Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Malware Classification using a Hybrid Hidden Markov Model-Convolutional Neural Network

Ritik Mehta, Olha Jureckova, Mark Stamp

TL;DR

This paper tackles malware family classification in the face of evolving variants by proposing a NLP-inspired hybrid architecture that couples Hidden Markov Models (HMMs) with Convolutional Neural Networks (CNNs). It first trains seven family-specific HMMs on opcode sequences to generate hidden-state features, which are then assembled into 224×224 images and classified by a CNN. On the Malicia dataset, the proposed HMM-CNN approach outperforms several baselines, including HMM-RF and SVM-based methods, demonstrating the value of HMM-derived sequential features for static malware analysis. The work highlights the potential of combining sequential modeling with deep feature learning to improve malware classification, and discusses avenues for future work such as extending to obfuscated malware and optimizing training efficiency.

Abstract

The proliferation of malware variants poses a significant challenges to traditional malware detection approaches, such as signature-based methods, necessitating the development of advanced machine learning techniques. In this research, we present a novel approach based on a hybrid architecture combining features extracted using a Hidden Markov Model (HMM), with a Convolutional Neural Network (CNN) then used for malware classification. Inspired by the strong results in previous work using an HMM-Random Forest model, we propose integrating HMMs, which serve to capture sequential patterns in opcode sequences, with CNNs, which are adept at extracting hierarchical features. We demonstrate the effectiveness of our approach on the popular Malicia dataset, and we obtain superior performance, as compared to other machine learning methods -- our results surpass the aforementioned HMM-Random Forest model. Our findings underscore the potential of hybrid HMM-CNN architectures in bolstering malware classification capabilities, offering several promising avenues for further research in the field of cybersecurity.

Malware Classification using a Hybrid Hidden Markov Model-Convolutional Neural Network

TL;DR

This paper tackles malware family classification in the face of evolving variants by proposing a NLP-inspired hybrid architecture that couples Hidden Markov Models (HMMs) with Convolutional Neural Networks (CNNs). It first trains seven family-specific HMMs on opcode sequences to generate hidden-state features, which are then assembled into 224×224 images and classified by a CNN. On the Malicia dataset, the proposed HMM-CNN approach outperforms several baselines, including HMM-RF and SVM-based methods, demonstrating the value of HMM-derived sequential features for static malware analysis. The work highlights the potential of combining sequential modeling with deep feature learning to improve malware classification, and discusses avenues for future work such as extending to obfuscated malware and optimizing training efficiency.

Abstract

The proliferation of malware variants poses a significant challenges to traditional malware detection approaches, such as signature-based methods, necessitating the development of advanced machine learning techniques. In this research, we present a novel approach based on a hybrid architecture combining features extracted using a Hidden Markov Model (HMM), with a Convolutional Neural Network (CNN) then used for malware classification. Inspired by the strong results in previous work using an HMM-Random Forest model, we propose integrating HMMs, which serve to capture sequential patterns in opcode sequences, with CNNs, which are adept at extracting hierarchical features. We demonstrate the effectiveness of our approach on the popular Malicia dataset, and we obtain superior performance, as compared to other machine learning methods -- our results surpass the aforementioned HMM-Random Forest model. Our findings underscore the potential of hybrid HMM-CNN architectures in bolstering malware classification capabilities, offering several promising avenues for further research in the field of cybersecurity.

Paper Structure

This paper contains 17 sections, 2 equations, 5 figures, 4 tables.

Table of Contents

  1. Introduction
  2. Background
  3. Hidden Markov Model
  4. Convolutional Neural Network (CNN)
  5. Literature Review
  6. Malware Classification using HMM
  7. Malware Classification using SVM
  8. Malware Classification using Random Forest
  9. Malware Classification using RNN and LSTM
  10. Malware Classification using CNN
  11. Methodology
  12. Dataset and Preprocessing
  13. Experimental Design
  14. Training Methodology
  15. Experiments and Results
  16. ...and 2 more sections

Figures (5)

  • Figure 1: Hidden Markov Model introStamp
  • Figure 2: Convolution using filter
  • Figure 3: Overview of CNN architecture
  • Figure 4: Malware samples per family
  • Figure 5: