Efficient Malware Analysis Using Subspace-Based Methods on Representative Image Patterns
In this paper, we propose a new framework for classifying and visualizing malware files using subspace-based methods. The rise of advanced malware poses a significant threat to internet security, increasing the pressure on traditional cybersecurity measures which may no longer be adequate. As signat...
Main Authors: | , , |
---|---|
Format: | Article |
Language: | English |
Published: |
IEEE
2023-01-01
|
Series: | IEEE Access |
Subjects: | |
Online Access: | https://ieeexplore.ieee.org/document/10244023/ |
_version_ | 1797351686106251264 |
---|---|
author | Djafer Yahia M Benchadi Bojan Batalo Kazuhiro Fukui |
author_facet | Djafer Yahia M Benchadi Bojan Batalo Kazuhiro Fukui |
author_sort | Djafer Yahia M Benchadi |
collection | DOAJ |
description | In this paper, we propose a new framework for classifying and visualizing malware files using subspace-based methods. The rise of advanced malware poses a significant threat to internet security, increasing the pressure on traditional cybersecurity measures which may no longer be adequate. As signature-based detection is limited to known threats, sophisticated methods are needed to detect and classify emerging malware that can bypass traditional antivirus software. Using representative image patterns to analyze malware features can provide a more detailed and precise approach by revealing detailed patterns that may be missed otherwise. In our framework, we rely on subspace representation of malware image patterns; a set of malware files belonging to the same class is compactly represented by a low-dimensional subspace in high dimensional vector space. Then, we use Subspace method (SM) and its kernel extension Kernel Subspace method (KSM) to classify a malware file by measuring the angle between the corresponding input vector and each class subspace. Further, we propose a visualization framework based on subspace representation and occlusion sensitivity analysis which enables detection of critical malware features. These visualizations can be used in conjunction with the proposed classification method to aid in interpretation of results and can lead to better understanding of malicious threats. We evaluate our methods on Malimg and Dumpware datasets and demonstrate the advantage of our methods over previous single-image verification methods that are vulnerable to varying conditions. With 98.07% and 97.21% accuracy, our algorithm outperforms other state-of-the-art techniques. |
first_indexed | 2024-03-08T13:04:07Z |
format | Article |
id | doaj.art-4c0c1b10659f4e87ade38c0beff7996d |
institution | Directory Open Access Journal |
issn | 2169-3536 |
language | English |
last_indexed | 2024-03-08T13:04:07Z |
publishDate | 2023-01-01 |
publisher | IEEE |
record_format | Article |
series | IEEE Access |
spelling | doaj.art-4c0c1b10659f4e87ade38c0beff7996d2024-01-19T00:00:25ZengIEEEIEEE Access2169-35362023-01-011110249210250710.1109/ACCESS.2023.331340910244023Efficient Malware Analysis Using Subspace-Based Methods on Representative Image PatternsDjafer Yahia M Benchadi0https://orcid.org/0000-0002-6839-5104Bojan Batalo1https://orcid.org/0000-0002-3671-0050Kazuhiro Fukui2https://orcid.org/0000-0002-4201-1096Degree Programs in Systems and Information Engineering, University of Tsukuba, Ibaraki, Tsukuba, JapanNational Institute of Advanced Industrial Science and Technology (AIST), Tokyo, Koto-ku, JapanInstitute of Systems and Information Engineering, University of Tsukuba, Ibaraki, Tsukuba, JapanIn this paper, we propose a new framework for classifying and visualizing malware files using subspace-based methods. The rise of advanced malware poses a significant threat to internet security, increasing the pressure on traditional cybersecurity measures which may no longer be adequate. As signature-based detection is limited to known threats, sophisticated methods are needed to detect and classify emerging malware that can bypass traditional antivirus software. Using representative image patterns to analyze malware features can provide a more detailed and precise approach by revealing detailed patterns that may be missed otherwise. In our framework, we rely on subspace representation of malware image patterns; a set of malware files belonging to the same class is compactly represented by a low-dimensional subspace in high dimensional vector space. Then, we use Subspace method (SM) and its kernel extension Kernel Subspace method (KSM) to classify a malware file by measuring the angle between the corresponding input vector and each class subspace. Further, we propose a visualization framework based on subspace representation and occlusion sensitivity analysis which enables detection of critical malware features. These visualizations can be used in conjunction with the proposed classification method to aid in interpretation of results and can lead to better understanding of malicious threats. We evaluate our methods on Malimg and Dumpware datasets and demonstrate the advantage of our methods over previous single-image verification methods that are vulnerable to varying conditions. With 98.07% and 97.21% accuracy, our algorithm outperforms other state-of-the-art techniques.https://ieeexplore.ieee.org/document/10244023/Malwaremalware imagesubspace methodkernel subspace methodocclusion sensitivity analysis |
spellingShingle | Djafer Yahia M Benchadi Bojan Batalo Kazuhiro Fukui Efficient Malware Analysis Using Subspace-Based Methods on Representative Image Patterns IEEE Access Malware malware image subspace method kernel subspace method occlusion sensitivity analysis |
title | Efficient Malware Analysis Using Subspace-Based Methods on Representative Image Patterns |
title_full | Efficient Malware Analysis Using Subspace-Based Methods on Representative Image Patterns |
title_fullStr | Efficient Malware Analysis Using Subspace-Based Methods on Representative Image Patterns |
title_full_unstemmed | Efficient Malware Analysis Using Subspace-Based Methods on Representative Image Patterns |
title_short | Efficient Malware Analysis Using Subspace-Based Methods on Representative Image Patterns |
title_sort | efficient malware analysis using subspace based methods on representative image patterns |
topic | Malware malware image subspace method kernel subspace method occlusion sensitivity analysis |
url | https://ieeexplore.ieee.org/document/10244023/ |
work_keys_str_mv | AT djaferyahiambenchadi efficientmalwareanalysisusingsubspacebasedmethodsonrepresentativeimagepatterns AT bojanbatalo efficientmalwareanalysisusingsubspacebasedmethodsonrepresentativeimagepatterns AT kazuhirofukui efficientmalwareanalysisusingsubspacebasedmethodsonrepresentativeimagepatterns |