TRConv: Multi-platform malware classification via target regulated convolutions

Creative Commons License

EĞİTMEN A., Yavuz A. G., YAVUZ S.

IEEE Access, cilt.12, ss.71492-71504, 2024 (SCI-Expanded) identifier

  • Yayın Türü: Makale / Tam Makale
  • Cilt numarası: 12
  • Basım Tarihi: 2024
  • Doi Numarası: 10.1109/access.2024.3401627
  • Dergi Adı: IEEE Access
  • Derginin Tarandığı İndeksler: Science Citation Index Expanded (SCI-EXPANDED), Scopus, Compendex, INSPEC, Directory of Open Access Journals
  • Sayfa Sayıları: ss.71492-71504
  • Anahtar Kelimeler: Convolutional network, malware and benign, malware behaviour analysis, opcode length
  • Yıldız Teknik Üniversitesi Adresli: Evet

Özet

Malware is an important threat to digital workflow. Traditional malware modeling approaches focused on using hand-crafted features while recent approaches proved the necessity of using learning based methodologies. In this paper, we propose a novel opcode based methodology that additionally learns multiple behavioral target variables to effectively regulate and guide the static malware classification. Our methodology shows that introduction of previously extracted malware behavior-related target variables immediately improve binary malware classification performance in both Android and Windows platforms. The contributions of our methodology has been extensively validated on ArgusAMD and MOTIF dataset. Mean classification accuracy and F1 scores suggest that our model is robust against random opcode injection attacks compared to other convolution based architectures.