Examining the Performance of Various Pretrained Convolutional Neural Network Models in Malware Detection
Abstract
:1. Introduction
- The result of the comparison is to identify the best pretrained CNN model features and classifiers to propose a malware detection technique.
- Collect and extract the most valuable features from the last fully connected layers of ResNet50, DenseNet201, GoogLeNet, AlexNet, and SqueezeNet models.
- Simplifying the training procedure by employing models that have already been trained as feature extractors, such as AlexNet, ResNet50, GoogLeNet, SqueezeNet, and DenseNet201, and then using PCA to generate finer features.
- According to all evaluation metrics, the proposed malware detection DenseNet201-KNN yielded the most successful results using the Malimg dataset.
- The lightweight design used by each of the proposed malware detection techniques requires a little time and resources.
2. Related Works
3. Pretrained CNN Models Overview
3.1. DenseNet201 Model as Feature Extractor
3.2. ResNet50 Model as Feature Extractor
3.3. GoogLeNet Model as Feature Extractor
3.4. AlexNet Model as Feature Extractor
3.5. SqueezeNet Model as Feature Extractor
4. The Proposed Methods
Algorithm 1. Process implementation pretrained models for malware detection |
Input: RGB Malware Image from dataset. Output: Non-Malware/Malware Image. Begin For Step 1: Load the dataset Step 2: Read all the images using the “Imread ()” function to read each image; Step 3: The RGB image should be converted to the grayscale image through the use of a Matlab code called “rgb2gray ()”; Step 4: Resizing Process: Step 4.1: For Resnet50, DenseNet201, and GoogLeNet model, Resize the converted images into (224, 224) pixels. Step 4.2: For AlexNet and SqueezeNet model, Resize the converted images into (227, 227) pixels. Step 5: Load pre-trained CNN models (Resnet50, DenseNet201, GoogLeNet, AlexNet, and SqueezeNet). Step 6: Activations Process: Step 6.1: Outputs from (“ fc1000”) the last convolutional layer of ResNet50. Step 6.2: Outputs from (fc1000) the last layer of DenseNet201. Step 6.3: Outputs from (‘pool5-drop_7×7_s1’) the last layer of GoogLeNet (Inception V3). Step 6.4: Outputs from (fc7) the last layer of AlexNet. Step 6.5: Outputs from (pool10) the last layer of SqueezeNet. Step 7: Extract Feature Vector: Step 7.1: For ResNet50, Store the 1000 feature vector dimension. Step 7.2: For DenseNet201, Store the 1000-feature vector dimension. Step 7.3: For GoogLeNet, Store the 1024-feature vector dimension. Step 7.4: For AlexNet, Store the 4096-feature vector dimension. Step 7.5: For SqueezeNet, Store the 1000 feature vector dimension. Step 8: Apply feature selection method: Step 8.1: Apply PCA method. Step 9: Replace the fully connection layers FC with new classifier. Step 9.1: Training Process: A. Train the GDA classifier on the selected extracted feature vectors; B. Train the KNN classifier on the selected extracted feature vectors; C. Train the Logistics classifier on the selected extracted feature vectors; D. Train the SVM classifier on the selected extracted feature vectors; E. Train the RF classifier on the selected extracted feature vectors; F. Train the Ensemble classifier on the selected extracted feature vectors; Step 9.2: Testing Process: A. The GDA model that has been trained is put through a series of tests to determine if an image contains malware or not. B. The KNN model that has been trained is put through a series of tests to determine if an image contains malware or not. C. The Logistics model that has been trained is put through a series of tests to determine if an image contains malware or not. D. The SVM model that has been trained is put through a series of tests to determine if an image contains malware or not. E. The RF model that has been trained is put through a series of tests to determine if an image contains malware or not. F. The Ensemble model that has been trained is put through a series of tests to determine if an image contains malware or not. End for End |
- Step 1: Malware Transformation
- Step 2: Feature Extraction
- Step 2.1: ResNet50 Features Extraction
Algorithm 2. ResNet50 model as feature extraction. |
Input: RGB Malware Image from dataset. Output: 1 × 2048 features vector dimension. Begin For 1: Upload the preparation malware image. 2: Normalize each image input that falls between the 0 and 255. 3: Change the resolution to (224 × 244). 4: Load the ResNet50 model. 5: Load ResNet50 model weights. 6: The model’s last fully connected (FC) layers have been eliminated or are not included. 7: Build an entirely new model for feature extraction. 8: Using ResNet50’s final convolutional layer (“avg_pool” or “pool5”), the activation is produced. 9: An array has been generated from the image. 10: Reducing the features array’s dimensions to one. 11: Print the flattened array. 12: Keeping the generated 2048 feature vector. End for End |
- Step 2.2: DenseNet201 Features Extraction
Algorithm 3. DenseNet201 model as feature extraction |
Input: RGB Malware Image from dataset. Output: 1 × 1000 features vector dimension. Begin For 1: Upload the preparation malware image. 2: Normalize each image input that falls between the 0 and 255. 3: Change the resolution to (224 × 244). 4: Load the DenseNet201 model. 5: Load DenseNet201 model weights. 6: The model’s last fully connected (FC) layers have been eliminated or are not included. 7: Build an entirely new model for feature extraction. 8: Using DenseNet201 final convolutional layer (“fc1000”), the activation is produced. 9: An array has been generated from the image. 10: Reducing the features array’s dimensions to one. 11: Print the flattened array. 12: Keeping the generated 1000 feature vector. End for End |
- Step 2.3: GoogLeNet Features Extraction
Algorithm 4. GoogLeNet model as feature extraction. |
Input: RGB Malware Image from dataset. Output: 1 × 5643 features vector dimension. Begin For 1: Upload the preparation malware image. 2: Normalize each image input that falls between the 0 and 255. 3: Change the resolution to (224 × 244). 4: Load the GoogLeNet model. 5: Load GoogLeNet model weights. 6: The model’s last fully connected (FC) layers have been eliminated or are not included. 7: Build an entirely new model for feature extraction. 8: Using GoogLeNet final convolutional layer (“pool5-drop_7×7_s1”), the activation is produced. 9: An array has been generated from the image. 10: Reducing the features array’s dimensions to one. 11: Print the flattened array. 12: Keeping the generated 5643 feature vector. End for End |
- Step 2.4: AlexNet Features Extraction
Algorithm 5. AlexNet model as feature extraction. |
Input: RGB Malware Image from dataset. Output: 1 × 4096 features vector dimension. Begin For 1: Upload the preparation malware image. 2: Normalize each image input that falls between the 0 and 255. 3: Change the resolution to (224 × 244). 4: Load the AlexNet model. 5: Load AlexNet model weights. 6: The model’s last fully connected (FC) layers have been eliminated or are not included. 7: Build an entirely new model for feature extraction. 8: Using AlexNet final convolutional layer (“fc2”), the activation is produced. 9: An array has been generated from the image. 10: Reducing the features array’s dimensions to one. 11: Print the flattened array. 12: Keeping the generated 4096 feature vector. End for End |
- Step 2.5: SqueezeNet Features Extraction
Algorithm 6. SqueezeNet model as feature extraction. |
Input: RGB Malware Image from dataset. Output: 1 × 1000 features vector dimension. Begin For 1: Upload the preparation malware image. 2: Normalize each image input that falls between the 0 and 255. 3: Change the resolution to (227 × 247). 4: Load the SqueezeNet model. 5: Load SqueezeNet model weights. 6: The model’s last fully connected (FC) layers have been eliminated or are not included. 7: Build an entirely new model for feature extraction. 8: Using SqueezeNet final convolutional layer (“avg_pool10”), the activation is produced. 9: An array has been generated from the image. 10: Reducing the features array’s dimensions to one. 11: Print the flattened array. 12: Keeping the generated 1000 feature vector. End for End |
- Step 3: Feature Selection
- Step 4: Classification
- Step 4.1: Gaussian Discriminant Analysis (GDA) Classifier
- Step 4.2: K-Nearest Neighbor (KNN) Classifier
- Step 4.3: The logistic regression Classifier
- Step 4.4: SVM Classifier
- Step 4.5: RF Classifier
- Step 4.6: Extreme Learning Machines (ELM) Classifier.
5. Results and Discussion
5.1. Datasets
5.2. Performance Evaluation Metric
- Accuracy: the ratio of successfully classified photos to the overall number of input images, in accordance with Equation (1).
- 2.
- Error: the percentage of all images to all images that were wrongly classified, in accordance with Equation (2).
