Automated malware recognition method based on local neighborhood binary pattern

• Published in: Multimedia tools and applications Vol. 79; no. 37-38; pp. 27815 - 27832
• Main Authors: Tuncer, Turker, Ertam, Fatih, Dogan, Sengul
• Format: Journal Article
• Language: English
• Published: New York Springer US 01.10.2020; Springer Nature B.V
• Subjects: Computer Communication Networks; Computer Science; Data Structures and Information Theory; Discriminant analysis; Feature extraction; Image processing; Machine learning; Malware; Multimedia Information Systems; Neighborhoods; Pattern recognition; Principal components analysis; Special Purpose and Application-Based Systems; Grayscale image processing; LNBP; Cyber security; Malware recognition; Machine learning
• ISSN: 1380-7501; 1573-7721
• DOI: 10.1007/s11042-020-09376-6

Malware recognition has been widely used in the literature. One of the malware recognition methods is the byte code based methods. These methods generally use image processing and machine learning methods together to recognize malware. In this article, a novel byte code based malware recognition method is presented, and it consists of feature extraction using the proposed local neighborhood binary pattern (LNBP), feature concatenation, feature selection with neighborhood component analysis (NCA), feature reduction using principal component analysis (PCA) and classification using linear discriminant analysis. A heterogeneous and mostly used byte-based malware dataset (Maligm) was chosen to evaluate the performance of the proposed LNBP based recognition method. The best accuracy rate was equal to 89.40%. The proposed LNBP based method was also compared to the state-of-art deep learning methods, and it achieved a higher success rate than them. These results clearly demonstrate prove the success of the proposed LNBP based method.