基于ResNet-50深度神经网络迁移学习的恶意软件分类

2017 16th IEEE International Conference on Machine Learning and Applications (ICMLA) Pub Date : 2017-12-01 DOI:10.1109/ICMLA.2017.00-19

Edmar R. S. Rezende, Guilherme C. S. Ruppert, T. Carvalho, F. Ramos, Paulo Lício de Geus

{"title":"基于ResNet-50深度神经网络迁移学习的恶意软件分类","authors":"Edmar R. S. Rezende, Guilherme C. S. Ruppert, T. Carvalho, F. Ramos, Paulo Lício de Geus","doi":"10.1109/ICMLA.2017.00-19","DOIUrl":null,"url":null,"abstract":"Malicious software (malware) has been extensively used for illegal activity and new malware variants are discovered at an alarmingly high rate. The ability to group malware variants into families with similar characteristics makes possible to create mitigation strategies that work for a whole class of programs. In this paper, we present a malware family classification approach using a deep neural network based on the ResNet-50 architecture. Malware samples are represented as byteplot grayscale images and a deep neural network is trained freezing the convolutional layers of ResNet-50 pre-trained on the ImageNet dataset and adapting the last layer to malware family classification. The experimental results on a dataset comprising 9,339 samples from 25 different families showed that our approach can effectively be used to classify malware families with an accuracy of 98.62%.","PeriodicalId":6636,"journal":{"name":"2017 16th IEEE International Conference on Machine Learning and Applications (ICMLA)","volume":"61 26 1","pages":"1011-1014"},"PeriodicalIF":0.0000,"publicationDate":"2017-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"179","resultStr":"{\"title\":\"Malicious Software Classification Using Transfer Learning of ResNet-50 Deep Neural Network\",\"authors\":\"Edmar R. S. Rezende, Guilherme C. S. Ruppert, T. Carvalho, F. Ramos, Paulo Lício de Geus\",\"doi\":\"10.1109/ICMLA.2017.00-19\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Malicious software (malware) has been extensively used for illegal activity and new malware variants are discovered at an alarmingly high rate. The ability to group malware variants into families with similar characteristics makes possible to create mitigation strategies that work for a whole class of programs. In this paper, we present a malware family classification approach using a deep neural network based on the ResNet-50 architecture. Malware samples are represented as byteplot grayscale images and a deep neural network is trained freezing the convolutional layers of ResNet-50 pre-trained on the ImageNet dataset and adapting the last layer to malware family classification. The experimental results on a dataset comprising 9,339 samples from 25 different families showed that our approach can effectively be used to classify malware families with an accuracy of 98.62%.\",\"PeriodicalId\":6636,\"journal\":{\"name\":\"2017 16th IEEE International Conference on Machine Learning and Applications (ICMLA)\",\"volume\":\"61 26 1\",\"pages\":\"1011-1014\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"179\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 16th IEEE International Conference on Machine Learning and Applications (ICMLA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICMLA.2017.00-19\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 16th IEEE International Conference on Machine Learning and Applications (ICMLA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICMLA.2017.00-19","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 179

摘要

恶意软件(恶意软件)已被广泛用于非法活动，新的恶意软件变种被发现的速度高得惊人。将恶意软件变体分成具有相似特征的家族的能力，使得创建适用于整个程序类的缓解策略成为可能。在本文中，我们提出了一种基于ResNet-50架构的深度神经网络恶意软件家族分类方法。恶意软件样本被表示为字节图灰度图像，深度神经网络被训练，冻结在ImageNet数据集上预训练的ResNet-50的卷积层，并使最后一层适应恶意软件家族分类。在包含25个不同家族的9339个样本的数据集上的实验结果表明，我们的方法可以有效地用于恶意软件家族的分类，准确率为98.62%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Malicious Software Classification Using Transfer Learning of ResNet-50 Deep Neural Network

Malicious software (malware) has been extensively used for illegal activity and new malware variants are discovered at an alarmingly high rate. The ability to group malware variants into families with similar characteristics makes possible to create mitigation strategies that work for a whole class of programs. In this paper, we present a malware family classification approach using a deep neural network based on the ResNet-50 architecture. Malware samples are represented as byteplot grayscale images and a deep neural network is trained freezing the convolutional layers of ResNet-50 pre-trained on the ImageNet dataset and adapting the last layer to malware family classification. The experimental results on a dataset comprising 9,339 samples from 25 different families showed that our approach can effectively be used to classify malware families with an accuracy of 98.62%.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2017 16th IEEE International Conference on Machine Learning and Applications (ICMLA)

自引率

0.00%

发文量

期刊最新文献

Tree-Structured Curriculum Learning Based on Semantic Similarity of Text Direct Multiclass Boosting Using Base Classifiers' Posterior Probabilities Estimates Predicting Psychosis Using the Experience Sampling Method with Mobile Apps Human Action Recognition from Body-Part Directional Velocity Using Hidden Markov Models Realistic Traffic Generation for Web Robots