Convolutional neural networks and extreme learning machines for malware classification
Publication Date
9-1-2020
Document Type
Article
Publication Title
Journal of Computer Virology and Hacking Techniques
Volume
16
Issue
3
DOI
10.1007/s11416-020-00354-y
First Page
229
Last Page
244
Abstract
Research in the field of malware classification often relies on machine learning models that are trained on high-level features, such as opcodes, function calls, and control flow graphs. Extracting such features is costly, since disassembly or code execution is generally required. In this paper, we conduct experiments to train and evaluate machine learning models for malware classification, based on features that can be obtained without disassembly or code execution. Specifically, we visualize malware samples as images and employ image analysis techniques using both two-dimensional images and one-dimensional vectors derived from images. We consider two machine learning techniques, namely, convolutional neural networks (CNN) and extreme learning machines (ELM). For images we find that ELMs can achieve accuracies on par with CNNs, yet ELM training requires less than 2% of the time needed to train a comparable CNN. We also find that ELMs and CNNs perform as well when trained on one-dimensional data as when trained on two-dimensional data. In this latter case, ELMs are faster to train than CNNs, but only by a relatively small factor as compared to image-based training.
Department
Computer Science
Recommended Citation
Mugdha Jain, William Andreopoulos, and Mark Stamp. "Convolutional neural networks and extreme learning machines for malware classification" Journal of Computer Virology and Hacking Techniques (2020): 229-244. https://doi.org/10.1007/s11416-020-00354-y
