A Machine Learning Approach for Malware Detection based on Image Conversion

Due to the sophistication of recent malware, classical detection approaches are becoming obsolete. Machine Learning for malware detection has emerged as a new trend and is becoming increasingly effective. Indeed, malware generate a tremendous amount of data that should be analyzed and used to detect them. The aim of this paper is to propose a Machine Learning approach to detect both recent and old malware by converting them into images. This approach, which consists of two phases, is based on Transfer Learning through the use of Convolutional Neural Networks (CNN) that extract features from malware images. These features are used to determine the maliciousness of a particular file. We define six strategies, each one is a combination of two image types (Grayscale and Color) and three CNN architectures (VGG, ResNet and Inception). Experimental evaluation has been done to test these six strategies. The strategy that fulfills the most testing goals is Grayscale + ResNet with a testing accuracy of 90.08\%. Even if the first results are promising, the future work is to automate the fine-tuning of the parameters to go through all possible values and obtain the best ones.