Image-Based malware classification using ensemble of CNN architectures (IMCEC)

Danish Vasan, Mamoun Alazab, Sobia Wassan, Babak Safaei, Qin Zheng

    Research output: Contribution to journalArticlepeer-review

    50 Downloads (Pure)


    Unfortunately, both researchers and malware authors have demonstrated that malware scanners are limited and can be easily evaded by simple obfuscation techniques. This paper proposes a novel ensemble convolutional neural networks (CNNs) based architecture for effective detection of both packed and unpacked malware. We have named this method image-based malware classification using ensemble of CNNs (IMCEC). Our main assumption is that based on their deeper architectures different CNNs provide different semantic representations of the image; therefore, a set of CNN architectures makes it possible to extract features with higher qualities than traditional methods. Experimental results show that IMCEC is particularly suitable for malware detection. It can achieve a high detection accuracy with low false alarm rates using malware raw-input. Result demonstrates more than 99% accuracy for unpacked malware and over 98% accuracy for packed malware. IMCEC is flexible, practical and efficient as it takes only 1.18 second on average to identify new malware sample.
    Original languageEnglish
    Article number101748
    Pages (from-to)1-12
    Number of pages12
    JournalComputers and Security
    Early online date29 Feb 2020
    Publication statusPublished - May 2020

    Cite this