Visualizable Malware Detection based on Multi-dimension Dynamic Behaviors

For different motives and reasons, malicious software, or malware, has been frequently used to damage and destroy information systems in many various environments. Especially, with the widespread application of the Internet and the reemergence of artificial intelligence, security and privacy are significantly stressed by individuals and businesses, and the influence of malware is being more and more serious in recent years. Unfortunately, the previous traditional malware detection schemes are infeasible in the AI era, as they cannot effectively recognize and identify the unknown or new types of malware, which could be easily and quickly brought out by automatic combination and improvement. Although many AI-based malware detection schemes also have been proposed at the same time, they are suffering from heavy training and low accuracy problems. Therefore, in this paper, we propose a visual malware detection model and concrete scheme based on multi-dimensional dynamic behaviors including all API and network operation information. To train our model, we collected a malware behavior dataset containing over 700 malware-image pairs, where the images are grayscale and converted from the malware execution behaviors recorded in the Cuckoo sandbox. Compared with the existing visual detection schemes, we introduce and employ the malware's dynamic behaviors information to produce the visual images, and we avoid the manual feature extraction in constructing the training dataset. Moreover, our experimental result shows that our scheme can outperform the existing schemes in detection accuracy and efficiency as well as the ability of new malware recognition.