IMCLNet: A lightweight deep neural network for Image-based Malware Classification

With the increasing number of malware and advanced evasion technology, it is more and more difficult to detect malware accurately and efficiently. To solve this challenge, a feasible method is to convert malware into images, and then classify them by using the model based on a convolutional neural network. However, due to the highly imbalanced datasets, image-based methods generally rely on data enhancement or pre-training parameters, which makes the classification process not lightweight enough. Meanwhile, most of these methods lack a detailed study of the image size during the process of conversion. To achieve an accurate and efficient classification, we propose a lightweight malware classification model, IMCLNet, which is driven by malware images and does not need feature engineering and domain knowledge. When designing the model, we comprehensively weighed accuracy, the calculation cost, and the number of parameters, and integrated Coordinate Attention, Depthwise Separable Convolution, and Global Context Embedding. We evaluated IMCLNet on two large datasets, MalImg and BIG2015, and without data enhancement and pre-training parameters, our proposed method still achieved 99.785% and 98.942% classification accuracy. IMCLNet predicts that a malware image of size 32 × 32 takes only 0.95 ms and 0.84 ms, respectively. In addition, we also compare IMCLNet with the mainstream lightweight models such as MobileNetV3, ShuffleNetV2, and MixNet. The experimental results show that IMCLNet has obvious advantages in training time, accuracy, the number of parameters, model size, and prediction time on GPU.