MIRACLE: Malware image recognition and classification by layered extraction

Download PDF
Open Webpage

Inzamamul Alam, Md. Samiullah, S. M. Asaduzzaman, Upama Kabir, A. M. Aahad, Simon S. Woo

Published: 01 Jan 2025, Last Modified: 09 May 2025Data Min. Knowl. Discov. 2025EveryoneRevisionsBibTeXCC BY-SA 4.0
Abstract: Annually, over 800,000 individuals are victims of cyberattacks, predominantly through malware, which possesses the capacity to emerge as a formidable instrument of destruction in the realm of cybersecurity. And, it is a challenging task to manually thwart an assault by malware. Hence, it is crucial to properly categorize malware binaries in order to identify their origins. Furthermore, malware structure discovery and analysis through simple feature extraction approaches is time-consuming and challenging. In fact, malware classification was previously explored using machine learning (ML)-based approaches such as SVM and XGBoost. In addition, recently, deep learning (DL) has proven to be effective in finding malicious patterns. Without DL, analysis of the vast amounts of available data tends to be impossible. In addition, existing methods, such as “transfer-learning”, “fusion-methodology”, “and “transformer-techniques”, lack evidence of effectiveness when tested on actual malware binary files. Moreover, hand-crafted features engineering or rudimentary Convolutional Neural Networks (CNNs) do not perform well and take much time to find effective features. To address the aforementioned challenges, we propose a novel approach, Malware Image Recognition & Classification by Layered Extraction (MIRACLE), by implementing our own spatial convolutional neural network (Sp-CNN) with sufficient regularization and data augmentation to identify and classify malware in images effectively and efficiently. Our proposed method is developed based on analyzing malware binary structure, which is segmented as headers and section, symbolic information lies on section segment. Our Sp-CNN can extract that symbolic information from the top of the hidden layer constructively. We have evaluated our model with as MalImg, Microsoft-Big, Malevis and Android Malware dataset. We achieved accuracy of 99.87% for MalImg, 99.81% for Microsoft-Big, and 99.22% for Malevis in our test dataset, respectively. Our proposed method surpasses Google’s InceptionV3, ResNet50, EfficientNetB1, VGG16, VGG19, and other state-of-the-art (SOTA) methods in terms of performance.