Title of dissertation

Malware image analysis using machine-learning technique

Project summary
Malware analysis using machine learning technique is an important topic that is been discussed,
because of increasing in large volume of threats and issues facing towards technical implications. The
term malware is a malicious software that is been designed to harm any computer network or services
of a system or network. Many of the cybercriminal use this malware for data extraction from main
source for financial benefits. Some of the types of malware are worms, Trojan horses, viruses,
ransomware; rogue software’s and spywares etc. malware analysis is the process of identification of
malware programs based on the data collected over it. In this research report, we are going to discuss
about the malware analysis operations and its process using machine-learning technique. By using
machine, learning algorithms the collected data will be analyse and formalize under principles that
describes the data as legitimate one.

Research area
Malware programs are designed effectively to destroy the computer functions and harm the data inside
the computer or any other IT devices. Increase in number of internet users forces attackers to develop
such malware programs for capturing their personal data over internet resource. In such critical
environment, detecting the harmful malwares involves complex process and the existing methods are
not still effective and need many improvements. One of the author describes effective technique and
methodology for malware image analysis, feature fusion method with the combination of Inception-v3
deep neural networks features and pre-trained AlexNet[ CITATION Nis20 \l 16393 ]. Based on SFTA
(segmentation-based fractal texture analysis) this process of attaining features will be done. For the
extraction of features in this analysis, distinctive pre-trained models will be used. For the improvement
of malware, image analysis accuracy a special technique called CNN (Convolution Neural Network)
will be used. Because when the models are subjected for analysis, they all will be in different
characteristics and in different qualities, so that this CNN will be helpful for equalizing and balancing
the analysis. If the malicious code is been identified means then it will be subjected to analysis, using
features fusion method to separate malware code into multimodal representation of codes. This process
involves separation of grayscale images and helps to separate the code into 25 different malware
classes. After extraction of features from the malware image, there will be different classifiers to make
analysis. The different classifiers are support vector machine (SVM), decision tree (DT) and K-nearest
neighbour (KNN). After completion of classification of malware images and codes to get an effective
output from the analysis, data augmentation process over affine image transformation will be done. The
above-proposed method will be highly effective than other approaches that process and analysis the
image data sets than other competing methods.

Another author for high effectiveness of time consumption and for high protection, proposed another
method of malware detection through an automatic process. Classification of malware programs and
analysing of malicious codes through an automatic process instead of searching for different methods
for malware file analysis. Deep learning and machine learning techniques are used for recent
developments and the contribution of neural networks in machine learning technique will be exposed
for high level of analysis. For solving image analysis issues, recently deep learning techniques and
conventional neural networks CNN are used. In common, there will be six deep learning models will be
used and from those main three models are used for image analysis and to extract very effective results.
For high level of accuracy, and to make easy way of result comparison and extraction this CNN based
deep learning models will be used. By using the Malimg dataset the malware images will be converted
into binary values, so that performance and process can be done to identify the malicious codes and for
malware classification. Malimg dataset converts images into executable factors for evaluation and
performance. To get high processing speed and high percentage of accuracy in the processing of the
malware detection this type of machine learning and deep learning techniques are used. From the
existing methods to the conventional type of methods, these are the main differences developed
recently, so that in internet-based researches many possibilities and innovations made against this type
of problems and issues. In addition, there are high level of models that is been used and discovered by
many authors; they are in practice for high level of applications. Than other methods deep learning and
machine learning methods provides high level of accuracy and quick results in malware analysis and
code analysis. With all other competing methods CNN and CNN based methods intercepting vast
number of discoveries in image analysis for other malicious part analysis. Image processing and visual
analysis are the main part of malware code functions, thus many improvements and achievements will
be futures for development of more secured applications free from malwares[ CITATION Nis20 \l
16393 ].
Expected output

Fig.1 Malware image analysis and its process[ CITATION SL21 \l 16393 ].