5.3. Evaluation Results
5.3.1. Performance Findings Using an Unbalanced Malimg Dataset
Performance Analysis of Each Classifier
Performance Analysis of Each Feature
5.4. Comparative Results of Current Methods
6. Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Conflicts of Interest
References
- Poudyal, S.; Akhtar, Z.; Dasgupta, D.; Gupta, K.D. Malware analytics: Review of data mining, machine learning and big data perspectives. In Proceedings of the 2019 IEEE Symposium Series on Computational Intelligence (SSCI), Xiamen, China, 6–9 December 2019; pp. 649–656. [Google Scholar]
- Hammad, B.T.; Jamil, N.; Rusli, M.E.; Z’Aba, M.R.; Ahmed, I.T. Implementation of lightweight cryptographic primitives. J. Theor. Appl. Inf. Technol. 2017, 95, 5126–5141. [Google Scholar]
- Bayer, U.; Moser, A.; Kruegel, C.; Kirda, E. Dynamic analysis of malicious code. J. Comput. Virol. 2006, 2, 67–77. [Google Scholar] [CrossRef]
- Ahmed, I.T.; Jamil, N.; Din, M.M.; Hammad, B.T. Binary and Multi-Class Malware Threads Classification. Appl. Sci. 2022, 12, 12528. [Google Scholar] [CrossRef]
- Da’u, A.; Salim, N. Recommendation system based on deep learning methods: A systematic review and new directions. Artif. Intell. Rev. 2020, 53, 2709–2748. [Google Scholar] [CrossRef]
- Rezende, E.; Ruppert, G.; Carvalho, T.; Theophilo, A.; Ramos, F.; de Geus, P. Malicious software classification using VGG16 deep neural network’s bottleneck features. In Information Technology-New Generations; Springer: Berlin/Heidelberg, Germany, 2018; pp. 51–59. [Google Scholar]
- Vasan, D.; Alazab, M.; Wassan, S.; Safaei, B.; Zheng, Q. Image-Based malware classification using ensemble of CNN architectures (IMCEC). Comput. Secur. 2020, 92, 101748. [Google Scholar] [CrossRef]
- Pant, D.; Bista, R. Image-based Malware Classification using Deep Convolutional Neural Network and Transfer Learning. In Proceedings of the 3rd International Conference on Advanced Information Science and System, Sanya, China, 26–28 November 2021; pp. 1–6. [Google Scholar]
- Kumar, S.; Janet, B. DTMIC: Deep transfer learning for malware image classification. J. Inf. Secur. Appl. 2022, 64, 103063. [Google Scholar] [CrossRef]
- Gyamfi, N.K.; Goranin, N.; Čeponis, D.; Čenys, A. Malware detection using convolutional neural network, a deep learning framework: Comparative analysis. J. Internet Serv. Inf. Secur. 2022, 12, 102–115. [Google Scholar] [CrossRef]
- Asam, M.; Hussain, S.J.; Mohatram, M.; Khan, S.H.; Jamal, T.; Zafar, A.; Khan, A.; Ali, M.U.; Zahoora, U. Detection of exceptional malware variants using deep boosted feature spaces and machine learning. Appl. Sci. 2021, 11, 10464. [Google Scholar] [CrossRef]
- Aslan, Ö.; Yilmaz, A.A. A new malware classification framework based on deep learning algorithms. IEEE Access 2021, 9, 87936–87951. [Google Scholar] [CrossRef]
- Hammad, B.T.; Jamil, N.; Ahmed, I.T.; Zain, Z.M.; Basheer, S. Robust Malware Family Classification Using Effective Features and Classifiers. Appl. Sci. 2022, 12, 7877. [Google Scholar] [CrossRef]
- Khan, R.U.; Zhang, X.; Kumar, R. Analysis of ResNet and GoogleNet models for malware detection. J. Comput. Virol. Hacking Tech. 2019, 15, 29–37. [Google Scholar] [CrossRef]
- Lo, W.W.; Yang, X.; Wang, Y. An xception convolutional neural network for malware classification with transfer learning. In Proceedings of the 2019 10th IFIP International Conference on New Technologies, Mobility and Security (NTMS), IEEE, Canary Islands, Spain, 24–26 June 2019; pp. 1–5. [Google Scholar]
