Detecting the Presence of Malware and Identifying the Type of Cyber Attack Using Deep Learning and VGG-16 Techniques

malware is malicious software (harmful program files) that targets and damage computers, devices, networks, and servers. Many types of malware exist, including worms, viruses, trojan horses, etc. With the increase in technology and devices every day, malware is significantly propagating more and mor...

Full description

Saved in:
Bibliographic Details
Published in:Electronics (Basel) 2022-11, Vol.11 (22), p.3665
Main Authors: Alzahrani, Abdullah I. A., Ayadi, Manel, Asiri, Mashael M., Al-Rasheed, Amal, Ksibi, Amel
Format: Article
Language:English
Subjects:
Accuracy
Algorithms
Artificial intelligence
Classification
Computer viruses
Computer worms
Cybersecurity
Cyberterrorism
Data security
Datasets
Deep learning
Denial of service attacks
Disks
Flash memory (computers)
Machine learning
Malware
Methods
Model accuracy
Neural networks
Prevention
Software
Spyware
Support vector machines
Websites
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:malware is malicious software (harmful program files) that targets and damage computers, devices, networks, and servers. Many types of malware exist, including worms, viruses, trojan horses, etc. With the increase in technology and devices every day, malware is significantly propagating more and more on a daily basis. The rapid growth in the number of devices and computers and the rise in technology is directly proportional to the number of malicious attacks—most of these attacks target organizations, customers, companies, etc. The main goal of these attacks is to steal critical data and passwords, blackmail, etc. The propagation of this malware may be performed through emails, infected files, connected peripherals such as flash drives and external disks, and malicious websites. Many types of research in artificial intelligence and machine learning fields have recently been released for malware detection. In this research work, we will focus on detecting malware using deep learning. We worked on a dataset that consisted of 8970 malware and 1000 non-malware (benign) executable files. The malware files were divided into five types in the dataset: Locker, Mediyes, Winwebsec, Zeroaccess, and Zbot. Those executable files were pre-processed and converted from raw data into images of size 224 * 224 * 3. This paper proposes a multi-stage architecture consisting of two modified VGG-19 models. The first model objective is to identify whether the input file is malicious or not, while the second model objective is to identify the type of malware if the file is detected as malware by the first model. The two models were trained on 80% of the data and tested on the remaining 20%. The first stage of the VGG-19 model achieved 99% accuracy on the testing set. The second stage using the VGG-19 model was responsible for detecting the type of malware (five different types in our dataset) and achieved an accuracy of 98.2% on the testing set.
ISSN:2079-9292
2079-9292
DOI:10.3390/electronics11223665