SlideShare a Scribd company logo

Deriving Optimal Deep Learning Models for Image-based Malware Classification

Shinagawa Laboratory, The University of Tokyo
Shinagawa Laboratory, The University of Tokyo

Deriving Optimal Deep Learning Models for Image-based Malware Classification. Rikima Mitsuhashi, Takahiro Shinagawa. 37th ACM/SIGAPP Symposium On Applied Computing (ACM SAC 2022), Online, Apr 2022. Poster presentation.

Software
1 of 6
Download to read offline
Deriving Optimal Deep Learning Models for Image-based Malware Classification ACM SAC, April 2022 Rikima Mitsuhashi and Takahiro Shinagawa The University of Tokyo
 Cyber-attacks with malware have continued  Automatically classifying is useful  Malware analysis is a major burden for security analysts Background Cyber-attack trends and Image-based malware classification 2 α β γ δ Malware variants  Convolutional neural network (CNN) is popular  for image-based malware classification  Malware images are familiar with CNN  Created from malware programs  simple, versatile, easy to use ACM SAC, April 2022 ➢ complex and sophisticated ➢ many variants Recent malware
Problem Fine-tuning degree 3  We can use many types of CNN models  Fine-tuning can be performed for each model  a method of transfer learning  Pre-trained CNN models have the knowledge of natural objects (plants, animals, artifacts, etc. )  However, it is unclear how effective knowledge of natural objects is for malware image classification ACM SAC, April 2022 knowledge of natural objects Training data of malware image
 Investigate 24 pre-trained models and five levels of fine-tuning parameters (Totally, 120 models)  To Frozen means to use the knowledge of natural objects  Evaluated on standard dataset  Malimg (Windows malware) and Drebin (Android malware) Solution Deriving the optimal combination of model and fine-tuning 4 DenseNet121 model Frozen all Frozen none Frozen 3/4 Frozen 1/2 Frozen 1/4 Xception model ・・・ knowledge of natural objects Training data of Malware image VGG19 model ACM SAC, April 2022
0.95 0.96 0.97 0.98 0.99 1 Frozen_all Frozen_3/4 Frozen_1/2 Frozen_1/4 Frozen_none EfficientNetB4 EfficientNetB4 on cross-validation Evaluation (1/2) Classification of Malimg and Drebin dataset 5 98.96% Comparison of cross-validation 0.8 0.85 0.9 0.95 Frozen_all Frozen_3/4 Frozen_1/2 Frozen_1/4 Frozen_none EfficientNetB4 91.03% Comparison of hold-out validation 1 The accuracy is one of 10 tested in cross-validation 1 ACM SAC, April 2022 Frozen_none Frozen_1/4
Evaluation (2/2) Confusion matrix 6 Confusion matrix of Malimg Confusion matrix of Drebin Summary  Derived optimal deep learning models for Image–based malware classification  EfficientNetB4 with none or only 1/4 of natural object knowledge  Highest classification accuracy  For image-based malware classification  Malimg (98.96%) and Drebin (91.03%) datasets ACM SAC, April 2022

Recommended

Automated Android Malware Detection Using Optimal Ensemble Learning Approach ...
Automated Android Malware Detection Using Optimal Ensemble Learning Approach ...Automated Android Malware Detection Using Optimal Ensemble Learning Approach ...
Automated Android Malware Detection Using Optimal Ensemble Learning Approach ...Shakas Technologies
 
Improve malware classifiers performance using cost-sensitive learning for imb...
Improve malware classifiers performance using cost-sensitive learning for imb...Improve malware classifiers performance using cost-sensitive learning for imb...
Improve malware classifiers performance using cost-sensitive learning for imb...IAESIJAI
 
Optimizing cybersecurity incident response decisions using deep reinforcemen...
Optimizing cybersecurity incident response decisions using deep reinforcemen...Optimizing cybersecurity incident response decisions using deep reinforcemen...
Optimizing cybersecurity incident response decisions using deep reinforcemen...IJECEIAES
 
Selecting Prominent API Calls and Labeling Malicious Samples for Effective Ma...
Selecting Prominent API Calls and Labeling Malicious Samples for Effective Ma...Selecting Prominent API Calls and Labeling Malicious Samples for Effective Ma...
Selecting Prominent API Calls and Labeling Malicious Samples for Effective Ma...IJCSIS Research Publications
 
