From: Machine learning based fileless malware traffic classification using image visualization
Authors | Algorithm | Visualization method/mapping | Use case | Accuracy% | Real world data | Computation cost | Remark |
---|---|---|---|---|---|---|---|
Nataraj et al. (2011) | KNN | Grayscale/2D | Malware detection | 97.18 | No | High | Manual feature extraction with high computational cost |
Dai et al. (2018) | MLP | Grayscale/2D | Malware detection | 95.2 | Yes | High | Extracted malware memory dump files at runtime, and hardware features may escape from the detected feature as malware |
Ni et al. (2018) | CNN | Grayscale/2D | Malware detection | 99.26 | No | High | Features are extracted by disassembly of malware |
Zhang et al. (2016) | CNN | Grayscale/2D | Malware detection | 96.7 | Yes | Medium | Only 2-tuple of opcode sequences are used to represent malware binaries |
Abdullayeva (2019) | Deep learning | Color/2D | Malware detection | 79.21 | No | Low | Divided high resolution images into grids |
Gibert et al. (2019) | CNN | Grayscale/2D | Malware classification | 97.4 | Yes | High | Big image size (256X256) |
Vasan et al. (2020) | Deep learning | Color/2D | Malware classification | 98.82 | No | High | Due to complex and utilized deep pre-trained models |
Kumar et al. (2016) | Random forest | Grayscale/2D | Android malware classification | 91 | No | High | Any feature selection method not used |
Ran et al. (2018) | CNN | Grayscale/3D | Traffic classification | 86.02 | No | Low | Used only spatial features |
Saleh and Ji (2020) | CNN | Grayscale/2D | Internet network classification | 98.9 | Yes | High | Very high dimensional image processing |
This work | CNN | Grayscale/2D | Cobalt Strike beacon detection | 99.48 | Yes | Low | Raw traffic flow to image |