AVMCT: API Calls Visualization based Malware Classification using Transfer Learning

The exponential growth of the internet and high-speed data transmission has also increased the security threat of data.The antivirus companies are providing security to this data. Cybercriminals are in continuous efforts to break security barriers to steal sensitive information and to have unauthorized access or corrupt the victim’s system. There is a never-ending cycle between antivirus companies and cybercriminals. There are two ways to detect malware by using static analysis and dynamic analysis. Although static analysis provides fast results,zero-day malware can’t be detected as there is a predefined set of signatures in this technique. By using obfuscation techniques malware writers can evade this technique while in dynamic analysis malware detection is based on malware behavior. So, dynamic analysis is capable of detecting new and unseen malware. Machine learning and deep learning techniques are quite effective in the classification of malware on the extracted feature set by using static or dynamic analysis. In a recent study, the malware classification is performed by using transfer learning inConvolution Neural Network (CNN) architectures based on API Call visualization. API Call visualization means converting API Calls in the form of images to detect patterns of different families of malware. After converting API Callimages,the transfer learning is performed on two customized CNN models to enhance feature vectors and made a combined set of feature vectors. The results of thisframework are compared with pre-trained models like VGG-16, ResNet-50 and AlexNet which shows that our suggested approach outperforms pre-trained models.