MCTVD: A malware classification method based on three-channel visualization and deep learning

With the rapid increase in the number of malware, the detection and classification of malware have become more challenging. In recent years, many malware classification methods based on malware visualization and deep learning have been proposed. However, the malware images generated by these methods do not retain the semantic and statistical properties with a small and uniform size. This article gives definitions of extracted content and filling mode to characterize the critical factors for the malware visualization task and proposes a new malware visualization method based on assembly instructions and Markov transfer matrices to characterize malware. Thus, a malware classification method based on three-channel visualization and deep learning (MCTVD) is proposed. In MCTVD, its malware image has a small and uniform size, and its convolutional neural network has few convolutional and pooling layers. Experimental results show that MCTVD can achieve an accuracy of 99.44% on Microsoft's public malware dataset under 10-fold cross-validation and thus could be a highly competitive candidate for malware classification.