- Singh, A.; Handa, A.; Kumar, N.; Shukla, S.K. Malware classification using image representation. In Proceedings of the Cyber Security Cryptography and Machine Learning: Third International Symposium, CSCML 2019, Beer-Sheva, Israel, 27–28 June 2019; pp. 75–92. [Google Scholar]
- Vasan, D.; Alazab, M.; Wassan, S.; Naeem, H.; Safaei, B.; Zheng, Q. IMCFN: Image-based malware classification using fine-tuned convolutional neural network architecture. Comput. Netw. 2020, 171, 107138. [Google Scholar] [CrossRef]
- Marastoni, N.; Giacobazzi, R.; Dalla Preda, M. Data augmentation and transfer learning to classify malware images in a deep learning context. J. Comput. Virol. Hacking Tech. 2021, 17, 279–297. [Google Scholar] [CrossRef]
- Anandhi, V.; Vinod, P.; Menon, V.G. Malware visualization and detection using DenseNets. Pers. Ubiquitous Comput. 2021, 28, 153–169. [Google Scholar] [CrossRef]
- Asam, M.; Khan, S.H.; Akbar, A.; Bibi, S.; Jamal, T.; Khan, A.; Ghafoor, U.; Bhutta, M.R. IoT malware detection architecture using a novel channel boosted and squeezed CNN. Sci. Rep. 2022, 12, 15498. [Google Scholar] [CrossRef] [PubMed]
- Shaukat, K.; Luo, S.; Varadharajan, V. A novel deep learning-based approach for malware detection. Eng. Appl. Artif. Intell. 2023, 122, 106030. [Google Scholar] [CrossRef]
- Dawra, B.; Chauhan, A.N.; Rani, R.; Dev, A.; Bansal, P.; Sharma, A. Malware Classification using Deep Learning Techniques. In Proceedings of the 2023 2nd Edition of IEEE Delhi Section Flagship Conference (DELCON), Rajpura, India, 24–26 February 2023; pp. 1–7. [Google Scholar]
- Ahmed, I.T.; Hammad, B.T.; Jamil, N. A comparative analysis of image copy-move forgery detection algorithms based on hand and machine-crafted features. Indones. J. Electr. Eng. Comput. Sci. 2021, 22, 1177–1190. [Google Scholar]
- Huang, G.; Liu, Z.; Van Der Maaten, L.; Weinberger, K.Q. Densely connected convolutional networks. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, Honolulu, HI, USA, 21–26 July 2017; pp. 4700–4708. [Google Scholar]
- Wang, S.-H.; Zhang, Y.-D. DenseNet-201-based deep neural network with composite learning factor and precomputation for multiple sclerosis classification. ACM Trans. Multimed. Comput. Commun. Appl. 2020, 16, 1–19. [Google Scholar] [CrossRef]
- Qu, L.; Wu, C.; Zou, L. 3D dense separated convolution module for volumetric medical image analysis. Appl. Sci. 2020, 10, 485. [Google Scholar] [CrossRef]
- Theckedath, D.; Sedamkar, R.R. Detecting affect states using VGG16, ResNet50 and SE-ResNet50 networks. SN Comput. Sci. 2020, 1, 79. [Google Scholar] [CrossRef]
- He, K.; Zhang, X.; Ren, S.; Sun, J. Deep residual learning for image recognition. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, Las Vegas, NV, USA, 27–30 June 2016; pp. 770–778. [Google Scholar]
- Alzubaidi, L.; Zhang, J.; Humaidi, A.J.; Al-Dujaili, A.; Duan, Y.; Al-Shamma, O.; Santamaría, J.; Fadhel, M.A.; Al-Amidie, M.; Farhan, L. Review of deep learning: Concepts, CNN architectures, challenges, applications, future directions. J. Big Data 2021, 8, 53. [Google Scholar] [CrossRef]
- Yoo, H.-J. Deep convolution neural networks in computer vision: A review. IEIE Trans. Smart Process. Comput. 2015, 4, 35–43. [Google Scholar] [CrossRef]
- Krizhevsky, A.; Sutskever, I.; Hinton, G.E. Imagenet classification with deep convolutional neural networks. Commun. ACM 2017, 60, 84–90. [Google Scholar] [CrossRef]