Android malware detection through online learning
Android malware detection through online learningAndroid malware detection through online learning
Android malware detection through online learningIJARIIT
 
Predict Android ransomware using categorical classifiaction.pptx
Predict Android ransomware using categorical classifiaction.pptxPredict Android ransomware using categorical classifiaction.pptx
Predict Android ransomware using categorical classifiaction.pptxlaharisai03
 
Machine Learning in Malware Detection
Machine Learning in Malware DetectionMachine Learning in Malware Detection
Machine Learning in Malware DetectionKaspersky
 
Keith J. Jones, Ph.D. - MALGAZER: AN AUTOMATED MALWARE CLASSIFIER WITH RUNNIN...
Keith J. Jones, Ph.D. - MALGAZER: AN AUTOMATED MALWARE CLASSIFIER WITH RUNNIN...Keith J. Jones, Ph.D. - MALGAZER: AN AUTOMATED MALWARE CLASSIFIER WITH RUNNIN...
Keith J. Jones, Ph.D. - MALGAZER: AN AUTOMATED MALWARE CLASSIFIER WITH RUNNIN...Keith Jones, PhD
 

Recommended

Automated Android Malware Detection Using Optimal Ensemble Learning Approach ...
Automated Android Malware Detection Using Optimal Ensemble Learning Approach ...Automated Android Malware Detection Using Optimal Ensemble Learning Approach ...
Automated Android Malware Detection Using Optimal Ensemble Learning Approach ...Shakas Technologies
 
Improve malware classifiers performance using cost-sensitive learning for imb...
Improve malware classifiers performance using cost-sensitive learning for imb...Improve malware classifiers performance using cost-sensitive learning for imb...
Improve malware classifiers performance using cost-sensitive learning for imb...IAESIJAI
 
Optimizing cybersecurity incident response decisions using deep reinforcemen...
Optimizing cybersecurity incident response decisions using deep reinforcemen...Optimizing cybersecurity incident response decisions using deep reinforcemen...
Optimizing cybersecurity incident response decisions using deep reinforcemen...IJECEIAES
 
Selecting Prominent API Calls and Labeling Malicious Samples for Effective Ma...
Selecting Prominent API Calls and Labeling Malicious Samples for Effective Ma...Selecting Prominent API Calls and Labeling Malicious Samples for Effective Ma...
Selecting Prominent API Calls and Labeling Malicious Samples for Effective Ma...IJCSIS Research Publications
 
Android malware detection through online learning
Android malware detection through online learningAndroid malware detection through online learning
Android malware detection through online learningIJARIIT
 
Predict Android ransomware using categorical classifiaction.pptx
Predict Android ransomware using categorical classifiaction.pptxPredict Android ransomware using categorical classifiaction.pptx
Predict Android ransomware using categorical classifiaction.pptxlaharisai03
 
Machine Learning in Malware Detection
Machine Learning in Malware DetectionMachine Learning in Malware Detection
Machine Learning in Malware DetectionKaspersky
 
Keith J. Jones, Ph.D. - MALGAZER: AN AUTOMATED MALWARE CLASSIFIER WITH RUNNIN...
Keith J. Jones, Ph.D. - MALGAZER: AN AUTOMATED MALWARE CLASSIFIER WITH RUNNIN...Keith J. Jones, Ph.D. - MALGAZER: AN AUTOMATED MALWARE CLASSIFIER WITH RUNNIN...
Keith J. Jones, Ph.D. - MALGAZER: AN AUTOMATED MALWARE CLASSIFIER WITH RUNNIN...Keith Jones, PhD
 
Presentation on vulnerability analysis
Presentation on vulnerability analysisPresentation on vulnerability analysis
Presentation on vulnerability analysisAsif Anik
 
Windows 8 kasp1248
Windows 8 kasp1248Windows 8 kasp1248
Windows 8 kasp1248Anatoliy Tkachev
 
Weapon detection using artificial intelligence and deep learning for security...
Weapon detection using artificial intelligence and deep learning for security...Weapon detection using artificial intelligence and deep learning for security...
Weapon detection using artificial intelligence and deep learning for security...Venkat Projects
 
Weapon detection using artificial intelligence and deep learning for security...
Weapon detection using artificial intelligence and deep learning for security...Weapon detection using artificial intelligence and deep learning for security...
Weapon detection using artificial intelligence and deep learning for security...Venkat Projects
 
