Junkun Yuan,Shaofang Zhou,Lanfen Lin,Feng Wang,Jia Cui

DOI: https://doi.org/10.3233/faia200388

2020-01-01

Abstract:For efficient malware detection, there are more and more deep learning methods based on raw software binaries. Recent studies show that deep learning models can easily be fooled to make a wrong decision by introducing subtle perturbations to inputs, which attracts a large influx of work in adversarial attacks. However, most of the existing attack methods are based on manual features (e.g., API calls) or in the white-box setting, making the attacks impractical in current real-world scenarios. In this work, we propose a novel attack framework called GAPGAN, which generates adversarial payloads (padding bytes) with generative adversarial networks (GANs). To the best of our knowledge, it is the first work that performs endto-end black-box attacks at the byte-level against deep learning based malware binaries detection. In our attack framework, we map input discrete malware binaries to continuous space, then feed it to the generator of GAPGAN to generate adversarial payloads. We append payloads to the original binaries to craft an adversarial sample while preserving its functionality. We propose to use a dynamic threshold for reducing the loss of the effectiveness of the payloads when mapping it from continuous format back to the original discrete format. For balancing the attention of the generator to the payloads and the adversarial samples, we use an automatic weight tuning strategy. We train GAPGAN with both malicious and benign software. Once the training is finished, the generator can generate an adversarial sample with only the input malware in less than twenty milliseconds. We apply GAPGAN to attack the state-of-the-art detector MalConv and achieve 100% attack success rate with only appending payloads of 2.5% of the total length of the data for detection. We also attack deep learning models with different structures under different defense methods. The experiments show that GAPGAN outperforms other state-of-the-art attack models in efficiency and effectiveness.

Jong-Wouk Kim,Yang-Sae Moon,Mi-Jung Choi

DOI: https://doi.org/10.48550/arXiv.2208.08071

2022-08-17

Abstract:Malware developers use combinations of techniques such as compression, encryption, and obfuscation to bypass anti-virus software. Malware with anti-analysis technologies can bypass AI-based anti-virus software and malware analysis tools. Therefore, classifying pack files is one of the big challenges. Problems arise if the malware classifiers learn packers' features, not those of malware. Training the models with unintended erroneous data turn into poisoning attacks, adversarial attacks, and evasion attacks. Therefore, researchers should consider packing to build appropriate malware classifier models. In this paper, we propose a multi-step framework for classifying and identifying packed samples which consists of pseudo-optimal feature selection, machine learning-based classifiers, and packer identification steps. In the first step, we use the CART algorithm and the permutation importance to preselect important 20 features. In the second step, each model learns 20 preselected features for classifying the packed files with the highest performance. As a result, the XGBoost, which learned the features preselected by XGBoost with the permutation importance, showed the highest performance of any other experiment scenarios with an accuracy of 99.67%, an F1-Score of 99.46%, and an area under the curve (AUC) of 99.98%. In the third step, we propose a new approach that can identify packers only for samples classified as Well-Known Packed.

Cryptography and Security,Artificial Intelligence

Mohammed Abuhamad,Eric Chan-Tin,Eldor Abdukhamidov,Qirui Sun,Tamer Abuhmed

DOI: https://doi.org/10.1145/3494108.3522768

2022-05-30

Abstract:Malware is one of the serious computer security threats. To protect computers from infection, accurate detection of malware is essential. At the same time, malware detection faces two main practical challenges: the speed of malware development and their distribution continues to increase with complex methods to evade detection (such as a metamorphic or polymorphic malware). This research utilizes various characterizing features extracted from each malware using static and dynamic analysis to build seven machine learning models to detect and analyze packed windows malware. We use a large-scale dataset of over 107,000 samples covering unpacked and packed malware using ten different packers. We examined the performance of seven machine learning techniques using 50 dynamic and static features. Our results show that packed malware can circumvent detection when a single analysis is performed while applying both static and dynamic methods can help improve the detection accuracy around 2% to 3%.