- Alom, M.Z.; Taha, T.M.; Yakopcic, C.; Westberg, S.; Sidike, P.; Nasrin, M.S.; Van Esesn, B.C.; Awwal, A.A.S.; Asari, V.K. The history began from alexnet: A comprehensive survey on deep learning approaches. arXiv 2018, arXiv:1803.01164. [Google Scholar]
- Ahmed, I.T.; Hammad, B.T.; Jamil, N. Effective Deep Features for Image Splicing Detection. In Proceedings of the 2021 IEEE 11th International Conference on System Engineering and Technology (ICSET), Shah Alam, Malaysia, 6 November 2021; pp. 189–193. [Google Scholar]
- Wang, S.; Kang, B.; Ma, J.; Zeng, X.; Xiao, M.; Guo, J.; Cai, M.; Yang, J.; Li, Y.; Meng, X. A deep learning algorithm using CT images to screen for Corona Virus Disease (COVID-19). Eur. Radiol. 2021, 31, 6096–6104. [Google Scholar] [CrossRef] [PubMed]
- Conti, G.; Dean, E.; Sinda, M.; Sangster, B. Visual reverse engineering of binary and data files. In Proceedings of the International Workshop on Visualization for Computer Security, Cambridge, MA, USA, 15 September 2008; pp. 1–17. [Google Scholar]
- Nataraj, L.; Yegneswaran, V.; Porras, P.; Zhang, J. A comparative assessment of malware classification using binary texture analysis and dynamic analysis. In Proceedings of the 4th ACM Workshop on Security and Artificial Intelligence, Chicago, IL USA, 21 October 2011; pp. 21–30. [Google Scholar]
- Omuya, E.O.; Okeyo, G.O.; Kimwele, M.W. Feature selection for classification using principal component analysis and information gain. Expert Syst. Appl. 2021, 174, 114765. [Google Scholar] [CrossRef]
- Wang, S.; Yu, X.; Jia, W. A new population initialization of particle swarm optimization method based on pca for feature selection. J. Big Data 2021, 3, 1. [Google Scholar] [CrossRef]
- Sharifi, K.; Leon-Garcia, A. Estimation of shape parameter for generalized Gaussian distributions in subband decompositions of video. IEEE Trans. Circuits Syst. Video Technol. 1995, 5, 52–56. [Google Scholar] [CrossRef]
- Tanveer, M.; Shubham, K.; Aldhaifallah, M.; Ho, S.S. An efficient regularized K-nearest neighbor based weighted twin support vector regression. Knowl.-Based Syst. 2016, 94, 70–87. [Google Scholar] [CrossRef]
- Ahmed, I.T.; Hammad, B.T.; Jamil, N. Forgery detection algorithm based on texture features. Indones. J. Electr. Eng. Comput. Sci. 2021, 24, 226–235. [Google Scholar] [CrossRef]
- Wilson, J.R.; Lorenz, K.A. Modeling Binary Correlated Responses Using SAS, SPSS and R; Springer: Berlin/Heidelberg, Germany, 2015; Volume 9. [Google Scholar]
- Bishop, C.M.; Nasrabadi, N.M. Pattern Recognition and Machine Learning; Springer: Berlin/Heidelberg, Germany, 2006; Volume 4. [Google Scholar]
- Breiman, L. Random Forests. Mach. Learn. 2001, 45, 5–32. [Google Scholar] [CrossRef]
- Ahmed, I.T.; Hammad, B.T.; Jamil, N. Common Gabor Features for Image Watermarking Identification. Appl. Sci. 2021, 11, 8308. [Google Scholar] [CrossRef]
- Huang, G.-B.; Zhu, Q.-Y.; Siew, C.-K. Extreme learning machine: A new learning scheme of feedforward neural networks. In Proceedings of the 2004 IEEE International joint Conference on Neural Networks (IEEE Cat. No. 04CH37541), Budapest, Hungary, 25–29 July 2004; Volume 2, pp. 985–990. [Google Scholar]
- Nataraj, L.; Karthikeyan, S.; Jacob, G.; Manjunath, B.S. Malware images: Visualization and automatic classification. In Proceedings of the 8th International Symposium on Visualization for Cyber Security, Pittsburgh, PA, USA, 20 July 2011; pp. 1–7. [Google Scholar]
