Malware Classification
41 papers with code • 2 benchmarks • 5 datasets
Malware Classification is the process of assigning a malware sample to a specific malware family. Malware within a family shares similar properties that can be used to create signatures for detection and classification. Signatures can be categorized as static or dynamic based on how they are extracted. A static signature can be based on a byte-code sequence, binary assembly instruction, or an imported Dynamic Link Library (DLL). Dynamic signatures can be based on file system activities, terminal commands, network communications, or function and system call sequences.
Source: Behavioral Malware Classification using Convolutional Recurrent Neural Networks
Benchmarks
These leaderboards are used to track progress in Malware Classification
EMBER
Malimg
IoT-23
Subtasks
Latest papers
Malware Classification Using Static Disassembly and Machine Learning
Unlike dynamic behavior analysis, static analysis is resource-efficient and offers complete code coverage, but is vulnerable to code obfuscation and encryption.
A Comprehensive Study on Learning-Based PE Malware Family Classification Methods
PE malware family classification has gained great attention and a large number of approaches have been proposed.
An Empirical Analysis of Image-Based Learning Techniques for Malware Classification
In this paper, we consider malware classification using deep learning techniques and image-based features.
Deep Learning for Android Malware Defenses: a Systematic Literature Review
yueyueL/DL-based-Android-Malware-Defenses-review
•
•
In this paper, we conducted a systematic literature review to search and analyze how deep learning approaches have been applied in the context of malware defenses in the Android environment.
Adversarial Robustness with Non-uniform Perturbations
amazon-research/adversarial-robustness-with-nonuniform-perturbations
•
•
NeurIPS 2021
Robustness of machine learning models is critical for security related applications, where real-world adversaries are uniquely focused on evading neural network based detectors.
Orthrus: A Bimodal Learning Architecture for Malware Classification
danielgibert/mlw_classification_orthrus
•
•
Malware detection and classification is a challenging problem and an active area of research.
DAEMON: Dataset-Agnostic Explainable Malware Classification Using Multi-Stage Feature Mining
Moreover, malware classification facilitates determining which of the newly discovered variants should undergo manual analysis by a security expert, in order to determine whether they belong to a new family (e. g., one whose members exploit a zero-day vulnerability) or are simply the result of a concept drift within a known malicious family.
Less is More: A privacy-respecting Android malware classifier using Federated Learning
In this paper we present LiM ("Less is More"), a malware classification framework that leverages Federated Learning to detect and classify malicious apps in a privacy-respecting manner.
HYDRA: A multimodal deep learning framework for malware classification
danielgibert/mlw_classification_hydra
•
•
While traditional machine learning methods for malware detection largely depend on hand-designed features, which are based on experts’ knowledge of the domain, end-to-end learning approaches take the raw executable as input, and try to learn a set of descriptive features from it.
Why an Android App is Classified as Malware? Towards Malware Classification Interpretation
In this paper, to fill this gap, we propose a novel and interpretable ML-based approach (named XMal) to classify malware with high accuracy and explain the classification result meanwhile.
