IEEE Access (Jan 2022)

Self-Supervised Vision Transformers for Malware Detection

  • Sachith Seneviratne,
  • Ridwan Shariffdeen,
  • Sanka Rasnayaka,
  • Nuran Kasthuriarachchi

DOI
https://doi.org/10.1109/ACCESS.2022.3206445
Journal volume & issue
Vol. 10
pp. 103121 – 103135

Abstract

Read online

Malware detection plays a crucial role in cyber-security with the increase in malware growth and advancements in cyber-attacks. Previously unseen malware which is not determined by security vendors are often used in these attacks and it is becoming inevitable to find a solution that can self-learn from unlabeled sample data. This paper presents SHERLOCK, a self-supervision based deep learning model to detect malware based on the Vision Transformer (ViT) architecture. SHERLOCK is a novel malware detection method which learns unique features to differentiate malware from benign programs with the use of image-based binary representation. Experimental results using 1.2 million Android applications across a hierarchy of 47 types and 696 families, shows that self-supervised learning can achieve an accuracy of 97% for the binary classification of malware which is higher than existing state-of-the-art techniques. Our proposed model is also able to outperform state-of-the-art techniques for multi-class malware classification of types and family with macro-F1 score of.497 and.491 respectively.

Keywords