From malware samples to fractal images: A new paradigm for classification

Standard

From malware samples to fractal images: A new paradigm for classification. / Zelinka, I.; Szczypka, M.; Plucar, J.; Kuznetsov, N.

In: Mathematics and Computers in Simulation, Vol. 218, 01.04.2024, p. 174-203.

Research output: Contribution to journal › Article › peer-review

Author

Zelinka, I. ; Szczypka, M. ; Plucar, J. ; Kuznetsov, N. / From malware samples to fractal images: A new paradigm for classification. In: Mathematics and Computers in Simulation. 2024 ; Vol. 218. pp. 174-203.

BibTeX

@article{bb387b03e5a4451297528fb859d1f4d0,

title = "From malware samples to fractal images: A new paradigm for classification",

abstract = "To date, a large number of research papers have been written on malware classification, identification, classification into different families, and the distinction between malware and goodware. These works have been based on captured malware samples and have attempted to analyse malware and goodware using various techniques like the analysis of malware using malware visualization. These works usually convert malware samples capturing the malware structure into image structures which are then subject to image processing. In this paper, we propose an unconventional and novel approach to malware visualization based on its dynamical analysis, subsequent complex network conversion and fractal geometry, e.g. Julia sets visualization. Very interesting images being subsequently used to classify as malware and goodware. The classification is done by deep learning network. The results of the presented experiments of fractal conversion and subsequent classification are based on a database of 6,589,997 goodware, 827,853 potentially unwanted applications and 4,174,203 malware samples provided by ESET. This paper aims to show a new direction in visualizing malware using fractal geometry and possibilities in analysis and classification. {\textcopyright} 2023 The Authors",

keywords = "Deep image processing, Fractal geometry, Goodware, Malware classification method, Malware detection model, Malware dynamical analysis, Classification (of information), Complex networks, Deep learning, Fractals, Image analysis, Image classification, Visualization, Classification methods, Detection models, Dynamical analysis, Images processing, Malware classifications, Malware detection, Malware dynamical analyse, Malwares, Malware",

author = "I. Zelinka and M. Szczypka and J. Plucar and N. Kuznetsov",

note = "Export Date: 21 March 2024 CODEN: MCSID Адрес для корреспонденции: Zelinka, I.; Department of Computer Science, Tr. 17. Listopadu 15, Czech Republic; эл. почта: ivan.zelinka@vsb.cz Сведения о финансировании: European Commission, EC, CZ.10.03.01/00/22-003/0000048, SP2023/050 Сведения о финансировании: Vysok{\'a} {\v S}kola B{\'a}nsk{\'a} - Technick{\'a} Univerzita Ostrava Текст о финансировании 1: The following grants are acknowledged for the financial support provided for this research: grant of SGS No. SP2023/050, VSB-Technical University of Ostrava, Czech Republic. Текст о финансировании 2: This article has been produced with the financial support of the European Union under the REFRESH — Research Excellence For REgion Sustainability and High-tech Industries project number CZ.10.03.01/00/22-003/0000048 via the Operational Programme Just Transition.",

year = "2024",

month = apr,

day = "1",

doi = "10.1016/j.matcom.2023.11.032",

language = "Английский",

volume = "218",

pages = "174--203",

journal = "Mathematics and Computers in Simulation",

issn = "0378-4754",

publisher = "Elsevier",

}

RIS

TY - JOUR

T1 - From malware samples to fractal images: A new paradigm for classification

AU - Zelinka, I.

AU - Szczypka, M.

AU - Plucar, J.

AU - Kuznetsov, N.

N1 - Export Date: 21 March 2024 CODEN: MCSID Адрес для корреспонденции: Zelinka, I.; Department of Computer Science, Tr. 17. Listopadu 15, Czech Republic; эл. почта: ivan.zelinka@vsb.cz Сведения о финансировании: European Commission, EC, CZ.10.03.01/00/22-003/0000048, SP2023/050 Сведения о финансировании: Vysoká Škola Bánská - Technická Univerzita Ostrava Текст о финансировании 1: The following grants are acknowledged for the financial support provided for this research: grant of SGS No. SP2023/050, VSB-Technical University of Ostrava, Czech Republic. Текст о финансировании 2: This article has been produced with the financial support of the European Union under the REFRESH — Research Excellence For REgion Sustainability and High-tech Industries project number CZ.10.03.01/00/22-003/0000048 via the Operational Programme Just Transition.

PY - 2024/4/1

Y1 - 2024/4/1

N2 - To date, a large number of research papers have been written on malware classification, identification, classification into different families, and the distinction between malware and goodware. These works have been based on captured malware samples and have attempted to analyse malware and goodware using various techniques like the analysis of malware using malware visualization. These works usually convert malware samples capturing the malware structure into image structures which are then subject to image processing. In this paper, we propose an unconventional and novel approach to malware visualization based on its dynamical analysis, subsequent complex network conversion and fractal geometry, e.g. Julia sets visualization. Very interesting images being subsequently used to classify as malware and goodware. The classification is done by deep learning network. The results of the presented experiments of fractal conversion and subsequent classification are based on a database of 6,589,997 goodware, 827,853 potentially unwanted applications and 4,174,203 malware samples provided by ESET. This paper aims to show a new direction in visualizing malware using fractal geometry and possibilities in analysis and classification. © 2023 The Authors

AB - To date, a large number of research papers have been written on malware classification, identification, classification into different families, and the distinction between malware and goodware. These works have been based on captured malware samples and have attempted to analyse malware and goodware using various techniques like the analysis of malware using malware visualization. These works usually convert malware samples capturing the malware structure into image structures which are then subject to image processing. In this paper, we propose an unconventional and novel approach to malware visualization based on its dynamical analysis, subsequent complex network conversion and fractal geometry, e.g. Julia sets visualization. Very interesting images being subsequently used to classify as malware and goodware. The classification is done by deep learning network. The results of the presented experiments of fractal conversion and subsequent classification are based on a database of 6,589,997 goodware, 827,853 potentially unwanted applications and 4,174,203 malware samples provided by ESET. This paper aims to show a new direction in visualizing malware using fractal geometry and possibilities in analysis and classification. © 2023 The Authors

KW - Deep image processing

KW - Fractal geometry

KW - Goodware

KW - Malware classification method

KW - Malware detection model

KW - Malware dynamical analysis

KW - Classification (of information)

KW - Complex networks

KW - Deep learning

KW - Fractals

KW - Image analysis

KW - Image classification

KW - Visualization

KW - Classification methods

KW - Detection models

KW - Dynamical analysis

KW - Images processing

KW - Malware classifications

KW - Malware detection

KW - Malware dynamical analyse

KW - Malwares

KW - Malware

UR - https://www.mendeley.com/catalogue/5e567271-656d-3ae2-abcc-fc2514de47a3/

U2 - 10.1016/j.matcom.2023.11.032

DO - 10.1016/j.matcom.2023.11.032

M3 - статья

VL - 218

SP - 174

EP - 203

JO - Mathematics and Computers in Simulation

JF - Mathematics and Computers in Simulation

SN - 0378-4754

ER -

ID: 117803816