ISSN 2320 2629

Volume 10, No.3, May - June 2021

International
Sameena S et al., International Journal Journal of Technology
of Information Information Technology
Infrastructure , 10(3), MayInfrastructure
- June 2021, 1-7
Available Online at http://www.warse.org/IJITI/static/pdf/file/ijiti011032021.pdf
https://doi.org/10.30534/ijiti/2021/011032021

Malicious Code Invariance Based On Deep Learning

Sameena S, Akshara Sivan, Sreelakshmi K V, Shilpa Suresh, Seethu George
Department of Computer Science and Engineering, AISAT, Kalamassery, Samheenparwin4444@gmail.com
Department of Computer Science and Engineering, AISAT, Kalamassery, aksharasivan2000@gmail.com
Department of Computer Science and Engineering, AISAT, Kalamassery, sreelakshmikv916@gmail.com
Department of Computer Science and Engineering, AISAT, Kalamassery, shilpasuresh2109@gmail.com
Department of Computer Science and Engineering, AISAT, Kalamassery,seethugeorge@aisat.ac.in

ABSTRACT 2. LITERATURE SURVEY

The malicious code detection is critical task for in the field of Malware Detection based on Feature Analysis[1]: As
security. The malicious code detection can be possibly by described previously in this paper, there are two main parts
using convolutional neural network (CNN). The malicious of feature analysis techniques for malware detection: static
code can be categorized in to different families. The analysis and dynamic analysis. With respect to static
malicious code identification helps to identify the affected analysis, several methods have been put forward by
malware on the system. Malicious code theft data from our analysing the codes. For example, Isohara et al. developed a
system and it yields high security issues in real time. The detection system using kernel behaviour analysis that
neural network architecture classifies the malicious code performed well detecting the malicious behaviours of
based on the collected dataset. The dataset contains different unknown applications. However, static method is easily
families of malicious code. The malicious code detection can deceived by obfuscation techniques. To solve this problem,
be done with the help of model created from CNN Christodorescu et al. proposed a novel malware-detection
architecture. algorithm that used trace semantics to characterize the
behaviour of malware. This model proved effective in
Keywords: Malicious Codes, Security Breaches, combating the obfuscation of instructions (e.g.,
Convolutional Neural Network(CNN), Data Augmentation, rearrangement of instructions, insertion of garbage code,
Feature Extraction, Malware Families. register redistribution). However, the approach was limited to
feature extraction and analysis at the instruction level of the
model. Moreover, the pattern-matching was complex.
1. INTRODUCTION
Dynamic analysis monitors and analyses the runtime
Machine learning is an application of artificial intelligence characteristics of applications (apps) based on assessment of
that provides systems the ability to learn with data and behaviours, such as accessing private data and using
improve from their experience without clear programming. restricted API calls. Given this information, a behaviour
Machine learning focuses on developing computer programs, model is established to detect malicious code. Such
which can access data and learn by themselves. In this techniques improved detection performance, but they were
project we are using deep learning which is branch of still challenged by the variety of countermeasures developed
machine learning. Now a days, Malware detection is crucial to generate unreliable results. In addition, dynamic analysis is
with malware’s prevalence on the internet because it time-consuming because of the large amount of
functions as an early warning system for the computers computational overhead, leading to low efficiency when
secure regarding malware and cyber-attacks. It keeps the exposed to a large dataset.
hackers out of computer and prevents the information from Malicious Code Visualization[2]:Currently, many tools can
getting compromised. The ability to detect variants of
visualize and analyse binary data, e.g., common text editors
malicious code is critical for protection against security
and binary editors. Several studies have proposed utilization
breaches, data theft and some other dangers. Current method of malware visualization. Yoo et al. employed self-
for recognizing the malicious code have demonstrated poor organizing maps to visualize computer viruses. A similar but
detection accuracy and low detection speeds. Our system
another approach was proposed by Trinius et al. who used
uses the deep learning approach to detect the malicious
two visualization techniques tree maps and thread graphs to
family. detect and classify the malware in the system. Apart from a
Our system automates the malware detection. In this single detection result, Goodall et al. aggregated the results
approach we are using 17 families in which the image which of different types of malware analysis tools into a visual
is malicious will be classified in to the corresponding 15 environment, providing an increase in the vulnerability of
malware families, the image which is malware but not known detection coverage of single malware tools. The above
will be classified in to the unknown family and the image studies focused mainly on the visualization of malware
which is not a malicious image will be classified as non- behaviour, but the software source code may imply more
malicious class. CNN is used to classify the 17 classes in to meaningful patterns. As previously mentioned, Nataraj et al.
corresponding families. The automated Feature extraction in put forward a new visualization approach for malware
CNN is responsible for this. detection based on binary texture analysis. First, they

1
Sameena S et al., International Journal of Information Technology Infrastructure , 10(3), May - June 2021, 1-7

converted the malicious executable file into grayscale frequency, way of attack and other are used to compare the
images. Then they identified malware according to the training set and the input image
texture features of these input images. Compared with the
dynamic analysis method, their approach produced
equivalent results. In similar work, Han et al. transformed 3. PROPOSED SYSTEM
malware binary information into color image matrices, and
arranged malware families by using an image processing In our Proposed Model, Deep learning is used to detect
method. malware family. In our Model, we have 17 classes of which
15 are the malware families namely 1. Agent, 2. Adopshel,
Image Processing Techniques for Malware Detection[3]:
Whenever the malware has been visualized as grayscale 3.Allaple, 4.BrowseFox, 5.Dinwod, 6.Elex, 7.Expiro,
images, malware detection can be converted into an image 8.Fasong, 9.Hlux, 10.Injector, 11.Neshta, 12.Vilsel,
13.Regrun, 14.Stantiko, and 15.VBKrypt. The 16’th family
recognition problem. Nataraj et al. used a GIST algorithm for
extracting the features of malware images. However, the consist of the Non-Malicious class and 17’th is the Unknown
GIST algorithm was time-consuming. Now a days, more class.
powerful image processing techniques have been proposed. We worked a CNN network to learn the malware image
Daniel et al. developed a bio-inspired parallel features and classify them automatically. The CNN is a
implementation for identifying the representative geometrical convolutional neural network which consists of different
objects of the homology groups in a binary 2D image. For layers that perform different functions. The CNN is used to
image fusion, Miao et al. presented an image fusion train the different malware families in the dataset. In our
algorithm based on shearlet and genetic algorithm. In their proposed paper, we are using coloured images instead of
model, a genetic algorithm is employed to optimize the grayscale images. The features of the images which we are
weighted factors in the fusion rule. Experimental results inputting will be automatically extracted by the CNN and
demonstrated their method could acquire better fusion quality compare it with the trained dataset and then it will predict the
than other methods. These traditional models, however, were class of the inputted images. This is how our model works.
challenged by the high time cost required for complex image
texture feature extraction. To label this challenge, we The main advantage of our proposed system is the ability to
employed deep learning to identify and classify images generate data whenever there exist a data imbalance. The
efficiently. In the next section, we present our research on data augmentation technique is used to solve the data
malware detection based on deep learning. imbalance. Image Data Augmentation Technology. In deep
Malware Detection based on Deep Learning[4]: Deep learning, to avoid overfitting problem, we usually need to
learning is an area of machine learning research that has enter sufficient data to train the model. If the data sample is
emerged in recent years from the work on artificial neural small, we can use data augmentation to increase the sample,
networks. Neural networks can approximate complex thereby restraining the influence of imbalanced data. The
functions by learning the deep nonlinear network structure to appropriate data augmentation method can avoid overfitting
solve complex problems. Deep learning, which is more problems and improve the robustness of the model.
powerful than back propagation, uses a deep neural network
to simulate the human brain’s learning processes. Deep Generally, transformation of the original image data
learning has the ability to learn the essential characteristics of (changing the location of image pixels and ensuring that the
data sets from a sample set. As a powerful tool of artificial features are still unchanged) is used to generate new data.
intelligence, deep learning has been applied in many fields, There are many kinds of data augmentation techniques for
such as recognition of handwritten numerals, speech images, for example, rotation=reflection, flip, zoom, shift,
recognition, and image recognition. Because of its powerful scale, contrast, noise, and color transformation.
ability to learn features, many scholars have applied deep
learning to malware detection. Using deep learning A mechanism to convert .exe files to colored image is used.
techniques, Yuan et al. created and implemented an online The input will be images from the malware images. There
malware detection prototype system, named Droid-Sec. will be a graphical user interface (GUI) for inputting the
image data. The image will be uploaded through this
Their model attained high accuracy by learning the features interface. The output of the system will be the predicted
extracted from both static analysis and dynamic analysis of malicious family of given image. The system predicts the
Android apps. David et al. presented a similar but more malicious family based on the model file created during
compelling method that did not need the type of malware training.
behaviour. Their work was based on the deep belief network
(DBN) for automatic malware signature generation and The first one is the input layer, which brings the training
classification. Compared with conventional signature images into the neural network. Next are the convolution and
methods for malware detection, their model demonstrated sub-sampling layers. The former layer can enhance signal
increased accuracy for detecting new malware variants. And, characteristics and noise can be reduced. The latter can
these methods remained based on the analysis of features reduce the amount of data processing while retaining various
extracted by static analysis and dynamic analysis. Therefore, useful information. Then there are several fully connected
to a greater or lesser extent, they continuedto the limitations layers that convert a 2-dimensional feature into a 1-
of feature extraction. To address this problem, we employed dimensional feature that conforms to the classifier criteria.
a CNN network to learn the malware image features and Finally, the classifier finds and sorts the malware images into
classify them automatically. Features of the images like different families according to their characteristics.
2
Sameena S et al., International Journal of Information Technology Infrastructure , 10(3), May - June 2021, 1-7

