Malware Classification Through Attention Residual Network based Visualization

With the exponential growth of malware variants nowadays, malware detection poses to be an active field of research related to computer security. Traditional methods of malware detection and classification such as static program analysis and dynamic execution analysis, usually combined with machine learning, are restricted due to difficulties of reverse-engineering the program executables, real-time execution trace collection, and manual construction of effective feature sets. Malware classification based on representation of the binary executables as images, followed by advanced machine learning techniques such as deep learning, has been explored to overcome these shortcomings. In this work, we propose a malware classification technique based on malware visualization using an Attention Residual Network (a specialized convolutional neural network), with RGB and grayscale image representations of the malware program binaries. Experimental results for two common malware datasets establish the effectiveness of the proposed neural network in malware classification, even when trained with imbalanced datasets.