malware that threatens computer systems is important. This study focuses on the classification of malware. In the study, a deep learning model based on the EfficientNet architecture and the Dynamic Distribution Adaptation Network approach were proposed and these proposed models were tested using the Microsoft Malware Classification Challenge (MMCC) and Dumpware10 datasets. In the study, the process of converting malware into images was discussed and the EfficientNet model was used as the basis for the classification of these images. The EfficientNet backbone-based Dynamic Distribution Adaptation Network achieved 97% accuracy in the MMCC dataset and 96% accuracy in the Dumpware10 dataset. As a result, the EfficientNet architecture proved the effectiveness of deep learning in the classification of malware and cybersecurity.

Keywords

EfficientNet architecture, malware classification, data preprocessing, compound scaling

Kötü Amaçlı Yazılım Sınıflandırması için Efficientnet Tabanlı Derin Öğrenme: Dinamik Dağıtım Uyarlama Yaklaşımı

Abstract

Malware, bilişim sistemlerini tehdit eden ve kullanımını engelleyen tüm kötü amaçlı yazılımlara verilen genel bir addır. Günlük hayatta kullanımı zorunlu hale gelen bilgisayarlar, insan hayatını kolaylaştırmanın yanı sıra kötü amaçlı yazılımların da sürekli tehdidi altındadır. Bu nedenle bilgisayar sistemlerini tehdit eden kötü amaçlı yazılımların tespiti önemlidir. Bu çalışmada kötü amaçlı yazılımların sınıflandırılması üzerine odaklanılmıştır. Çalışmada, EfficientNet mimarisine dayalı bir derin öğrenme modeli ve Dynamic Distribution Adaptation Network yaklaşımı önerilmiş ve bu önerilen modellemeler, Microsoft Kötü Amaçlı Yazılım Sınıflandırma Mücadelesi (MMCC) ve Dumpware10 veri kümeleri kullanılarak test edilmiştir. Çalışmada, kötü amaçlı yazılımların görüntülere dönüştürülme süreci ele alınmış ve bu görüntülerin sınıflandırılmasında EfficientNet modeli taban alınmıştır. EfficientNet backbone tabanlı Dynamic Distribution Adaptation Network, MMCC veri kümesinde %97, Dumpware10 veri kümesinde ise %96 doğruluk elde etmiştir. Sonuç olarak, EfficientNet mimarisi kötü amaçlı yazılımların sınıflandırılmasında ve siber güvenlikte derin öğrenmenin etkinliğini kanıtlamıştır.

Keywords

EfficientNet mimarisi, malware sınıflandırma, veri ön işleme, mimari ölçeklendirme

References

• [1] Deng H., Guo C., Shen G., Cui Y., and Ping Y., "MCTVD: A malware classification method based on three-channel visualization and deep learning", Computers & Security, 126, (2023).
• [2] Ahmed M., Afreen N., Ahmed M., Sameer M. and Ahamed J., "An inception V3 approach for malware classification using machine learning and transfer learning", International Journal of Intelligent Networks, 4: 11-18, (2023).
• [3] Kumar S. and Panda K., "SDIF-CNN: Stacking deep image features using fine-tuned convolution neural network models for real-world malware detection and classification", Applied Soft Computing, 146, (2023).
• [4] Bu S.-J. and Cho S.-B., "Malware classification with disentangled representation learning of evolutionary triplet network", Neurocomputing, 552, (2023).
• [5] Chaganti R., Ravi V. and Pham T. D., "A multi-view feature fusion approach for effective malware classification using Deep learning", Journal of Information Security and Applications, 72, (2023).
• [6] Baek S., Jeon J., Jeong B. and Jeong Y.-S., "Two-stage hybrid malware detection using Deep learning", Human-centric Computing and Information Sciences, 11, (2021).
• [7] Kumar M., "Scalable Malware Detection System Using Distributed Deep Learning", Cybernetics and Systems, 54: 619–647, (2022).
• [8] Xing X., Jin X., Elahi H., Jiang H. and Wang G., "A malware detection approach using autoencoder in deep learning", IEEE Access, 10: 25696-25706, (2022).
• [9] Alomari E. S., Nuiaa R. R., Alyasseri Z. A. A., Mohammed H. J., Sani N. S., Esa M. I. and Musawi B. A., "A. Malware detection using deep learning and correlation-based feature selection", Symmetry, 15:123, (2023).
• [10] Vinayakumar R., Alazab M., Soman K. P., Poornachandran P. and Venkatraman S., "Robust intelligent malware detection using deep learning", IEEE Access, 7: 46717-46738, (2019).
• [11] Pratama H. Y. and Sidabutar J., "Malware classification and visualization using EfficientNet and B2IMG algorithm", 2022 International Conference on Advanced Computer Science and Information Systems (ICACSIS), Depok, Indonesia, 75-80, (2022).
• [12] Oyucu S., Polat O., Türkoğlu M., Polat H., Aksöz A. and Ağdaş M. T., "Ensemble Learning Framework for DDoS Detection in SDN-Based SCADA Systems", Sensors, 24: 155, (2024).
• [13] Polat O., Türkoğlu M., Polat H., Oyucu S., Üzen H., Yardımcı F. and Aksöz A., "Multi-Stage Learning Framework Using Convolutional Neural Network and Decision Tree-Based Classification for Detection of DDoS Pandemic Attacks in SDN-Based SCADA Systems", Sensors, 24: 1040, (2024).
• [14] Iman M., Arabnia H. R. and Rasheed K., "A review of deep transfer learning and recent advancements", Technologies, 11: 40, (2023).
• [15] Sandler M., Howard A., Zhu M., Zhmoginov A., and Chen L.-C., "Mobilenetv2: Inverted residuals and linear bottlenecks", 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), Salt Lake City, Utah, 4510-4520, (2018).
• [16] Tan M. and Le Q., "EfficientNet: Rethinking model scaling for convolutional neural networks", International Conference on Machine Learning, Long Beach Convention Center, California, 6105-6114, (2019).
• [17] Escudero García D., DeCastro-García N. and Muñoz Castañeda A. L., "An effectiveness analysis of transfer learning for the concept drift problem in malware detection", Expert Systems with Applications, 212, (2023).
• [18] Wang J., Chen Y., Feng W., Yu H., Huang M. and Yang Q., "Transfer learning with dynamic distribution adaptation", ACM Transactions on Intelligent Systems and Technology, 11: 6, (2020).
• [19] Tekerek A. and Yapici M. M., "A novel malware classification and augmentation model based on convolutional neural network", Computers & Security, 112, (2022).
• [20] Bala Z., Zambuk F. U., Imam B. Y., Gital A. Y., Shittu F., Aliyu M. and Abdulrahman M. L., "Transfer learning approach for malware images classification on Android devices using deep convolutional neural network", Procedia Computer Science, 212: 429-440, (2022).
• [21] Prawiranata F. P. S. and Hadiprakoso R. B., "Comparison of Transfer Learning Performance in Image-Based Malware File Classification on the Dumpware10 Dataset", 2023 IEEE International Conference on Cryptography, Informatics, and Cybersecurity (ICoCICs), Bogor, Indonesia, 252-257, (2023).