Computer Science

Weizhong Qiang,Lin Yang,Hai Jin

DOI: https://doi.org/10.1016/j.cose.2022.102871

2022-08-10

Abstract:Nowadays, the rapid growth of the number and variety of malware brings great security challenges. Machine learning has become a mainstream tool for effective malware detection, which can mainly be classified into static and dynamic analysis methods. The purpose of malware detection is to have a good and stable detection performance for different software forms. However, many static analysis methods are easily affected by packing and other code obfuscation techniques, and dynamic analysis methods are commonly believed more robust, while the impact of packing on them has received little attention. In addition, adversarial sample attacks against dynamic analysis methods have also been conducted. This indicates the need to investigate more accurate and robust malware classification methods. In this paper, we propose a new robust dynamic analysis method for malware detection by using specific fine-grained behavioral features, i.e., control flow traces. Further, a malware classifier is constructed by converting control flow traces into byte sequences and applying a combination of convolutional neural networks and long short term memory . The proposed classifier can effectively detect malware with an accuracy of up to 95.7%, as well as detect unseen malware with an accuracy of 94.6% (indicating a good performance in handling the evolution of malware). Meanwhile, it is first found experimentally that packing has specific interference with existing behavior-based malware classifiers, resulting in even worse performance than static classifiers in some cases. However, the proposed classifier performs well in terms of robustness, showing stable performance under the interference of an uneven packing distribution in the dataset, with a 26.3% higher true positive rate for unpacked samples compared to the API call-based classifier. In addition, the classifier is also more robust against adversarial samples, with a detection rate of at least 83%.

computer science, information systems

Yuxin Ding,Zihan Zhou,Wen Qian

DOI: https://doi.org/10.1007/978-3-030-92708-0_13

2021-01-01

Abstract:Currently the number and types of malware increase rapidly, and traditional malware family classification technologies become more and more difficult to deal with them. With the rise of deep learning technology, various malware family classification methods based on deep learning technologies have been proposed, and these methods have achieved excellent results. One problem of most deep learning based models is that they need the input data should have a fixed data relationship. However, no prior knowledge shows that there existed such fixed data relationships. Another problem is that in present the characteristics of malware are often be expressed as binary sequences, API call sequences, Opcode sequences etc. These features are low-level features, and are not easy to be understood. To solve these issues, we propose a method based on the point cloud model to detect malware families. In the point cloud model each malware behavior is mapped to a point in the high-dimensional space. The point cloud model can learn the relationships among these behaviors. The method avoids predetermining the relationships among data, which is more reasonable for malware detection. In addition, we use the behavior report to describe malware behavior features, which can be easily understand by people. We apply this method to classify malware families. The experimental results show that the average precision and recall for family classification reach 96.67%, 96.58%, surpassing traditional deep learning models such as LSTM, CNN, and LSTM with attention mechanism.

Swapnil Singh,Deepa Krishnan,Vidhi Vazirani,Vinayakumar Ravi,Suliman A. Alsuhibany

DOI: https://doi.org/10.1016/j.eij.2024.100539

IF: 4.195

2024-09-15

Egyptian Informatics Journal

Abstract:Malware attacks have escalated significantly with an increase in the number of internet users and connected devices. With the increasingly different types of malware released by hackers, designing new and competitive techniques to detect advanced malware is essential. In the proposed research, we have developed a multi-level feature extraction technique using deep learning architectures and a classification model to classify malware families. The essential features from the malware images are extracted using the Gated Recurrent Unit in the first step, which are further fed to a Convolutional Neural Network model for extracting the final feature vector. The multi-level feature selection is followed by classification into various malware families using Cost-sensitive Boot Strapped Weighted Random Forest (CSBW-RF). The proposed approach gave promising results of 99.58 % accuracy in distinguishing the 25 different malware families on the Mallmg dataset. This hybrid model gave significantly better performance scores for classifying visually similar malware families. The generalizability of the proposed model is benchmarked with the popular Microsoft Big 2015 dataset and has achieved comparatively higher performance scores than many existing models. This benchmarking demonstrates the robustness and scalability of our approach. The use of cost-sensitive learning and bootstrapping techniques also contributed to the model's ability to generalize well to new and unseen data. These enhancements ensure that our model can be effectively applied in diverse real-world scenarios, maintaining high performance across different environments and malware types. This research can contribute to detecting malware attacks and can be integrated in threat monitoring systems. The successful application of this hybrid model indicates its potential for deployment in real-world cybersecurity environments, providing a strong defense against evolving malware threats.