Panda Security - Adaptive Defense
Panda Security - Adaptive DefensePanda Security - Adaptive Defense
Panda Security - Adaptive DefensePanda Security
 
Integrated Feature Extraction Approach Towards Detection of Polymorphic Malwa...
Integrated Feature Extraction Approach Towards Detection of Polymorphic Malwa...Integrated Feature Extraction Approach Towards Detection of Polymorphic Malwa...
Integrated Feature Extraction Approach Towards Detection of Polymorphic Malwa...CSCJournals
 
Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response Adrian Guthrie
 
Malware evolution and Endpoint Detection and Response Technology
Malware evolution and Endpoint Detection and Response TechnologyMalware evolution and Endpoint Detection and Response Technology
Malware evolution and Endpoint Detection and Response TechnologyAdrian Guthrie
 
PROVIDING CYBER SECURITY SOLUTION FOR MALWARE DETECTION USING SUPPORT VECTOR ...
PROVIDING CYBER SECURITY SOLUTION FOR MALWARE DETECTION USING SUPPORT VECTOR ...PROVIDING CYBER SECURITY SOLUTION FOR MALWARE DETECTION USING SUPPORT VECTOR ...
PROVIDING CYBER SECURITY SOLUTION FOR MALWARE DETECTION USING SUPPORT VECTOR ...IRJET Journal
 
Presentation_Malware Analysis.pptx
Presentation_Malware Analysis.pptxPresentation_Malware Analysis.pptx
Presentation_Malware Analysis.pptxnishanth kurush
 
Today
TodayToday
TodaySherin Bennet
 
Android malware detection_using_autoenco (1)
Android malware detection_using_autoenco (1)Android malware detection_using_autoenco (1)
Android malware detection_using_autoenco (1)Zahid Qaisar
 
MACHINE LEARNING APPLICATIONS IN MALWARE CLASSIFICATION: A METAANALYSIS LITER...
MACHINE LEARNING APPLICATIONS IN MALWARE CLASSIFICATION: A METAANALYSIS LITER...MACHINE LEARNING APPLICATIONS IN MALWARE CLASSIFICATION: A METAANALYSIS LITER...
MACHINE LEARNING APPLICATIONS IN MALWARE CLASSIFICATION: A METAANALYSIS LITER...IJCI JOURNAL
 
Paper-1 PPT.pptx
Paper-1 PPT.pptxPaper-1 PPT.pptx
Paper-1 PPT.pptxSangeeta Mehta
 
Functional and Behavioral Analysis of Different Type of Ransomware.pptx
Functional and Behavioral Analysis of Different Type of Ransomware.pptxFunctional and Behavioral Analysis of Different Type of Ransomware.pptx
Functional and Behavioral Analysis of Different Type of Ransomware.pptxtarkovtarkovski
 
DEF: Deep Ensemble Neural Network Classifier for Android Malware Detection
DEF: Deep Ensemble Neural Network Classifier for Android Malware DetectionDEF: Deep Ensemble Neural Network Classifier for Android Malware Detection
DEF: Deep Ensemble Neural Network Classifier for Android Malware DetectionIJCNCJournal
 
DEF: Deep Ensemble Neural Network Classifier for Android Malware Detection
DEF: Deep Ensemble Neural Network Classifier for Android Malware DetectionDEF: Deep Ensemble Neural Network Classifier for Android Malware Detection
DEF: Deep Ensemble Neural Network Classifier for Android Malware DetectionIJCNCJournal
 
COMPARISON OF MALWARE CLASSIFICATION METHODS USING CONVOLUTIONAL NEURAL NETWO...
COMPARISON OF MALWARE CLASSIFICATION METHODS USING CONVOLUTIONAL NEURAL NETWO...COMPARISON OF MALWARE CLASSIFICATION METHODS USING CONVOLUTIONAL NEURAL NETWO...
COMPARISON OF MALWARE CLASSIFICATION METHODS USING CONVOLUTIONAL NEURAL NETWO...IJNSA Journal
 
An intrusion detection system for packet and flow based networks using deep n...
An intrusion detection system for packet and flow based networks using deep n...An intrusion detection system for packet and flow based networks using deep n...
An intrusion detection system for packet and flow based networks using deep n...IJECEIAES
 
Hancitor malware recognition using swarm intelligent technique
Hancitor malware recognition using swarm intelligent techniqueHancitor malware recognition using swarm intelligent technique
Hancitor malware recognition using swarm intelligent techniqueCSITiaesprime
 
