MalFam: a comprehensive study on malware families with state-of-the-art CNN architectures with classifications and XAI

Abstract

Just as the digital transformation of everything in this ‘Information Age’ has acted substantially to mitigate conventional crimes to a degree, the rate of cyber crime has parallelly elevated alarmingly. As malware has been the primary envoy in such criminal incidents, its metamorphosis is highly prevalent. This paper presents a systematic grouping of malware samples into distinct families extracted from two prominent datasets, MalImg and MaleVis through extensive research. Subsequently, six state-of-the-art advanced CNN architectures have been utilized including Inception ResNet V2, DenseNet, VGG16, ResNet50, EfficientNetB0 and XceptionNet. Then a comprehensive analysis of malware classification was conducted as the research aimed to discern the performance variances among these models concerning the classification of diverse malware families. Moreover, eXplainable Artificial Intelligence (XAI) techniques, particularly Local Interpretable Model-agnostic Explanations (LIME) has been introduced, to deduce the rationale behind the classification decisions made by each model. This involved analyzing and visualizing the salient features within the malware files that led to their identification as malicious entities. Lastly, the findings of this study not only provide a comparative evaluation of various deep learning architectures for malware classification but also offer insightful explanations through XAI methodologies, shedding light on the interpretability of model decisions in the realm of cybersecurity. The results furnish valuable insights for enhancing the understanding of malware behaviour and model interpretability, thereby contributing to the advancement of robust and explainable malware detection systems.