MALITE: Lightweight Malware Detection and Classification for Constrained Devices

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

IEEE Transactions on Emerging Topics in Computing Pub Date : 2025-03-08 DOI:10.1109/TETC.2025.3566370

Sidharth Anand;Barsha Mitra;Soumyadeep Dey;Abhinav Rao;Rupsha Dhar;Jaideep Vaidya

{"title":"MALITE: Lightweight Malware Detection and Classification for Constrained Devices","authors":"Sidharth Anand;Barsha Mitra;Soumyadeep Dey;Abhinav Rao;Rupsha Dhar;Jaideep Vaidya","doi":"10.1109/TETC.2025.3566370","DOIUrl":null,"url":null,"abstract":"Today, malware is one of the primary cyber threats to organizations, pervading all types of computing devices, including resource constrained devices such as mobile phones, tablets and embedded devices like Internet-of-Things (IoT) devices. In recent years, researchers have leveraged machine learning based strategies for malware detection and classification. However, malware analysis approaches can only be employed in resource constrained environments if the methods are lightweight in nature. In this paper, we present MALITE, a lightweight malware analysis system, that can distinguish between benign and malicious binaries and classify various malware families. MALITE converts a binary into a grayscale or an RGB image requiring low memory and battery power consumption and uses computationally inexpensive malware analysis strategies. We have designed MALITE-MN, a lightweight neural network based architecture and MALITE-HRF, an ultra lightweight random forest based method that uses histogram features extracted by a sliding window. An extensive empirical evaluation is conducted on seven publicly available datasets (Malimg, Microsoft BIG, Dumpware10, MOTIF, Drebin, CICAndMal2017 and MalNet), and performance is compared to four state-of-the-art baselines. The results show that MALITE-MN and MALITE-HRF not only accurately identify and classify malware but also respectively consume several orders of magnitude lower resources (in terms of both memory as well as computation capabilities), making them much more suitable for resource constrained environments.","PeriodicalId":13156,"journal":{"name":"IEEE Transactions on Emerging Topics in Computing","volume":"13 3","pages":"1099-1112"},"PeriodicalIF":5.4000,"publicationDate":"2025-03-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Emerging Topics in Computing","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10994313/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Today, malware is one of the primary cyber threats to organizations, pervading all types of computing devices, including resource constrained devices such as mobile phones, tablets and embedded devices like Internet-of-Things (IoT) devices. In recent years, researchers have leveraged machine learning based strategies for malware detection and classification. However, malware analysis approaches can only be employed in resource constrained environments if the methods are lightweight in nature. In this paper, we present MALITE, a lightweight malware analysis system, that can distinguish between benign and malicious binaries and classify various malware families. MALITE converts a binary into a grayscale or an RGB image requiring low memory and battery power consumption and uses computationally inexpensive malware analysis strategies. We have designed MALITE-MN, a lightweight neural network based architecture and MALITE-HRF, an ultra lightweight random forest based method that uses histogram features extracted by a sliding window. An extensive empirical evaluation is conducted on seven publicly available datasets (Malimg, Microsoft BIG, Dumpware10, MOTIF, Drebin, CICAndMal2017 and MalNet), and performance is compared to four state-of-the-art baselines. The results show that MALITE-MN and MALITE-HRF not only accurately identify and classify malware but also respectively consume several orders of magnitude lower resources (in terms of both memory as well as computation capabilities), making them much more suitable for resource constrained environments.

查看原文本刊更多论文

MALITE：用于受限设备的轻量级恶意软件检测和分类

如今，恶意软件是企业面临的主要网络威胁之一，它渗透到所有类型的计算设备中，包括资源受限的设备，如移动电话、平板电脑和物联网（IoT）设备等嵌入式设备。近年来，研究人员利用基于机器学习的策略进行恶意软件检测和分类。然而，恶意软件分析方法只能在资源受限的环境中使用，如果这些方法本质上是轻量级的。在本文中，我们提出了一个轻量级的恶意软件分析系统MALITE，它可以区分良性和恶意二进制文件，并对各种恶意软件进行分类。MALITE将二进制转换为灰度或RGB图像，需要低内存和电池功耗，并使用计算廉价的恶意软件分析策略。我们设计了基于轻量级神经网络的架构MALITE-MN和基于超轻量级随机森林的方法MALITE-HRF，该方法利用滑动窗口提取直方图特征。对七个公开可用的数据集（Malimg、Microsoft BIG、Dumpware10、MOTIF、Drebin、CICAndMal2017和MalNet）进行了广泛的实证评估，并与四个最先进的基线进行了比较。结果表明，MALITE-MN和MALITE-HRF不仅可以准确地识别和分类恶意软件，而且消耗的资源（在内存和计算能力方面）分别降低了几个数量级，使它们更适合资源受限的环境。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Transactions on Emerging Topics in Computing Computer Science-Computer Science (miscellaneous)

CiteScore

12.10

自引率

5.10%

发文量

113

期刊介绍： IEEE Transactions on Emerging Topics in Computing publishes papers on emerging aspects of computer science, computing technology, and computing applications not currently covered by other IEEE Computer Society Transactions. Some examples of emerging topics in computing include: IT for Green, Synthetic and organic computing structures and systems, Advanced analytics, Social/occupational computing, Location-based/client computer systems, Morphic computer design, Electronic game systems, & Health-care IT.