Towards Isolated Execution at the Machine Level
Towards Isolated Execution at the Machine LevelTowards Isolated Execution at the Machine Level
Towards Isolated Execution at the Machine LevelShinagawa Laboratory, The University of Tokyo
 
DMAFV: Testing Device Drivers against DMA Faults
DMAFV: Testing Device Drivers against DMA FaultsDMAFV: Testing Device Drivers against DMA Faults
DMAFV: Testing Device Drivers against DMA FaultsShinagawa Laboratory, The University of Tokyo
 

More Related Content

Similar to Deriving Optimal Deep Learning Models for Image-based Malware Classification

Presentation on vulnerability analysis
Presentation on vulnerability analysisPresentation on vulnerability analysis
Presentation on vulnerability analysisAsif Anik
 
Weapon detection using artificial intelligence and deep learning for security...
Weapon detection using artificial intelligence and deep learning for security...Weapon detection using artificial intelligence and deep learning for security...
Weapon detection using artificial intelligence and deep learning for security...Venkat Projects
 
Weapon detection using artificial intelligence and deep learning for security...
Weapon detection using artificial intelligence and deep learning for security...Weapon detection using artificial intelligence and deep learning for security...
Weapon detection using artificial intelligence and deep learning for security...Venkat Projects
 
Panda Security - Adaptive Defense
Panda Security - Adaptive DefensePanda Security - Adaptive Defense
Panda Security - Adaptive DefensePanda Security
 
Integrated Feature Extraction Approach Towards Detection of Polymorphic Malwa...
Integrated Feature Extraction Approach Towards Detection of Polymorphic Malwa...Integrated Feature Extraction Approach Towards Detection of Polymorphic Malwa...
Integrated Feature Extraction Approach Towards Detection of Polymorphic Malwa...CSCJournals
 
Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response Adrian Guthrie
 
Malware evolution and Endpoint Detection and Response Technology
Malware evolution and Endpoint Detection and Response TechnologyMalware evolution and Endpoint Detection and Response Technology
Malware evolution and Endpoint Detection and Response TechnologyAdrian Guthrie
 
PROVIDING CYBER SECURITY SOLUTION FOR MALWARE DETECTION USING SUPPORT VECTOR ...
PROVIDING CYBER SECURITY SOLUTION FOR MALWARE DETECTION USING SUPPORT VECTOR ...PROVIDING CYBER SECURITY SOLUTION FOR MALWARE DETECTION USING SUPPORT VECTOR ...
PROVIDING CYBER SECURITY SOLUTION FOR MALWARE DETECTION USING SUPPORT VECTOR ...IRJET Journal
 
Presentation_Malware Analysis.pptx
Presentation_Malware Analysis.pptxPresentation_Malware Analysis.pptx
Presentation_Malware Analysis.pptxnishanth kurush
 
Android malware detection_using_autoenco (1)
Android malware detection_using_autoenco (1)Android malware detection_using_autoenco (1)
Android malware detection_using_autoenco (1)Zahid Qaisar
 
MACHINE LEARNING APPLICATIONS IN MALWARE CLASSIFICATION: A METAANALYSIS LITER...
MACHINE LEARNING APPLICATIONS IN MALWARE CLASSIFICATION: A METAANALYSIS LITER...MACHINE LEARNING APPLICATIONS IN MALWARE CLASSIFICATION: A METAANALYSIS LITER...
MACHINE LEARNING APPLICATIONS IN MALWARE CLASSIFICATION: A METAANALYSIS LITER...IJCI JOURNAL
 
Functional and Behavioral Analysis of Different Type of Ransomware.pptx
Functional and Behavioral Analysis of Different Type of Ransomware.pptxFunctional and Behavioral Analysis of Different Type of Ransomware.pptx
Functional and Behavioral Analysis of Different Type of Ransomware.pptxtarkovtarkovski
 
DEF: Deep Ensemble Neural Network Classifier for Android Malware Detection
DEF: Deep Ensemble Neural Network Classifier for Android Malware DetectionDEF: Deep Ensemble Neural Network Classifier for Android Malware Detection
DEF: Deep Ensemble Neural Network Classifier for Android Malware DetectionIJCNCJournal
 