3.1 Convolution Layers They are following:

This layer scan reduce the number of image parameters while The steps that we used in this algorithm is following. The
preserving the main features, termed invariance, including first algorithm which is the custom algorithm it is a set of
translation invariance, rotation invariance, and scale binding dynamics that are generated on an individual
invariance. This process can avoid overfitting problem campaign basis and designed to deliver outcomes that are
effectively, and improve the generalization ability of the aligned to a specific goal. The second one is the CNN which
model. The input is several maps, and the output will be the is a convolutional neural network which consists of different
maps after dimension reduction. Each map will be a layers to carry out feature extraction, classification, image
combination of convolution values of input maps that belong recognition. By using this CNN we achieved more accuracy.
to the upper layer [1], and can be given by the following It consists of Deep neural networks which is a powerful tool
equation: for classification.

xjl = f(∑i€Mj xjl-1 *Kijl + bjl) (1) 4.1The Custom Algorithm Used for Converting exe
……File……
where Mj is the collection of input maps, klij is the
convolution kernel used for the connection between the ith Select the .exe file then perform the following,
input feature map and the jth output feature map, blj is the
bias similar to the jth feature map and f is the activation  In this algorithm, we first convert .exe file to binary
function. The sensitivity is: format.
 The binary array will be converted to blocks.
δlj= δl+1j Wjl+1δ°f1(ul) = βjl+1up(δjl+1)°f1(ul) (2)
 Each block will be converted to pixel value.
 With pixel values create the image with defined
where l+1 layer is the sampling layer, the weight W
height and width.
represents
a convolution kernel, and its value βl+1° up(.) is an up
4.2 CNN Classification Method
sampling operation. The partial derivative of the error cost
function with respect to bias b and convolution kernel k can CNNs are most efficient when it comes to image
be given as: classification. In this, the mathematical function of
convolution which is a special kind of linear operation
wherein two functions are multiplied to produce a third
function which expresses how the shape of one function is
dE/dbj = ∑u,v (δjl)u,v (3)
modified by the other one.
dE/dklij= ∑u,v (δlj )u,v(p l1-i )u,v (4)

3.2 Sub-sampling Layers

This layer is also called the pooling layer. Generally, its and
it We are using a custom Algorithm and the Convolutional
Neural Network to train our proposed model that is the
Malware Classification Model.reduce the dimension of the
feature map, improves the model’s accuracy, and avoids
overfitting. In CNN, for each output of the sampling layer,
the feature map is given as follows:
xji= f(down(xjl-1 ) + bji) (5)
Figure4.1: The stages in CNN
where down(:) represents a sub-sampling function, and b is
bias. The sensitivity is calculated as shown:  First, we pass an input image to the convolutional
layer. The output is obtained as an activation map.
δlj= δjl+1 Wjl+1° f1(ul). (6) The filters applied in the convolution layer will
extract the required features from the input image to
4. ALGORITHM pass it.
 Each filter shall give a different feature to grant the
There are two major algorithms. correct class prediction. In any case that we need to
retain the size of the input image, we use same
 One is the custom algorithm, and padding (zero padding), otherwise valid padding is
used since it helps to reduce the number of features
 Another one is the Convolutional Neural Network to it.
 Pooling layers can reduce the number of parameters

3
Sameena S et al., International Journal of Information Technology Infrastructure , 10(3), May - June 2021, 1-7

 Several convolution and pooling layers are provided 5.1.6 Elex.

