Malware Detection using Convolutional Neural Networks

A project focused on detecting malware using CNNs for enhanced security

Malware Detection using Convolutional Neural Networks

The Malware Detection using Convolutional Neural Networks project aims to address the limitations of traditional antivirus systems, which rely on signature-based identifiers that struggle with newly emerging malware. This project leverages CNNs and deep learning techniques to detect malware efficiently, enabling real-time identification of threats.

Technologies Used:

Backend

  • Language: Python
  • Frameworks: TensorFlow, Keras, Flask

Frontend

  • Framework: Flask, Bootstrap 5

Dataset

  • Name: Malimg dataset from Kaggle
    • The dataset consists of 9,339 malware images belonging to 25 different families. Each sample contains the hexadecimal representation of a binary file, which is converted into a PNG image for input to the CNN model.

Architecture Diagram

Architecture Diagram

System Methodology

System Architecture

The system consists of several modules working together to detect malware:

  1. Data Acquisition: Collect samples from Kaggle.
  2. Data Pre-processing: Convert binary files into image representations.
  3. Feature Engineering: Extract relevant features for training.
  4. Model Training: Train the CNN model using processed data.
  5. Prediction: Classify new samples as malware or benign.
  6. Web Interface: Provide user interaction via a Flask-based interface.

Data Pre-processing

Malware samples are processed to convert binary files into images:

  • Example byte sequence: E4 C0 56 A3 D2 78 56 A3 FF

  • Each value in the sequence is converted to grayscale values (0-255), forming an image. This results in images of size 128x128 for each malware sample.

Feature Engineering

Feature engineering involves creating new variables from raw data to improve the model’s performance. High-quality features significantly enhance the accuracy of machine learning models.

Model Training

Training involves running the input data through the model to correlate the output with the sample output. The CNN architecture consists of:

  • Convolutional Layers: 30 filters (3x3) and 15 filters (3x3)
  • Pooling Layers: Max pooling (2x2)
  • Dropout Layers: Drop 25% of neurons to prevent overfitting
  • Dense Layers: 128 neurons with ReLU, 50 neurons with Softmax, output layer with num_class neurons (Softmax)

Creating the CNN

The CNN architecture is designed based on the best parameters:

  • Input shape: [64x64x3] (RGB image)
  • Two hidden layers, multiple convolution and pooling layers
  • Flatten layer for transforming the output into a single vector
  • Fully connected layers for classification

Prediction

The trained model predicts whether an executable file is malware or benign, providing fast and accurate results.

Web Interface using Flask

The Flask-based web interface allows users to upload an executable file for real-time malware detection:

  • Flask handles web server requests and integrates with the trained model
  • The web interface enables user interaction and result visualization

Illustrations

Malware Detection Interface
Malware Classification Result

Future Enhancements

  1. Real-Time Detection
    • Improve the framework to perform real-time detection.
  2. Integration with Antivirus Software
    • Enhance existing antivirus solutions with the model’s capabilities.
  3. Additional Features
    • Add behavior analysis and network traffic monitoring.
  4. User Interface Improvements
    • Enhance the web interface for a better user experience.

Note: The source code for this project is confidential and not publicly available as it is part of academic research. For more information, feel free to reach out.