DEF: Deep Ensemble Neural Network Classifier for Android Malware Detection
DEF: Deep Ensemble Neural Network Classifier for Android Malware DetectionDEF: Deep Ensemble Neural Network Classifier for Android Malware Detection
DEF: Deep Ensemble Neural Network Classifier for Android Malware DetectionIJCNCJournal
 
COMPARISON OF MALWARE CLASSIFICATION METHODS USING CONVOLUTIONAL NEURAL NETWO...
COMPARISON OF MALWARE CLASSIFICATION METHODS USING CONVOLUTIONAL NEURAL NETWO...COMPARISON OF MALWARE CLASSIFICATION METHODS USING CONVOLUTIONAL NEURAL NETWO...
COMPARISON OF MALWARE CLASSIFICATION METHODS USING CONVOLUTIONAL NEURAL NETWO...IJNSA Journal
 
An intrusion detection system for packet and flow based networks using deep n...
An intrusion detection system for packet and flow based networks using deep n...An intrusion detection system for packet and flow based networks using deep n...
An intrusion detection system for packet and flow based networks using deep n...IJECEIAES
 
Hancitor malware recognition using swarm intelligent technique
Hancitor malware recognition using swarm intelligent techniqueHancitor malware recognition using swarm intelligent technique
Hancitor malware recognition using swarm intelligent techniqueCSITiaesprime
 

Similar to Deriving Optimal Deep Learning Models for Image-based Malware Classification (20)

Presentation on vulnerability analysis
Presentation on vulnerability analysisPresentation on vulnerability analysis
Presentation on vulnerability analysis
 
Windows 8 kasp1248
Windows 8 kasp1248Windows 8 kasp1248
Windows 8 kasp1248
 
Weapon detection using artificial intelligence and deep learning for security...
Weapon detection using artificial intelligence and deep learning for security...Weapon detection using artificial intelligence and deep learning for security...
Weapon detection using artificial intelligence and deep learning for security...
 
Weapon detection using artificial intelligence and deep learning for security...
Weapon detection using artificial intelligence and deep learning for security...Weapon detection using artificial intelligence and deep learning for security...
Weapon detection using artificial intelligence and deep learning for security...
 
Panda Security - Adaptive Defense
Panda Security - Adaptive DefensePanda Security - Adaptive Defense
Panda Security - Adaptive Defense
 
Integrated Feature Extraction Approach Towards Detection of Polymorphic Malwa...
Integrated Feature Extraction Approach Towards Detection of Polymorphic Malwa...Integrated Feature Extraction Approach Towards Detection of Polymorphic Malwa...
Integrated Feature Extraction Approach Towards Detection of Polymorphic Malwa...
 
Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response Malware evolution and Endpoint Detection and Response
Malware evolution and Endpoint Detection and Response
 
Malware evolution and Endpoint Detection and Response Technology
Malware evolution and Endpoint Detection and Response TechnologyMalware evolution and Endpoint Detection and Response Technology
Malware evolution and Endpoint Detection and Response Technology
 
PROVIDING CYBER SECURITY SOLUTION FOR MALWARE DETECTION USING SUPPORT VECTOR ...
PROVIDING CYBER SECURITY SOLUTION FOR MALWARE DETECTION USING SUPPORT VECTOR ...PROVIDING CYBER SECURITY SOLUTION FOR MALWARE DETECTION USING SUPPORT VECTOR ...
PROVIDING CYBER SECURITY SOLUTION FOR MALWARE DETECTION USING SUPPORT VECTOR ...
 
Presentation_Malware Analysis.pptx
Presentation_Malware Analysis.pptxPresentation_Malware Analysis.pptx
Presentation_Malware Analysis.pptx
 
Today
TodayToday
Today
 
Android malware detection_using_autoenco (1)
Android malware detection_using_autoenco (1)Android malware detection_using_autoenco (1)
Android malware detection_using_autoenco (1)
 
MACHINE LEARNING APPLICATIONS IN MALWARE CLASSIFICATION: A METAANALYSIS LITER...
MACHINE LEARNING APPLICATIONS IN MALWARE CLASSIFICATION: A METAANALYSIS LITER...MACHINE LEARNING APPLICATIONS IN MALWARE CLASSIFICATION: A METAANALYSIS LITER...
MACHINE LEARNING APPLICATIONS IN MALWARE CLASSIFICATION: A METAANALYSIS LITER...
 
