Malware classification using CNN-XGBoost model

Abstract

This paper attempted to introduce a deep learning-based model for the classification of malicious software (Malware). Malware is growing exponentially every year and malware writers try to evade the antivirus software by producing polymorphic and metamorphic malware. Most antiviruses are based on signature detection which is not sufficient against the new generation of malware. For a solution against malicious software, antivirus vendors started to use Machine Learning approaches which had a positive impact on malware detection and classification. Recently, Deep Learning algorithms and specifically Convolutional Neural Networks (CNN) caught more attraction for malware classification and it is the best deep learning algorithm for extracting features from images. By integrating the CNN with Gradient Boosting (XG-Boost) algorithm we can have a powerful model to classify malware images into their classes or families. The input source for the model is the Malimg dataset [1] which is an open collection of already converted malware to a grayscale image. There are many papers used CNN-SVM, CNN-Softmax and other models for malware image classification and they got good accuracies, but this paper proposed to used CNN-XGBoost model and achieve more accuracy than previously used algorithms for malware classification.