ACMFNN: Design of an augmented convolutional model for intelligent cross-domain malware localization via forensic neural networks

Abstract Classification of malwares from spatial & temporal data patterns requires efficient design of deep learning models. These models deploy methods for feature extraction, feature selection, classification & post-processing to perform this task. A wide variety of high-efficiency malware analysis models are proposed by researchers, and most of them are application-specific, thus cannot be scaled to multiple domains. Out of these, only a few of these models are targeted towards identification of malware locations. In order to improve malware detection scalability, and localization performance, this text proposes a novel augmented convolutional model (ACM) for intelligent cross-domain malware analysis via forensic neural networks (FNNs). The FNNs are designed as an integration of multiple augmented convolutional models, which include different optimizers & feature extraction units. In this design, each of these units are customized to improve their feature extraction & selection capabilities, which assists in improving classification performance. Results of classification are given to an ACM layer, which performs feature augmentation to localize malware positions in input data. The proposed model was evaluated on multiple malware datasets, including Electro RAT, Pegasus, SkyGoFree, Viking Horde, Bat Skull, Yesmile, Wirenet, Jigsaw, Satana, Tapaoux, etc. It was observed that the proposed model was able to classify these malwares with an average accuracy of 98.5%, which makes it useful for real-time malware analysis. The model was also able to achieve an average localization accuracy of 79.6% across these datasets, thereby assisting forensic experts to obtain an approximate estimate of malware locations in input data streams. This performance was compared with some of the recently proposed malware detection models, and it was observed that the proposed ACMFNN method has 8% better precision, 6.5% better recall, and 9.4% better classification accuracy when compared with these methods on the same dataset. Due to augmented convolutional model, it was observed that the proposed approach had 15% better localization accuracy, 19% better localization precision, and 14% better localization recall when compared with these methods. Thereby indicating that the propose model is applicable for a wide variety of malware detection & localization application deployments.