TY - GEN
T1 - Image Representation and Deep Inception-Attention for File-type and Malware Classification
AU - Wang, Yi
AU - Wu, Kejun
AU - Liu, Wenyang
AU - Yap, Kim Hui
AU - Chau, Lap Pui
N1 - Funding Information:
This research / project is supported by the National Research Foundation, Singapore, and Cyber Security Agency of Singapore under its National Cybersecurity R&D Programme (NRF2018NCR-NCR009-0001). Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not reflect the views of National Research Foundation, Singapore and Cyber Security Agency of Singapore.
Publisher Copyright:
© 2023 IEEE.
PY - 2023/7
Y1 - 2023/7
N2 - File-type classification aims to recognize the file types of files/fragments without file-system metadata, which is essential for memory forensics and data recovery. In this paper, we introduce an image representation and deep inception-attention manner for file-type classification. Specifically, we consider file-type classification as an image classification problem. Raw data sequences in the memory block are converted to 2D binary images, enriching the representation ability and visualization while retaining the completeness of the bitstream. With binary images as inputs, we propose a deep inception-attention network to extract discriminate horizontal features and re-calibrate the weights of feature maps, and finally, predict file types. Experiments on a large-scale benchmark show the superiority of the proposed model. Moreover, our method can be extended to a similar application, like malware classification, and achieve outstanding performance.
AB - File-type classification aims to recognize the file types of files/fragments without file-system metadata, which is essential for memory forensics and data recovery. In this paper, we introduce an image representation and deep inception-attention manner for file-type classification. Specifically, we consider file-type classification as an image classification problem. Raw data sequences in the memory block are converted to 2D binary images, enriching the representation ability and visualization while retaining the completeness of the bitstream. With binary images as inputs, we propose a deep inception-attention network to extract discriminate horizontal features and re-calibrate the weights of feature maps, and finally, predict file types. Experiments on a large-scale benchmark show the superiority of the proposed model. Moreover, our method can be extended to a similar application, like malware classification, and achieve outstanding performance.
KW - file-type classification
KW - Image representation
KW - malware analysis
KW - memory forensics
KW - self-attention
UR - http://www.scopus.com/inward/record.url?scp=85167689577&partnerID=8YFLogxK
U2 - 10.1109/ISCAS46773.2023.10181598
DO - 10.1109/ISCAS46773.2023.10181598
M3 - Conference article published in proceeding or book
AN - SCOPUS:85167689577
T3 - Proceedings - IEEE International Symposium on Circuits and Systems
SP - 1
EP - 5
BT - ISCAS 2023 - 56th IEEE International Symposium on Circuits and Systems, Proceedings
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 56th IEEE International Symposium on Circuits and Systems, ISCAS 2023
Y2 - 21 May 2023 through 25 May 2023
ER -