before the prediction is made. Convolutional layer
help in extracting features. When we go deeper into Elexis the detection name for a family of adware variants that
the network more specific features are extracted as go to any lengths to infiltrate and stay on user systems.
compared to a shallow network where the features Because of these methods, this trojan users are so aggressive,
are more generic. some of their components are classified as Trojans.
 The output layer in a CNN is a fully connected, 5.1.7 Expiro
where the input from the other layers is flattened
and sent so as the transform the output into the Expiro is a class of malware that is a class of virus. This type
number of classes as intended by the network. viruses are Windows executable file infecting virus. It is also
 The generated output through the output layer and is capable of stealing credit card information gathered from the
compared to the output layer for error generation. A affected machines.
loss function is defined in the fully connected output
layer to get the mean square loss. The gradient of 5.1.8 Fasong
error is then calculated. This Trojan arrives on a system as a file dropped by other
 Then the error is back propagated to update the filter malwares or a file downloaded unknowingly by users when
and bias values. visiting malicious sites. Same as Dinwod.

5. DATASET 5.1.9 Hlux

The dataset refers to a file that contains one or more record. Hlux describes software with malicious behavior that aims to
Record is the basic unit of information that is used by a gather information about a person or organization and send
program running on z/OS. Any named group of record is such information to another entity in a way that harms the
called a data set. Our dataset consists of 17 classes. Each users.
class contains 350 images. Therefore, we have 5950 images 5.1.10 Injector
in total. The first 15 classes are the malicious families, the
16’th class is the non-malicious class and 17’th class contains Injector trojans insert malicious code into processes running
the unknown images. on a computer in order to perform various actions such as
downloading additional malwares, interfering with web
5.117 Classes browsing activities or monitoring the user's actions.
The following shows the 17 classes in our dataset that we 5.1.11 Neshta
used to train our model.
Neshta is an older file infector that is still general in the wild.
5.1.1 Agent It was initially percieve in 2003 and has been previously
Agent is also called as Trojan. Trojan:W32/Agent is a very associated with BlackPOS malwares. It prepends malicious
large family of programs, most of which download and code to infected files. This threat is commonly introduced
install adware or malware to victim's machine. Agent into an environment through unintented downloading or by
variants may also change the configuration settings for other malwares.
Windows Explorer and/or for the Windows interface. 5.1.12 Vilsel
5.1.2 Adopshel Vilsel is detection name for a family of Trojans that change
Adopshel is classified as a type of Riskware. Riskware is any the system’s proxy settings, bypass the Windows firewall,
potentially unwanted application that is not classified as and downloads and executes other malwares.
malware, but may utilize system resources in an frightful or 5.1.13 Regrun
annoying manner, and/or may pose a security risk.
Regrun is a devious Trojan horse that may be installed onto a
5.1.3 Allaple PC through a malicious link or even a web browser attack.
Allaple is a multi-threaded, polymorphic network worm After installed, Trojan. Regrun may open up the infected
capable of spreading to other computers connected to a local system to a remote hacker. The remote hacker could then
area network (LAN). obtain personal data and files from the infected PC. To
completely eliminate the threat that has comes with the
5.1.4 BrowseFox installation of Trojan. Regrun, a computer user should use a
reputable anti-spyware program.
BrowseFox is Malwarebytes’ detection name for a large
family of adware that uses different methods of browser 5.1.14 Stantiko
hijacking and monetizing to get their message across.
Stantiko can be used to execute certain operations such as
5.1.5 Dinwod searches, filling out forms, signing up for email lists that
you’re unaware of, and even allowing other backdoor
This Trojan arrives on a system as a file dropped by other activities. The backdoor has a loader to execute any
malwares or a file downloaded unknowingly by users when practicable, and allowing the threat operators to execute any
visiting malicious sites.

4
Sameena S et al., International Journal of Information Technology Infrastructure , 10(3), May - June 2021, 1-7

code on the thousands of machines that belong to this botnet. models: Gray scale-based model, GIST+KNN, GIST+SVM,
It contains two malicious Windows services that can reinstall GLCM + KNN, and GLCM+SVM.
The Graph and the confusion matrix for our approach is
5.1.15 VBKrypt shown below in figure 6.1 and 6.2. It shows the accuracy
This malware family is written in the Visual Basic obtained with different malware families that is the seventeen
programming language, which is its main distinguishing classes. The graph shows the different losses and accuracies
traits from other malware families. This is a different class of for training and validation sets.
malware
5.1.16 NonMalicious
This class consists of the images which does not belong to
the malicious classes. Which means the non-malicious
images will be classified in to this class.
5.1.17 Unknown
The images which are malicious but doesn’t belong to any of
the above 15 malware families will be classified in to this
class.
6. EVALUATION