- Ahmed, I.T.; Hammad, B.T.; Jamil, N. Image Steganalysis based on Pretrained Convolutional Neural Networks. In Proceedings of the 2022 IEEE 18th International Colloquium on Signal Processing & Applications (CSPA), Selangor, Malaysia, 12 May 2022; pp. 283–286. [Google Scholar]
- Ahmed, I.T.; Der, C.S.; Jamil, N.; Hammad, B.T. Analysis of Probability Density Functions in Existing No-Reference Image Quality Assessment Algorithm for Contrast-Distorted Images. In Proceedings of the 2019 IEEE 10th Control and System Graduate Research Colloquium (ICSGRC), Shah Alam, Malaysia, 2–3 August 2019; pp. 133–137. [Google Scholar]
- Makandar, A.; Patrot, A. Malware class recognition using image processing techniques. In Proceedings of the 2017 International Conference on Data Management, Analytics and Innovation (ICDMAI), Pune, India, 24–26 February 2017; pp. 76–80. [Google Scholar]
- Rezende, E.; Ruppert, G.; Carvalho, T.; Ramos, F.; De Geus, P. Malicious software classification using transfer learning of resnet-50 deep neural network. In Proceedings of the 2017 16th IEEE International Conference on Machine Learning and Applications (ICMLA), IEEE, Cancun, Mexico, 18–21 December 2017; pp. 1011–1014. [Google Scholar]
- Hsien-De Huang, T.; Kao, H.-Y. R2-d2: Color-inspired convolutional neural network (cnn)-based android malware detections. In Proceedings of the 2018 IEEE International Conference on Big Data (Big Data), Shanghai, China, 15–17 January 2018; pp. 2633–2642. [Google Scholar]
- Hashemi, H.; Hamzeh, A. Visual malware detection using local malicious pattern. J. Comput. Virol. Hacking Tech. 2019, 15, 1–14. [Google Scholar] [CrossRef]
- Bhodia, N.; Prajapati, P.; Di Troia, F.; Stamp, M. Transfer learning for image-based malware classification. arXiv 2019, arXiv:1903.11551. [Google Scholar]
- Naeem, H.; Ullah, F.; Naeem, M.R.; Khalid, S.; Vasan, D.; Jabbar, S.; Saeed, S. Malware detection in industrial internet of things based on hybrid image visualization and deep learning model. Ad. Hoc. Netw. 2020, 105, 102154. [Google Scholar] [CrossRef]
- Mohammed, T.M.; Nataraj, L.; Chikkagoudar, S.; Chandrasekaran, S.; Manjunath, B.S. Malware detection using frequency domain-based image visualization and deep learning. arXiv 2021, arXiv:2101.10578. [Google Scholar]
- Sharif, H.U.; Jiwani, N.; Gupta, K.; Mohammed, M.A.; Ansari, M.F. A deep learning based technique for the classification of malware images. J. Theor. Appl. Inf. Technol. 2023, 101, 135–160. [Google Scholar]
Ref | Year | Model as Feature Extractor | Classifier | DB | Limitations |
---|---|---|---|---|---|
Khan et al. [14] | 2018 | GoogLeNet, ResNet18 | CNN | EXE files as image | Significant weight, deep understanding, longer execution times, and significant validation losses |
Rezende et al. [6] | 2018 | VGG16 | SVM | Malimg | High feature vector dimension |
Lo et al. [15] | 2019 | Xception | Ensemble model | Malimg, Microsoft Malware | Significant weight, deep understanding, longer execution times, and significant validation losses |
Singh et al. [16] | 2019 | ResNet-50 | CNN | collected dataset, Malimg | Obfuscation prevents visibility, low for packed or unnoticed, and undetectable evasive malware |
Vasan et al. [17] | 2020 | VGG16, ResNet-50, Inception | CNN | Malimg, IoT-Android Mobile | Requires comprehensive expertise in the field and high dimensions of the feature vectors |
Aslan et al. [12] | 2021 | ResNet and AlexNet | KNN, SVM, RF, NB | Malimg, Microsoft BIG 2015, and MaleVis | Despite achieving a high accuracy percentage, the generated vector has large dimensions (4096) |
