Article: WTSEMal: a malware classification scheme based on wavelet and SE-Resnet Journal: International Journal of Information and Computer Security (IJICS) 2024 Vol.25 No.1/2 pp.31 - 52 Abstract: This study aims at the problem of traditional malware feature extraction data that is huge, has features that are diverse and poor detection effect, which requires lots of reverse engineering expertise. In this study, we propose a visual malware classification scheme based on Wavelet and SE-Resnet network named WTSEMal. Firstly, convert the binary file of the malware sample into an image format. Then, after the image is pre-processed by normalisation, mean filtering and data augmentation, the image is decomposed and reorganised by wavelet transform (WT). Finally, the reconstructed image is input into SE-Resnet network for family classification. The experimental results show that the accuracy of the proposed WTSEMal classification scheme in Malimg and Big15 is 99.22% and 97.49%, respectively, which are better than the existing machine learning malware classification methods. Compared with traditional classification methods, it has a good detection effect in detecting confusion or variant samples and has strong generalisation ability. Inderscience Publishers - linking academia, business and industry through research

Title: WTSEMal: a malware classification scheme based on wavelet and SE-Resnet

Authors: Dongwen Zhang; Shaohua Zhang; Guanghua Zhang; Naiwen Yu

Addresses: School of Information Science and Engineering, Hebei University of Science and Technology, Shijiazhuang, Hebei 050018, China ' School of Information Science and Engineering, Hebei University of Science and Technology, Shijiazhuang, Hebei 050018, China ' School of Information Science and Engineering, Hebei University of Science and Technology, Shijiazhuang, Hebei 050018, China ' School of Information Science and Engineering, Hebei University of Science and Technology, Shijiazhuang, Hebei 050018, China

Abstract: This study aims at the problem of traditional malware feature extraction data that is huge, has features that are diverse and poor detection effect, which requires lots of reverse engineering expertise. In this study, we propose a visual malware classification scheme based on Wavelet and SE-Resnet network named WTSEMal. Firstly, convert the binary file of the malware sample into an image format. Then, after the image is pre-processed by normalisation, mean filtering and data augmentation, the image is decomposed and reorganised by wavelet transform (WT). Finally, the reconstructed image is input into SE-Resnet network for family classification. The experimental results show that the accuracy of the proposed WTSEMal classification scheme in Malimg and Big15 is 99.22% and 97.49%, respectively, which are better than the existing machine learning malware classification methods. Compared with traditional classification methods, it has a good detection effect in detecting confusion or variant samples and has strong generalisation ability.

Keywords: malware detection; wavelet transform; WT; malware visualisation; deep learning.

DOI: 10.1504/IJICS.2024.142684

International Journal of Information and Computer Security, 2024 Vol.25 No.1/2, pp.31 - 52

Received: 21 Sep 2022
Accepted: 20 Mar 2023
Published online: 18 Nov 2024 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: WTSEMal: a malware classification scheme based on wavelet and SE-Resnet

Keep up-to-date