HIT4Mal: Hybrid image transformation for malware classification

D.-L. Vu; T.-K. Nguyen; T.V. Nguyen; T.N. Nguyen; F. Massacci; P.H. Phung

doi:10.1002/ett.3789

HIT4Mal: Hybrid image transformation for malware classification

D.-L. Vu, T.-K. Nguyen, T.V. Nguyen, T.N. Nguyen, F. Massacci, P.H. Phung

Research output: Contribution to Journal › Article › Academic › peer-review

Abstract

© 2019 John Wiley & Sons, Ltd.Modern malware evolves various detection avoidance techniques to bypass the state-of-the-art detection methods. An emerging trend to deal with this issue is the combination of image transformation and machine learning models to classify and detect malware. However, existing works in this field only perform simple image transformation methods. These simple transformations have not considered color encoding and pixel rendering techniques on the performance of machine learning classifiers. In this article, we propose a novel approach to encoding and arranging bytes from binary files into images. These developed images contain statistical (eg, entropy) and syntactic artifacts (eg, strings), and their pixels are filled up using space-filling curves. Thanks to these features, our encoding method surpasses existing methods demonstrated by extensive experiments. In particular, our proposed method achieved 93.01% accuracy using the combination of the entropy encoding and character class scheme on the Hilbert curve.

Original language	English
Article number	e3789
Journal	Transactions on Emerging Telecommunications Technologies
Volume	31
Issue number	11
DOIs	https://doi.org/10.1002/ett.3789
Publication status	Published - 1 Nov 2020
Externally published	Yes

Funding

The authors wish to thank the anonymous reviewers for their helpful comments. Duc‐Ly Vu and Fabio Massacci have partial received funding from the European Union's Horizon 2020 research and innovation program under grant 675320 (NeCS: European Network for Cyber Security). The authors wish to thank the anonymous reviewers for their helpful comments. Duc-Ly Vu and Fabio Massacci have partial received funding from the European Union's Horizon 2020 research and innovation program under grant 675320 (NeCS: European Network for Cyber Security).

Funders	Funder number
European Network for Cyber Security
European Union's Horizon 2020
European Union's Horizon 2020 research and innovation program
Fabio Massacci
Horizon 2020 Framework Programme	675320

Access to Document

10.1002/ett.3789

Persistent URL (handle)

Persistent link

Cite this

@article{bac8ebf6832849b484108fb1b1957ae4,

title = "HIT4Mal: Hybrid image transformation for malware classification",

abstract = "{\textcopyright} 2019 John Wiley \& Sons, Ltd.Modern malware evolves various detection avoidance techniques to bypass the state-of-the-art detection methods. An emerging trend to deal with this issue is the combination of image transformation and machine learning models to classify and detect malware. However, existing works in this field only perform simple image transformation methods. These simple transformations have not considered color encoding and pixel rendering techniques on the performance of machine learning classifiers. In this article, we propose a novel approach to encoding and arranging bytes from binary files into images. These developed images contain statistical (eg, entropy) and syntactic artifacts (eg, strings), and their pixels are filled up using space-filling curves. Thanks to these features, our encoding method surpasses existing methods demonstrated by extensive experiments. In particular, our proposed method achieved 93.01\% accuracy using the combination of the entropy encoding and character class scheme on the Hilbert curve.",

author = "D.-L. Vu and T.-K. Nguyen and T.V. Nguyen and T.N. Nguyen and F. Massacci and P.H. Phung",

year = "2020",

month = nov,

day = "1",

doi = "10.1002/ett.3789",

language = "English",

volume = "31",

journal = "Transactions on Emerging Telecommunications Technologies",

issn = "2161-5748",

publisher = "John Wiley and Sons Ltd",

number = "11",

}

TY - JOUR

T1 - HIT4Mal

T2 - Hybrid image transformation for malware classification

AU - Vu, D.-L.

AU - Nguyen, T.-K.

AU - Nguyen, T.V.

AU - Nguyen, T.N.

AU - Massacci, F.

AU - Phung, P.H.

PY - 2020/11/1

Y1 - 2020/11/1

N2 - © 2019 John Wiley & Sons, Ltd.Modern malware evolves various detection avoidance techniques to bypass the state-of-the-art detection methods. An emerging trend to deal with this issue is the combination of image transformation and machine learning models to classify and detect malware. However, existing works in this field only perform simple image transformation methods. These simple transformations have not considered color encoding and pixel rendering techniques on the performance of machine learning classifiers. In this article, we propose a novel approach to encoding and arranging bytes from binary files into images. These developed images contain statistical (eg, entropy) and syntactic artifacts (eg, strings), and their pixels are filled up using space-filling curves. Thanks to these features, our encoding method surpasses existing methods demonstrated by extensive experiments. In particular, our proposed method achieved 93.01% accuracy using the combination of the entropy encoding and character class scheme on the Hilbert curve.

AB - © 2019 John Wiley & Sons, Ltd.Modern malware evolves various detection avoidance techniques to bypass the state-of-the-art detection methods. An emerging trend to deal with this issue is the combination of image transformation and machine learning models to classify and detect malware. However, existing works in this field only perform simple image transformation methods. These simple transformations have not considered color encoding and pixel rendering techniques on the performance of machine learning classifiers. In this article, we propose a novel approach to encoding and arranging bytes from binary files into images. These developed images contain statistical (eg, entropy) and syntactic artifacts (eg, strings), and their pixels are filled up using space-filling curves. Thanks to these features, our encoding method surpasses existing methods demonstrated by extensive experiments. In particular, our proposed method achieved 93.01% accuracy using the combination of the entropy encoding and character class scheme on the Hilbert curve.

UR - https://www.scopus.com/pages/publications/85075231028

UR - https://www.scopus.com/inward/citedby.url?scp=85075231028&partnerID=8YFLogxK

U2 - 10.1002/ett.3789

DO - 10.1002/ett.3789

M3 - Article

SN - 2161-5748

VL - 31

JO - Transactions on Emerging Telecommunications Technologies

JF - Transactions on Emerging Telecommunications Technologies

IS - 11

M1 - e3789

ER -

HIT4Mal: Hybrid image transformation for malware classification

Abstract

Funding

Access to Document

Persistent URL (handle)

Other files and links

Fingerprint

Cite this