Marastoni et al. [18] | 2021 | CNN | LSTM | OBF, Malimg, and MsM2015 | Fixed dimensions and obfuscation methods |
Anandhi et al. [19] | 2021 | DenseNet201, VGG3 | Densely Connected Network | Malimg, BIG 2015 | Significant weight and consistent image size |
Pant et al. [8] | 2021 | Custom CNN, VGG16, Resnet-18, Inception-V3 | CNN | Malimg | Poor pretrained model, inconsistent data, and not enough information |
Kumar et al. [9] | 2022 | VGG16, VGG19, ResNet50, Inception V3 | CNN | Malimg, Microsoft BIG | Significant weight and challenging fine-tuning |
Asam et al. [20] | 2022 | AlexNet, VGG16, ResNet50, Xception, GoogLeNet | SoftMax | IoT Dataset | CNN architecture is complicated and time-consuming |
Shaukat et al. [21] | 2023 | 15 models | 12 Classifiers | Malimg | Despite achieving a high accuracy percentage, the generated vector has large dimensions |
Dawra et al. [22] | 2023 | ResNet50, VGG19, Xception | CNN | Malimg | High feature vector dimension |
Model | ResNet50 | GoogLeNet | AlexNet | DenseNet201 | SqueezeNet |
---|---|---|---|---|---|
Year | 2016 | 2014 | 2012 | 2016 | 2016 |
Image Dimensions | 224 × 224 × 3 | 224 × 224 × 3 | 227 × 227 × 3 | 224 × 224 × 3 | 227 × 227 |
Number of layers | 177 | 22 | 8 | 201 | 18 |
Number of Parameters | 23 million | 4 million | 60 million | 20 million | 1.25 million |
Feature Dimension | 2048 | 5643 | 4096 | 1000 |
Hardware | Properties |
---|---|
PC | HP laptop (Hewlett-Packard Company, Palo Alto, CA, USA) |
Operating system | Microsoft Windows 10 64-bit (OS) (Microsoft, Redmond, DC, USA) |
RAM | 8 GB |
Processor | Intel(R) Core(TM) i7-6500U CPU @ 2.50 GHz 2.60 GHz (Intel, Santa Clara, CA, USA) |
Software | MATLAB version R2020a |
Graphics Card | Intel® HD Graphics 520 (NVIDIA GTX 950M) (NVIDIA, Santa Clara, CA, USA) |
DB | Class ID | Family | Details | |
---|---|---|---|---|
Malware Category | Sample No. | |||
Malimg | #1, #9, #12 | Adialer.C, Dialplatform.B, Instantaccess | Dialer | 122, 177, 431 |
#2, #19 | Agent.FYI, Rbot!gen, | Backdoor | 116, 158 | |
#3, #4, #6, #23, #25 | Allaple.A, Allaple.L, Autorun.K, VB.AT, Yuner.A | Worm | 2949, 1591, 106, 408, 800 | |
#5, #7, #8, #17, #20 | Alueron.gen!J, C2LOP.P, C2LOP.gen!g, Malex.gen!J, Skintrim.N, | Trojan | 198, 200, 146, 80, 136 | |
#11 | Fakerean | rogue | 381 | |
#10, #18, #21, #22, #24 | Dontovo.A, Obfuscator.AD, Swizzor.gen!E, Swizzor.gen!I, Wintrim.BX | Downloader | 162, 142, 128, 132, 97 | |
#13, #14, #15, #16 | Lolyda.AA1, Lolyda.AA2, Lolyda.AA3, Lolyda.AT | PWS | 213, 184, 123, 159 | |
Total | - | 9339 |
Classifier | Feature Extracted Dimension | |||||
---|---|---|---|---|---|---|
FEF_1000F | SEF_50F | SEF_500F | ||||
Accuracy Rate (%) | Error Rate (%) | Accuracy Rate (%) | Error Rate (%) | Accuracy Rate (%) | Error Rate (%) | |
GDA | 95.13 | 4.87 | 96.15 | 3.65 | 94.24 | 5.76 |
KNN | 95.90 | 4.10 | 96.54 | 3.46 | 95.77 | 4.93 |
LOG | 95.52 | 4.48 | 96.16 | 3.84 | 91.04 | 8.96 |
SVM | 94.49 | 5.51 | 96.29 | 3.71 | 95.39 | 4.61 |
RF | 95.65 | 4.35 | 96.03 | 3.97 | 95.01 | 4.99 |
ELM | 71.59 | 28.41 | 95.89 | 4.11 | 95.77 | 4.23 |
Classifier | Feature Extracted Dimension | |||||
---|---|---|---|---|---|---|
FEF_1000F | SEF_50F | SEF_500F | ||||
Accuracy Rate (%) | Error Rate (%) | Accuracy Rate (%) | Error Rate (%) | Accuracy Rate (%) | Error Rate (%) | |
GDA | 95.65 | 4.35 | 96.54 | 3.46 | 95.90 | 4.10 |
KNN | 95.77 | 4.23 | 96.93 | 3.07 | 95.26 | 4.74 |
LOG | 92.69 | 7.31 | 96.29 | 3.71 | 92.06 | 7.94 |
SVM | 95.13 | 4.87 | 96.16 | 3.84 | 95.00 | 5.00 |