Through the above image the process of malware detection and steps by using machine learning is been
presented. As mentioned in the literature papers the analysis process and techniques carried for this
malware image processing and analysis. Methodologies will be supportive for expecting better
outcomes in malware detection process. Results should have roper structure and accuracy, by those
techniques, methodologies will be validated, and they can be proposed as a solution for malware
detections. Many of the software tools and simulation frameworks involves in malware detection.
Software tools that will have automatic simulation functions for identification of malware supported by
CNN will be Pestudio, Autoruns, and Wireshark. These are the main image analysis tools and will be
highly accurate with error and code detection. With operations of the tools new type if experience will
be obtained in malware detection and in image analysis process. In using, various protocols and
simulation frameworks identification of codes and its malicious characteristics will be done through
these software tools and techniques[ CITATION SL21 \l 16393 ]. These tools, converts the form of
malware into binary numbers and will easily identifies the suspicious artifacts present in form of image
or in form of codes. Image process and image analysis will be highly required in this research, because
by using machine learning malware image analysis will be the topic and it highlights image analysis.
Among these tools Wireshark will be the best software simulation tool for image identification and for
better suspicious code analysis. Direct results and outcomes can be obtained in this process.
 Fig.2 Simulation framework for malware detection over internet[ CITATION Cou19 \l 16393 ].

The system functions over the internet will be detected and thus all the techniques and process carried
for identification of malware has shown through the above image. In detection of images and
separation of impacted models is the process by using sandbox environment. thus all the applications
and simulations tests will be effective.

Required resources
For malware analysis, basics of malware and its functions should have to be analysed. Thus, tools and
techniques should be available for malware detection also need to know about operating malware
detection tools and techniques and its processes. Main resource required is malware detection and
prevention technique guides and techniques available to reduce the risks. Using malware analysis
toolkit and its functions to upgrade automatic malware detection process. All things and important
frameworks will be highly suitable to export image analysis through machine learning and deep
learning process. Technically operating with deep learning techniques key word search and phrase
identification will play main role. How to suspect malware and what are all its impacts should be know
the malware analyser so that accurate processing and analysis will be made. Other technical and
resources will be software tool availability and computer facilities. With the specialized software tools
like Wireshark and Autoruns the malware detection can be performed [ CITATION Mor18 \l 16393 ].
Those software tools must be required and its supportive operating system configurations and setting
should be made. Reverse engineering technique and Crimeware experiments should be performed, so
all the resources for performing the above mentioned functions are needed.

Fig.3 Malware image analysis requirements and processes[ CITATION Hua20 \l 16393 ].

Skills and knowledge requirement

For malware analysis skills and knowledge must be required in various areas like security engineer,
programmer of security applications, forensics expert and intelligence in cybersecurity. These are the
practical skills and knowledge required for all type of malware detections. And also need to be
experienced in handling software tools and methodologies available for malware separation and
detection. Without software tool, handling malware analysis will not be possible and computer skills
over operating with internet resources considered here in this process. Education, certification,
designation, experience and learning things must be the basic requirements for malware analyst. About
all security features of the system and configuration of functions over the system to setup performing
malware functions are highly required. Honed with programming skills and handling multiple security
tools will be the major function in process of malware detection, so that operating skills and
communications skills are highly required to become malware analyst. Experience is another
qualification for malware analyst, because through experience critical situations can be handled,
because not all type of malwares will be in common structure identification and suspect determination
requirements should be in peak[ CITATION Mea14 \l 16393 ].

Gantt chart
References

[1] Nisa, “Hybrid malware classification method using segmentation-based fractal texture analysis and
deep convolution neural network features,” Applied Sciences, vol. 10, no. 14, p. 4966, 2020.
[2] S.L, “Windows malware detector using Convolutional neural network based on visualization
images,” IEEE Transactions on Emerging Topics in Computing, vol. 9, no. 2, pp. 1057-1069,
2021.
[3] Coull, “Activation analysis of a byte-based deep neural network for malware classification,” IEEE
Security and Privacy Workshops (SPW), pp. 1-75, 2019.
[4] Morales-Ramirez, “Requirements analysis skills: How to train practitioners?,” IEEE 8th
International Workshop on Requirements Engineering Education and Training (REET), vol. 1, no.
1, p. 125, 2018.
[5] Hua, “Classifying packed malware represented as control flow graphs using deep graph
Convolutional neural network,” International Conference on Computer Engineering and
Application (ICCEA), pp. 1-50, 2020.
[6] Mead, “Using malware analysis to improve security requirements on future systems,” IEEE 1st
International Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE),
vol. 2, no. 1, pp. 1-18, 2014.
[7] Kim, “Classifying malware using convolutional gated neural network,” 20th International
Conference on Advanced Communication Technology (ICACT), vol. 1, no. 1, pp. 1-25, 2018.