To validate the effectiveness and efficiency of the proposed

approach, we designed our experiments. To verify the
validity
of our proposed data equalization method, including the
image data augmentation technique (IDA). It showed a high
accuracy The confusion matrix for our model is shown below Figure 6.1: Graph for the proposed approach showing
along with the graph. loss/accuracy

Table1: Accuracy of malicious code invariance

Methods Accuracy Precision Recall Runnin

gTime
GIST+KNN 91.9 92.1 91.7 60ms

GIST+SVM 92.2 92.5 91.4 64ms

GLCM+KN 92.5 92.7 92.3 45ms

N
GLCM+SV 93.2 93.4 93.0 48ms
M
Grayscale 94.5 94.6 94.5 20ms
based
Our 96.8 96.8 96.6 30ms
approach

Figure6.2: Confusion Matrix for our approach

The performance of our approach achieved a good result with
respect to accuracy, even if the data set was not processed.
The accuracy of our model with respect to the Gray scale 7. EXPERIMENTATION AND RESULT
based method is high. Our approach showed 96.8% accuracy.
But the Gray scale-based approach only showed 94.5% Malicious code invariance based on deep learning uses 17
accuracy. classes.15 classes are malicious families, 1 is non -malicious
The graph given below shows accuracy in the Y-axis and class and the last one is the unknown class. Each class
epochs in the X-axis. The table1 given below shows the consists of more than 300 images. Our model is able to
results of our approach compared with the outcomes of the 5 classify the given image.

5
Sameena S et al., International Journal of Information Technology Infrastructure , 10(3), May - June 2021, 1-7

And there is a provision to convert the .Exe files in to the 8. CONCLUSION

corresponding coloured image and after converting it, we can
predict the class of the image. The output of different classes The malicious code invariance based on deep learning
is showing below. proposed a novel method to improve the detection of
malware variants through the application of deep learning
One shows the output of malicious class, one shows the along with convolutional neural networks. First, the input
output of non-malicious class and the other is the output of images were identified and classified by a convolutional
unknown class. In addition our model provided an effective neural network that could extract the features of the malware
solution for data imbalance problem among different images automatically. Because of the effectiveness and
malware families. Our experimental results on 5,950 images efficiency of the CNN for identifying malware images, the
of 17 classes showed that the proposed approach achieved detection speed of our model was significantly faster than
96.8% accuracy with good detection speed. The new system speeds achieved by other approaches because of the
has overcome most of the difficulties and limitations of the effectiveness and efficiency of the convolutional neural
existing system and works according to the design network and the deep learning algorithm.
specification given. The developed systems dispense the
problem and meet the needs by providing reliable and There are other algorithms like back propagation algorithm it
comprehensive information. All the requirements of the user works on perceptron, but our approach that is deep learning
have been met by the system. which consist of a deep neural network so it has higher
efficiency than any other methods. Deep learning-based
method gained better accuracy than other algorithms.

REFERENCES
[1] H. Gao, Y. Du, and M. Diao. Quantum-inspired
glowworm swarm optimization and its
application. International Journal of computing Science
and Mathematics. International Journal of Computing
Science and Mathematics,8(1):91-100, 2017.
[2] D. D’ iaz-pernil, A. Berciano, F. pena-Cantillana, and M.
A.Gutierrez Naranjo. Bio-inspired parallel computing
of representative geometrical objects of holes of
Figure 7.1: Output of malicious class
binary 2d-images.International Journal of Bio Inspired
Computation, 9(2):77-92,2017.
[3] G. -G. Wang, X. Cai, Z. Cui, G. Min, and J. Chen. High
performance computing for cyber physical social
systems by using evolutionary multi-objective
optimization algorithm.IEEE Transactions on
Emerging Topics in Computing, 2017.
[4] Y. Ye, T. Li, D. Adjeroh, and S. S. lyengar. A survey on
malware detection using data mining techniques.
ACM Computing Surveys (CSUR), 50(3):41, 2017.
[5] J. Bouvrite. Notes on convolutional neural
networks.2006.
[6] X. Cai, X.-z. Gao, and Y. Xue. Improved bat
Figure7.3: Output of Non-Malicious class.
algorithm with optimal forage strategy and random
disturbance strategy. International Journal of Bio-
Inspired Computation, 8(4):205–214, 2016.
[7] X. Cai, H. Wang, Z. Cui, J. Cai, Y. Xue, and L. Wang.
Bat algorithm with triangle-flipping strategy for
numerical optimization. International Journal of
Machine Learning and Cybernetics, 9(2):199–215,
2018.
[8] M. Christodorescu, S. Jha, S. A. Seshia, D. Song, and R.
E. Bryant. Semantics-aware malware detection. In
2005 IEEE Symposium on Security and Privacy, pages
32–46. IEEE, 2005.
[9] Z. Cui, Y. Cao, X. Cai, J. Cai, and J. Chen. Optimal
Figure7.2: Output of unknown class
leach protocol with modified bat algorithm for big
data sensing systems in internet of things.Journal of
Parallel and Distributed Computing, 2018.
(doi:10.1016/j.jpdc.2017.12.014). Z. Cui, B. Sun, G.
Wang, Y. Xue, and J. Chen. A novel oriented cuckoo
search algorithm to improve dv-hop performance for
6
Sameena S et al., International Journal of Information Technology Infrastructure , 10(3), May - June 2021, 1-7