Paper-1 PPT.pptx
Paper-1 PPT.pptxPaper-1 PPT.pptx
Paper-1 PPT.pptx
 
Functional and Behavioral Analysis of Different Type of Ransomware.pptx
Functional and Behavioral Analysis of Different Type of Ransomware.pptxFunctional and Behavioral Analysis of Different Type of Ransomware.pptx
Functional and Behavioral Analysis of Different Type of Ransomware.pptx
 
DEF: Deep Ensemble Neural Network Classifier for Android Malware Detection
DEF: Deep Ensemble Neural Network Classifier for Android Malware DetectionDEF: Deep Ensemble Neural Network Classifier for Android Malware Detection
DEF: Deep Ensemble Neural Network Classifier for Android Malware Detection
 
DEF: Deep Ensemble Neural Network Classifier for Android Malware Detection
DEF: Deep Ensemble Neural Network Classifier for Android Malware DetectionDEF: Deep Ensemble Neural Network Classifier for Android Malware Detection
DEF: Deep Ensemble Neural Network Classifier for Android Malware Detection
 
COMPARISON OF MALWARE CLASSIFICATION METHODS USING CONVOLUTIONAL NEURAL NETWO...
COMPARISON OF MALWARE CLASSIFICATION METHODS USING CONVOLUTIONAL NEURAL NETWO...COMPARISON OF MALWARE CLASSIFICATION METHODS USING CONVOLUTIONAL NEURAL NETWO...
COMPARISON OF MALWARE CLASSIFICATION METHODS USING CONVOLUTIONAL NEURAL NETWO...
 
An intrusion detection system for packet and flow based networks using deep n...
An intrusion detection system for packet and flow based networks using deep n...An intrusion detection system for packet and flow based networks using deep n...
An intrusion detection system for packet and flow based networks using deep n...
 
Hancitor malware recognition using swarm intelligent technique
Hancitor malware recognition using swarm intelligent techniqueHancitor malware recognition using swarm intelligent technique
Hancitor malware recognition using swarm intelligent technique
 

More from Shinagawa Laboratory, The University of Tokyo

ライブマイグレーションにおけるサブページ書き込み保護の評価
ライブマイグレーションにおけるサブページ書き込み保護の評価ライブマイグレーションにおけるサブページ書き込み保護の評価
ライブマイグレーションにおけるサブページ書き込み保護の評価Shinagawa Laboratory, The University of Tokyo
 

More from Shinagawa Laboratory, The University of Tokyo (11)

Towards Isolated Execution at the Machine Level
Towards Isolated Execution at the Machine LevelTowards Isolated Execution at the Machine Level
Towards Isolated Execution at the Machine Level
 
DMAFV: Testing Device Drivers against DMA Faults
DMAFV: Testing Device Drivers against DMA FaultsDMAFV: Testing Device Drivers against DMA Faults
DMAFV: Testing Device Drivers against DMA Faults
 
遅延レイヤ取得による高互換コンテナ起動高速化手法
遅延レイヤ取得による高互換コンテナ起動高速化手法遅延レイヤ取得による高互換コンテナ起動高速化手法
遅延レイヤ取得による高互換コンテナ起動高速化手法
 
ライブマイグレーションにおけるサブページ書き込み保護の評価
ライブマイグレーションにおけるサブページ書き込み保護の評価ライブマイグレーションにおけるサブページ書き込み保護の評価
ライブマイグレーションにおけるサブページ書き込み保護の評価
 
A Robust and Flexible Operating System Compatibility Architecture
A Robust and Flexible Operating System Compatibility ArchitectureA Robust and Flexible Operating System Compatibility Architecture
A Robust and Flexible Operating System Compatibility Architecture
 
FaultVisor2: Testing Hypervisor Device Drivers against Real Hardware Failures
FaultVisor2: Testing Hypervisor Device Drivers against Real Hardware FailuresFaultVisor2: Testing Hypervisor Device Drivers against Real Hardware Failures
FaultVisor2: Testing Hypervisor Device Drivers against Real Hardware Failures
 
Distributed Denial of Service Attack Prevention at Source Machines
Distributed Denial of Service Attack Prevention at Source MachinesDistributed Denial of Service Attack Prevention at Source Machines
Distributed Denial of Service Attack Prevention at Source Machines
 
The Quick Migration of File Servers
The Quick Migration of File ServersThe Quick Migration of File Servers
The Quick Migration of File Servers
 
