Windows Malware Hunting with InceptionResNetv2 Assisted Malware Visualization Approach

Abstract

Context: With rapidly growing information transfer speeds and easier code development strategies, recent years have witnessed an increase in volume, velocity, and voracity of malware attacks. Existing consumer-level malware detection solutions are inefficient at detecting ‘zero-day’, obfuscated and unknown malware variants. However, machine learning and deep learning solutions overcome these issues and demonstrate promising results. Malware visualization-based techniques in particular, which have demonstrated significant efficacy in the past, offer room for improvement, which has been discussed in the current work. Objectives: The current study proposes a method for malware detection and classification using grayscale malware images which are created from Windows malware binaries. This is followed by utilizing a pretrained InceptionResNetv2 CNN for effective malware detection and classification. Methods and design: We begin by creating grayscale images of latest malware binaries collected from the Internet. We utilize image resizing and byte reduction techniques to equalize the image sizes and utilize a pretrained InceptionResNetv2 CNN architecture trained on 1.5 million images in the ImageNet repository for malware detection and classification. Results and Conclusion: To evaluate the performance of the suggested method, we utilize one public benchmark malware image dataset (Malimg) and one custom built malware image dataset created from latest malware samples from the Internet. Our model is able to demonstrate state-of-the-art classification accuracy of 99.2% in both datasets, and our model proves to be an effective yet computationally inexpensive choice for real-time malware detection and classification.