Malware Classification Method Based on Word Vector of Bytes and Multilayer Perception

ICC 2020 - 2020 IEEE International Conference on Communications (ICC) Pub Date : 2020-06-01 DOI:10.1109/ICC40277.2020.9149143

Yanchen Qiao, Bin Zhang, Weizhe Zhang

{"title":"Malware Classification Method Based on Word Vector of Bytes and Multilayer Perception","authors":"Yanchen Qiao, Bin Zhang, Weizhe Zhang","doi":"10.1109/ICC40277.2020.9149143","DOIUrl":null,"url":null,"abstract":"The traditional machine learning-based malware classification methods are mainly based on feature engineering. In order to improve accuracy, many features will be extracted from malware files in these methods. That brings a high complexity to the classification. To solve this issue, this paper proposes a malware classification method based on the word vector of bytes in the malware sample and Multilayer Perception (MLP). A malware sample consists of large number of bytes with values ranging from $0{x}00$ to 0xFF. Therefore, every malware sample could be considered as a document written by bytes. And this document could be divided into sentences based on padding or meaningless bytes. In this paper, first, we use Word2Vec to calculate a 256 dimensions word vector for each byte. Second, we combine them into a matrix in ascending order. Third, we use MLP to train the model on the training samples. Finally, we use the trained model to classify the testing samples. The experimental results show that the method has a high accuracy of 98.89%.","PeriodicalId":106560,"journal":{"name":"ICC 2020 - 2020 IEEE International Conference on Communications (ICC)","volume":"104 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ICC 2020 - 2020 IEEE International Conference on Communications (ICC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICC40277.2020.9149143","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 6

Abstract

The traditional machine learning-based malware classification methods are mainly based on feature engineering. In order to improve accuracy, many features will be extracted from malware files in these methods. That brings a high complexity to the classification. To solve this issue, this paper proposes a malware classification method based on the word vector of bytes in the malware sample and Multilayer Perception (MLP). A malware sample consists of large number of bytes with values ranging from $0{x}00$ to 0xFF. Therefore, every malware sample could be considered as a document written by bytes. And this document could be divided into sentences based on padding or meaningless bytes. In this paper, first, we use Word2Vec to calculate a 256 dimensions word vector for each byte. Second, we combine them into a matrix in ascending order. Third, we use MLP to train the model on the training samples. Finally, we use the trained model to classify the testing samples. The experimental results show that the method has a high accuracy of 98.89%.

查看原文本刊更多论文

基于字向量和多层感知的恶意软件分类方法

传统的基于机器学习的恶意软件分类方法主要基于特征工程。为了提高准确率，这些方法将从恶意软件文件中提取许多特征。这给分类带来了很高的复杂性。为了解决这一问题，本文提出了一种基于恶意软件样本中字节词向量和多层感知(MLP)的恶意软件分类方法。恶意软件样本由大量字节组成，其值范围从$0{x}00$到0xFF。因此，每个恶意软件样本都可以看作是一个以字节为单位编写的文档。这个文档可以根据填充或无意义的字节划分成句子。在本文中，我们首先使用Word2Vec计算每个字节的256维词向量。其次，我们将它们按升序组合成一个矩阵。第三，在训练样本上使用MLP对模型进行训练。最后，利用训练好的模型对测试样本进行分类。实验结果表明，该方法准确率高达98.89%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

ICC 2020 - 2020 IEEE International Conference on Communications (ICC)

自引率

0.00%

发文量