Improving Malware Detection Accuracy by Extracting Icon Information
This work addresses malware detection for cybersecurity applications, but it is incremental as it builds on existing methods by adding icon-based features.
The paper tackled the problem of detecting PE malware files by proposing to extract and cluster icon information as additional features, resulting in an average accuracy increase of 10% in malware prediction models.
Detecting PE malware files is now commonly approached using statistical and machine learning models. While these models commonly use features extracted from the structure of PE files, we propose that icons from these files can also help better predict malware. We propose an innovative machine learning approach to extract information from icons. Our proposed approach consists of two steps: 1) extracting icon features using summary statics, histogram of gradients (HOG), and a convolutional autoencoder, 2) clustering icons based on the extracted icon features. Using publicly available data and by using machine learning experiments, we show our proposed icon clusters significantly boost the efficacy of malware prediction models. In particular, our experiments show an average accuracy increase of 10% when icon clusters are used in the prediction model.