cyber–physical systems. Journal of Parallel and

Distributed Computing, 103:42–52, 2017.
[10] O. E. David and N. S. Netanyahu. Deepsign: Deep
learning for automatic malware signature generation
and classification. In Neural Networks (IJCNN), 2015
International Joint Conference on, pages 1–8. IEEE,
2015.
[11] J. R. Goodall, H. Radwan, and L. Halseth. Visual
analysis of code security. In Proceedings of the seventh
international symposium on visualization for cyber
security, pages 46–51. ACM, 2010.
[12] K. Han, J. H. Lim, and E. G. Im. Malware analysis
method using visualization of binary files. In
Proceedings of the 2013 Research in Adaptive and
Convergent Systems, pages 317–321. ACM, 2013.
[13] H. Gao, Y. Du, and M. Diao. Quantum-inspired
glowworm swarm optimization and its
application. International Journal of computing Science
and Mathematics. International Journal of Computing
Science and Mathematics,8(1):91-100, 2017.
[14] D. D’ iaz-pernil, A. Berciano, F. pena-Cantillana, and M.
A.Gutierrez Naranjo. Bio-inspired parallel computing
of representative geometrical objects of holes of
binary 2d-images.International Journal of Bio Inspired
Computation, 9(2):77-92,2017.
[15] G. -G. Wang, X. Cai, Z. Cui, G. Min, and J. Chen. High
performance computing for cyber physical social
systems by using evolutionary multi-objective
optimization algorithm.IEEE Transactions on
Emerging Topics in Computing, 2017.
[16] Q. Miao, R. Liu, Y. Quan, and J. Song. Remote sensing
image fusion based on shearlet and genetic
algorithm.International Journal of Bio-Inspired
Computation, 9(4):240–250, 2017.
[17] A. Moser, C. Kruegel, and E. Kirda. Limits of static
analysis for malware detection. In Computer security
applications conference, 2007. ACSAC 2007. Twenty-
third annual, pages 421–430. IEEE, 2007.
[18] L. Nataraj, S. Karthikeyan, G. Jacob, and B. Manjunath.
Malware images: visualization and automatic
classification. In Proceedings of the 8th international
symposium on visualization for cyber security, page 4.
ACM, 2011.
[19] L. Nataraj, V. Yegneswaran, P. Porras, and J. Zhang. A
comparative assessment of malware classification
using binary texture analysis and dynamic analysis.In
Proceedings of the 4th ACM Workshop on Security and
Artificial Intelligence, pages 21–30. ACM, 2011.
[20] P. Trinius, T. Holz, J. G¨obel, and F. C. Freiling. Visual
analysis of malware behavior using treemaps and
thread graphs. In Visualization for Cyber Security,
2009. VizSec 2009. 6th International Workshop on,
pages 33–38. IEEE, 2009.
[21] J. Schmidhuber. Deep learning in neural networks:
An overview. Neural networks, 61:85–117, 2015.
[22] A. Khoshkbarforoushha, R. Ranjan, R. Gaire, E.
Abbasnejad, L. Wang, and A. Y. Zomaya. Distribution
based workload modelling of continuous queries in
clouds. IEEE Transactions on Emerging Topics in
Computing, 5(1):120–133, 2017.