computer science, information systems, artificial intelligence

Daniel Gibert,Nikolaos Totosis,Constantinos Patsakis,Giulio Zizzo,Quan Le

2024-10-31

Abstract:The proliferation of malware, particularly through the use of packing, presents a significant challenge to static analysis and signature-based malware detection techniques. The application of packing to the original executable code renders extracting meaningful features and signatures challenging. To deal with the increasing amount of malware in the wild, researchers and anti-malware companies started harnessing machine learning capabilities with very promising results. However, little is known about the effects of packing on static machine learning-based malware detection and classification systems. This work addresses this gap by investigating the impact of packing on the performance of static machine learning-based models used for malware detection and classification, with a particular focus on those using visualisation techniques. To this end, we present a comprehensive analysis of various packing techniques and their effects on the performance of machine learning-based detectors and classifiers. Our findings highlight the limitations of current static detection and classification systems and underscore the need to be proactive to effectively counteract the evolving tactics of malware authors.

Cryptography and Security,Artificial Intelligence

Xu Guo,Tao Zheng,Xingshu Chen,Qixu Wang,Jiang Shao,Zhijie Hu

DOI: https://doi.org/10.1109/globecom48099.2022.10001463

2022-01-01

Abstract:There are becoming increasingly common for Android malware with packer protection, which can effectively evade malware detection. Thus the packed identification is very required. However, current packers identification schemes cannot efficiently deal with mixed packers and fail to provide a suitable unpacking scheme. In this paper, we propose a new method called ApkClassiFy. By constructing a fingerprint feature library and classification mapping library, ApkClassiFy can accurately identify and classify Android-packed malware, effectively identifying mixed packing applications and providing a corresponding unpacking scheme. To further verify the performance of ApkClassiFy, we constructed the Android malware dataset MalApk and the packed Android malware classification dataset OmixShell. The experimental results show ApkClassiFy has higher accuracy and lower false positives in detecting packed Android malware than other packed identification schemes. Besides, ApkClassiFy can also classify packers to identify mixed packers and help analysts choose the appropriate unpacking scheme.

Shanqing Guo,Shuangshuang Li,Yan Yu,Anlei Hu,Tao Ban

DOI: https://doi.org/10.1007/978-3-642-34129-8_49

2012-01-01

Abstract:Executable packing is the most common technique to evade detection by anti-virus software.Many signature-based unpackers have been presented to uncover hidden viruses,which make the signature-based anti-virus software successfully detect the packed malicious code. However,these universal unpackers are computationally expensive and scanning large collections of executables may take several hours or even days.In order to improve the computational efficiency, Machine learning techniques have recently been proven effective in solving the focused issues,but up to now,no methods can show what packing method has been used in it.In this paper we proposed a fine-grained detection method to detect whether a malicious code has been packed and which method is been used to.This method firstly extract a hex-string from the target object file and then apply a String-Kernel-Based SVM Classifier to implement the fast detection of packed malicious code.We also show that our system achieves very high detection accuracy of packed executables, so that only executables detected as packed will be sent to an universal unpacker, thus saving a significant amount of processing time.

Anil Singh Parihar,Shashank Kumar,Savya Khosla

DOI: https://doi.org/10.1007/s11042-022-12615-7

IF: 2.577

2022-04-08

Multimedia Tools and Applications

Abstract:Malware classification continues to be exceedingly difficult due to the exponential growth in the number and variants of malicious files. It is crucial to classify malicious files based on their intent, activity, and threat to have a robust malware protection and post-attack recovery system in place. This paper proposes a novel deep learning-based model, S-DCNN, to classify malware binary files into their respective malware families efficiently. S-DCNN uses the image-based representation of the malware binaries and leverages the concepts of transfer learning and ensemble learning. The model incorporates three deep convolutional neural networks, namely ResNet50, Xception, and EfficientNet-B4. The ensemble technique is used to combine these component models’ predictions and a multilayered perceptron is used as a meta classifier. The ensemble technique fuses the diverse knowledge of the component models, resulting in high generalizability and low variance of the S-DCNN. Further, it eliminates the use of feature engineering, reverse engineering, disassembly, and other domain-specific techniques earlier used for malware classification. To establish S-DCNN’s robustness and generalizability, the performance of proposed model is evaluated on the Malimg dataset, a dataset collected from VirusShare, and packed malware dataset counterparts of both Malimg and VirusShare datasets. The proposed method achieves a state-of-the-art 10-fold accuracy of 99.43% on the Malimg dataset and an accuracy of 99.65% on the VirusShare dataset.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Jinting Zhu,Julian Jang-Jaccard,Amardeep Singh,Paul A. Watters,Seyit Camtepe

