Malware Classification
41 papers with code • 2 benchmarks • 5 datasets
Malware Classification is the process of assigning a malware sample to a specific malware family. Malware within a family shares similar properties that can be used to create signatures for detection and classification. Signatures can be categorized as static or dynamic based on how they are extracted. A static signature can be based on a byte-code sequence, binary assembly instruction, or an imported Dynamic Link Library (DLL). Dynamic signatures can be based on file system activities, terminal commands, network communications, or function and system call sequences.
Source: Behavioral Malware Classification using Convolutional Recurrent Neural Networks
Benchmarks
These leaderboards are used to track progress in Malware Classification
Subtasks
Latest papers
High-resolution Image-based Malware Classification using Multiple Instance Learning
This paper proposes a novel method of classifying malware into families using high-resolution greyscale images and multiple instance learning to overcome adversarial binary enlargement.
Nebula: Self-Attention for Dynamic Malware Analysis
Dynamic analysis enables detecting Windows malware by executing programs in a controlled environment, and storing their actions in log reports.
Decoding the Secrets of Machine Learning in Malware Classification: A Deep Dive into Datasets, Feature Extraction, and Model Performance
As a consequence, our community still lacks an understanding of malware classification results: whether they are tied to the nature and distribution of the collected dataset, to what extent the number of families and samples in the training dataset influence performance, and how well static and dynamic features complement each other.
Recasting Self-Attention with Holographic Reduced Representations
In recent years, self-attention has become the dominant paradigm for sequence modeling in a variety of domains.
Sequential Embedding-based Attentive (SEA) classifier for malware classification
The tremendous growth in smart devices has uplifted several security threats.
A Dynamic Weighted Federated Learning for Android Malware Classification
In traditional FL, Federated Averaging (FedAvg) is utilized to construct the global model at each round by merging all of the local models obtained from all of the customers that participated in the FL.
Self-Supervised Vision Transformers for Malware Detection
Malware detection plays a crucial role in cyber-security with the increase in malware growth and advancements in cyber-attacks.
On the Limitations of Continual Learning for Malware Classification
To our surprise, continual learning methods significantly underperformed naive Joint replay of the training data in nearly all settings -- in some cases reducing accuracy by more than 70 percentage points.
On deceiving malware classification with section injection
Our results show that a mere increase of 7% in the malware size causes an accuracy drop between 25% and 40% for malware family classification.
An Ensemble of Pre-trained Transformer Models For Imbalanced Multiclass Malware Classification
Furthermore, the proposed bagging-based random transformer forest (RTF), an ensemble of BERT or CANINE, has reached the state-of-the-art evaluation scores on three out of four datasets, particularly state-of-the-art F1-score of 0. 6149 on one of the commonly used benchmark dataset.