Abstract Both researchers and malware authors have demonstrated that malware scanners are unfortunately limited and are easily evaded by simple obfuscation techniques. This paper proposes a novel ensemble convolutional neural networks (CNNs) based architecture for effective detection of both packed and unpacked malware. We have named this method Image-based Malware Classification using Ensemble of CNNs (IMCEC). Our main assumption is that based on their deeper architectures different CNNs provide different semantic representations of the image; therefore, a set of CNN architectures makes it possible to extract features with higher qualities than traditional methods. Experimental results show that IMCEC is particularly suitable for malware detection. It can achieve a high detection accuracy with low false alarm rates using malware raw-input. Result demonstrates more than 99% accuracy for unpacked malware and over 98% accuracy for packed malware. IMCEC is flexible, practical and efficient as it takes only 1.18 s on average to identify a new malware sample.

中文翻译：

---

使用 CNN 架构集合 (IMCEC) 的基于图像的恶意软件分类

摘要 研究人员和恶意软件作者都已经证明恶意软件扫描程序是有限的，并且很容易被简单的混淆技术所规避。本文提出了一种新的基于集成卷积神经网络 (CNN) 的架构，用于有效检测打包和未打包的恶意软件。我们将此方法命名为使用 CNN 集成 (IMCEC) 的基于图像的恶意软件分类。我们的主要假设是，基于其更深层次的架构，不同的 CNN 提供了不同的图像语义表示；因此，一组 CNN 架构使得提取比传统方法质量更高的特征成为可能。实验结果表明，IMCEC 特别适用于恶意软件检测。它可以使用恶意软件原始输入实现高检测精度和低误报率。结果表明，解包恶意软件的准确率超过 99%，打包恶意软件的准确率超过 98%。IMCEC 灵活、实用且高效，因为识别新的恶意软件样本平均只需 1.18 秒。