RF | 96.29 | 3.71 | 96.67 | 3.72 | 95.20 | 4.80 |
ELM | 70.42 | 29.58 | 93.85 | 6.15 | 94.37 | 5.63 |
Classifier | Feature Extracted Dimension | |||||
---|---|---|---|---|---|---|
FEF_1024F | SEF_50F | SEF_500F | ||||
Accuracy Rate (%) | Error Rate (%) | Accuracy Rate (%) | Error Rate (%) | Accuracy Rate (%) | Error Rate (%) | |
GDA | 96.41 | 3.59 | 97.06 | 2.94 | 96.03 | 3.97 |
KNN | 94.49 | 5.51 | 95.90 | 4.10 | 95.02 | 4.98 |
LOG | 95.01 | 4.99 | 96.15 | 3.85 | 95.65 | 4.35 |
SVM | 95.52 | 4.48 | 96.03 | 3.97 | 95.13 | 4.87 |
RF | 94.11 | 5.89 | 95.77 | 4.23 | 94.49 | 5.51 |
ELM | 66.45 | 33.55 | 95.52 | 4.48 | 95.38 | 4.62 |
Classifier | Feature Extracted Dimension | |||||
---|---|---|---|---|---|---|
FEF_4096F | SEF_50F | SEF_500F | ||||
Accuracy Rate (%) | Error Rate (%) | Accuracy Rate (%) | Error Rate (%) | Accuracy Rate (%) | Error Rate (%) | |
GDA | 87.32 | 12.68 | 96.54 | 3.46 | 94.62 | 5.38 |
KNN | 95.72 | 4.28 | 96.64 | 3.36 | 95.39 | 4.61 |
LOG | 95.64 | 4.36 | 96.16 | 3.84 | 94.11 | 5.89 |
SVM | 93.60 | 6.40 | 91.90 | 8.10 | 89.63 | 10.37 |
RF | 94.75 | 5.25 | 95.65 | 4.35 | 94.25 | 5.75 |
ELM | 61.84 | 38.46 | 90.78 | 9.22 | 89.88 | 10.12 |
Classifier | Feature Extracted Dimension | |||||
---|---|---|---|---|---|---|
FEF_1000F | SEF_50F | SEF_500F | ||||
Accuracy Rate (%) | Error Rate (%) | Accuracy Rate (%) | Error Rate (%) | Accuracy Rate (%) | Error Rate (%) | |
GDA | 94.24 | 5.76 | 96.20 | 3.80 | 93.73 | 6.27 |
KNN | 94.88 | 5.12 | 96.67 | 3.33 | 95.13 | 4.87 |
LOG | 94.75 | 5.25 | 96.54 | 3.46 | 89.76 | 10.24 |
SVM | 95.65 | 4.35 | 96.05 | 3.95 | 94.88 | 5.12 |
RF | 95.03 | 4.97 | 96.16 | 3.84 | 95.77 | 4.23 |
ELM | 93.60 | 6.40 | 95.01 | 4.99 | 94.18 | 5.82 |
Author/Year | Feature Extraction Method | Classifier | Dataset | Accuracy (%) |
---|---|---|---|---|
Makandar and Patrot, 2017 [50] | Gabor wavelet | KNN | Malimg | 89 |
Rezende et al., 2017 [51] | ResNet-50 | SoftMax | Malimg | 98 |
Hsien-De et al., 2018 [52] | LBP | SVM | Malimg | 75 |
Khan et al., 2018 [14] | GoogLeNet | SoftMax | 74 | |
Hashemi et al.,2019 [53] | LBP | KNN | Malimg | 91 |
N. Bhodia et al., 2019 [54] | ResNet-50 | KNN | Malimg | 94 |
Naeem et al., 2020 [55] | VGG16 | DCNN | Malimg | 97 |
Vasan et al., 2020 [17] | VGG16, RESNET50, INCPETIONV3 | CNN | Malimg | 97 |
Mohammed et al., 2021 [56] | DCT | CNN | MaleVis | 96 |
Sharif et al., 2023 [57] | ResNet-50 | CNN | Malimg | 81 |
DenseNet201-KNN (Proposed) | DenseNet201 | KNN | Malimg | 96 |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2024 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Abdulazeez, F.A.; Ahmed, I.T.; Hammad, B.T. Examining the Performance of Various Pretrained Convolutional Neural Network Models in Malware Detection. Appl. Sci. 2024, 14, 2614. https://doi.org/10.3390/app14062614
Abdulazeez FA, Ahmed IT, Hammad BT. Examining the Performance of Various Pretrained Convolutional Neural Network Models in Malware Detection. Applied Sciences. 2024; 14(6):2614. https://doi.org/10.3390/app14062614
Chicago/Turabian StyleAbdulazeez, Falah Amer, Ismail Taha Ahmed, and Baraa Tareq Hammad. 2024. "Examining the Performance of Various Pretrained Convolutional Neural Network Models in Malware Detection" Applied Sciences 14, no. 6: 2614. https://doi.org/10.3390/app14062614
APA StyleAbdulazeez, F. A., Ahmed, I. T., & Hammad, B. T. (2024). Examining the Performance of Various Pretrained Convolutional Neural Network Models in Malware Detection. Applied Sciences, 14(6), 2614. https://doi.org/10.3390/app14062614