Self-Attentive Models for Real-Time Malware Classification
Malware classification is a critical task in cybersecurity, as it offers insights into the threats that malware poses to the victim device and helps in the design of countermeasures. For real-time malware classification, due to the high network throughputs of modern networks, there is a challenge of...
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2022-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/9877977/ |
| _version_ | 1828105265511137280 |
|---|---|
| author | Qikai Lu Hongwen Zhang Husam Kinawi Di Niu |
| author_facet | Qikai Lu Hongwen Zhang Husam Kinawi Di Niu |
| author_sort | Qikai Lu |
| collection | DOAJ |
| description | Malware classification is a critical task in cybersecurity, as it offers insights into the threats that malware poses to the victim device and helps in the design of countermeasures. For real-time malware classification, due to the high network throughputs of modern networks, there is a challenge of achieving high classification accuracy while maintaining low inference latency. We first introduce two self-attention transformer-based classifiers, SeqConvAttn and ImgConvAttn, to replace the currently predominant Convolutional Neural Network (CNN) classifiers. We then devise a file-size-aware two-stage framework to combine the two proposed models, thereby controlling the tradeoff between accuracy and latency for real-time classification. To assess our proposed designs, we conduct experiments on three malware datasets: the Microsoft Malware Classification Challenge (BIG 2015) and two selected subsets from the BODMAS PE malware dataset, BODMAS-11 and BODMAS-49. We show that our transformer-based designs can achieve better classification accuracy than traditional CNN-based designs. Furthermore, we show that the proposed two-stage framework reduces the average model inference latency while maintaining superior accuracy, thereby fulfilling the requirements of real-time classification. |
| first_indexed | 2024-04-11T10:00:37Z |
| format | Article |
| id | doaj.art-73f372bdc3d74abaa8d32abb8f709c6b |
| institution | Directory Open Access Journal |
| issn | 2169-3536 |
| language | English |
| last_indexed | 2024-04-11T10:00:37Z |
| publishDate | 2022-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj.art-73f372bdc3d74abaa8d32abb8f709c6b2022-12-22T04:30:26ZengIEEEIEEE Access2169-35362022-01-0110959709598510.1109/ACCESS.2022.32029529877977Self-Attentive Models for Real-Time Malware ClassificationQikai Lu0Hongwen Zhang1Husam Kinawi2Di Niu3https://orcid.org/0000-0002-5250-7327Department of Electrical and Computer Engineering, University of Alberta, Edmonton, CanadaWedge Networks, Calgary, CanadaWedge Networks, Calgary, CanadaDepartment of Electrical and Computer Engineering, University of Alberta, Edmonton, CanadaMalware classification is a critical task in cybersecurity, as it offers insights into the threats that malware poses to the victim device and helps in the design of countermeasures. For real-time malware classification, due to the high network throughputs of modern networks, there is a challenge of achieving high classification accuracy while maintaining low inference latency. We first introduce two self-attention transformer-based classifiers, SeqConvAttn and ImgConvAttn, to replace the currently predominant Convolutional Neural Network (CNN) classifiers. We then devise a file-size-aware two-stage framework to combine the two proposed models, thereby controlling the tradeoff between accuracy and latency for real-time classification. To assess our proposed designs, we conduct experiments on three malware datasets: the Microsoft Malware Classification Challenge (BIG 2015) and two selected subsets from the BODMAS PE malware dataset, BODMAS-11 and BODMAS-49. We show that our transformer-based designs can achieve better classification accuracy than traditional CNN-based designs. Furthermore, we show that the proposed two-stage framework reduces the average model inference latency while maintaining superior accuracy, thereby fulfilling the requirements of real-time classification.https://ieeexplore.ieee.org/document/9877977/Malware classificationself-attention networksmulti-stage classificationcybersecurity |
| spellingShingle | Qikai Lu Hongwen Zhang Husam Kinawi Di Niu Self-Attentive Models for Real-Time Malware Classification IEEE Access Malware classification self-attention networks multi-stage classification cybersecurity |
| title | Self-Attentive Models for Real-Time Malware Classification |
| title_full | Self-Attentive Models for Real-Time Malware Classification |
| title_fullStr | Self-Attentive Models for Real-Time Malware Classification |
| title_full_unstemmed | Self-Attentive Models for Real-Time Malware Classification |
| title_short | Self-Attentive Models for Real-Time Malware Classification |
| title_sort | self attentive models for real time malware classification |
| topic | Malware classification self-attention networks multi-stage classification cybersecurity |
| url | https://ieeexplore.ieee.org/document/9877977/ |
| work_keys_str_mv | AT qikailu selfattentivemodelsforrealtimemalwareclassification AT hongwenzhang selfattentivemodelsforrealtimemalwareclassification AT husamkinawi selfattentivemodelsforrealtimemalwareclassification AT diniu selfattentivemodelsforrealtimemalwareclassification |