Unified Hardware Abstraction Layer with Device Masquerade
Unified Hardware Abstraction Layer with Device MasqueradeUnified Hardware Abstraction Layer with Device Masquerade
Unified Hardware Abstraction Layer with Device Masquerade
 
BMCArmor: A Hardware Protection Scheme for Bare-metal Clouds
BMCArmor: A Hardware Protection Scheme for Bare-metal CloudsBMCArmor: A Hardware Protection Scheme for Bare-metal Clouds
BMCArmor: A Hardware Protection Scheme for Bare-metal Clouds
 
VM-aware Adaptive Storage Cache Prefetching
VM-aware Adaptive Storage Cache PrefetchingVM-aware Adaptive Storage Cache Prefetching
VM-aware Adaptive Storage Cache Prefetching
 

Recently uploaded

%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
Pharm-D Biostatistics and Research methodology
Pharm-D Biostatistics and Research methodologyPharm-D Biostatistics and Research methodology
Pharm-D Biostatistics and Research methodologyAnusha Are
 
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfryanfarris8
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...Shane Coughlan
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verifiedSector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verifiedDelhi Call girls
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...kalichargn70th171
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfonteinmasabamasaba
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrainmasabamasaba
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfproinshot.com
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfayushiqss
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfkalichargn70th171
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrandmasabamasaba
 
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456KiaraTiradoMicha
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnAmarnathKambale
 

Recently uploaded (20)

%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
Pharm-D Biostatistics and Research methodology
Pharm-D Biostatistics and Research methodologyPharm-D Biostatistics and Research methodology
Pharm-D Biostatistics and Research methodology
 
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verifiedSector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verified
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdf
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 

Deriving Optimal Deep Learning Models for Image-based Malware Classification

  • 1. Deriving Optimal Deep Learning Models for Image-based Malware Classification ACM SAC, April 2022 Rikima Mitsuhashi and Takahiro Shinagawa The University of Tokyo
  • 2.  Cyber-attacks with malware have continued  Automatically classifying is useful  Malware analysis is a major burden for security analysts Background Cyber-attack trends and Image-based malware classification 2 α β γ δ Malware variants  Convolutional neural network (CNN) is popular  for image-based malware classification  Malware images are familiar with CNN  Created from malware programs  simple, versatile, easy to use ACM SAC, April 2022 ➢ complex and sophisticated ➢ many variants Recent malware
  • 3. Problem Fine-tuning degree 3  We can use many types of CNN models  Fine-tuning can be performed for each model  a method of transfer learning  Pre-trained CNN models have the knowledge of natural objects (plants, animals, artifacts, etc. )  However, it is unclear how effective knowledge of natural objects is for malware image classification ACM SAC, April 2022 knowledge of natural objects Training data of malware image
  • 4.  Investigate 24 pre-trained models and five levels of fine-tuning parameters (Totally, 120 models)  To Frozen means to use the knowledge of natural objects  Evaluated on standard dataset  Malimg (Windows malware) and Drebin (Android malware) Solution Deriving the optimal combination of model and fine-tuning 4 DenseNet121 model Frozen all Frozen none Frozen 3/4 Frozen 1/2 Frozen 1/4 Xception model ・・・ knowledge of natural objects Training data of Malware image VGG19 model ACM SAC, April 2022
  • 5. 0.95 0.96 0.97 0.98 0.99 1 Frozen_all Frozen_3/4 Frozen_1/2 Frozen_1/4 Frozen_none EfficientNetB4 EfficientNetB4 on cross-validation Evaluation (1/2) Classification of Malimg and Drebin dataset 5 98.96% Comparison of cross-validation 0.8 0.85 0.9 0.95 Frozen_all Frozen_3/4 Frozen_1/2 Frozen_1/4 Frozen_none EfficientNetB4 91.03% Comparison of hold-out validation 1 The accuracy is one of 10 tested in cross-validation 1 ACM SAC, April 2022 Frozen_none Frozen_1/4
  • 6. Evaluation (2/2) Confusion matrix 6 Confusion matrix of Malimg Confusion matrix of Drebin Summary  Derived optimal deep learning models for Image–based malware classification  EfficientNetB4 with none or only 1/4 of natural object knowledge  Highest classification accuracy  For image-based malware classification  Malimg (98.96%) and Drebin (91.03%) datasets ACM SAC, April 2022