DOI: https://doi.org/10.3390/fi15060214

2023-06-15

Abstract:Malware authors apply different techniques of control flow obfuscation, in order to create new malware variants to avoid detection. Existing Siamese neural network (SNN)-based malware detection methods fail to correctly classify different malware families when such obfuscated malware samples are present in the training dataset, resulting in high false-positive rates. To address this issue, we propose a novel task-aware few-shot-learning-based Siamese Neural Network that is resilient against the presence of malware variants affected by such control flow obfuscation techniques. Using the average entropy features of each malware family as inputs, in addition to the image features, our model generates the parameters for the feature layers, to more accurately adjust the feature embedding for different malware families, each of which has obfuscated malware variants. In addition, our proposed method can classify malware classes, even if there are only one or a few training samples available. Our model utilizes few-shot learning with the extracted features of a pre-trained network (e.g., VGG-16), to avoid the bias typically associated with a model trained with a limited number of training samples. Our proposed approach is highly effective in recognizing unique malware signatures, thus correctly classifying malware samples that belong to the same malware family, even in the presence of obfuscated malware variants. Our experimental results, validated by N-way on N-shot learning, show that our model is highly effective in classification accuracy, exceeding a rate \textgreater 91\%, compared to other similar methods.

Cryptography and Security,Artificial Intelligence

Danish Vasan,Mamoun Alazab,Sobia Wassan,Babak Safaei,Qin Zheng

DOI: https://doi.org/10.1016/j.cose.2020.101748

IF: 5.105

2020-01-01

Computers & Security

Abstract:Both researchers and malware authors have demonstrated that malware scanners are unfortunately limited and are easily evaded by simple obfuscation techniques. This paper proposes a novel ensemble convolutional neural networks (CNNs) based architecture for effective detection of both packed and unpacked malware. We have named this method Image-based Malware Classification using Ensemble of CNNs (IM-CEC). Our main assumption is that based on their deeper architectures different CNNs provide different semantic representations of the image; therefore, a set of CNN architectures makes it possible to extract features with higher qualities than traditional methods. Experimental results show that IMCEC is particularly suitable for malware detection. It can achieve a high detection accuracy with low false alarm rates using malware raw-input. Result demonstrates more than 99% accuracy for unpacked malware and over 98% accuracy for packed malware. IMCEC is flexible, practical and efficient as it takes only 1.18 s on average to identify a new malware sample. (C) 2020 Elsevier Ltd. All rights reserved.

Ziyu Wang,Wanjiang Han,Yue Lu,Jingfeng Xue

DOI: https://doi.org/10.1007/978-3-030-62223-7_4

2020-01-01

Abstract:Malware has become a serious threat to network security. Traditional static analysis methods usually cannot effectively detect packers, obfuscations, and variants. Dynamic analysis is not efficient when dealing with large amounts of malware. Aiming at the shortcomings of the existing methods, this paper proposes a method for analyzing malware based on the capsule network. It uses a supervised learning method to train the capsule network with a large number of malware samples with existing category labels. In the process of constructing features, this paper adopts a method of combining static features and dynamic features to extract the operation code information based on static analysis, and extract the API call sequence information based on general analysis. Both characteristics can well represent the structure and behavior of malware. Then use N-Gram to construct sequence features, visualize the N-Gram sequence, generate malware images, and finally use the capsule network for classification detection. In addition, this paper improves the original capsule network and verifies the effect of the improved model.

Hamad Naeem,Shi Dong,Olorunjube James Falana,Farhan Ullah

DOI: https://doi.org/10.1016/j.eswa.2023.119952

IF: 8.5

2023-03-24

Expert Systems with Applications

Abstract:Malware has become more complicated in its purpose and abilities over time, demanding continuous progress in detection and defense technologies. Malware designers use anti-analysis obfuscation techniques, including packing and encryption, to evade detection and hinder the analysis process. Current malware detection methods have shortcomings; thus, an alternative dynamic platform-independent scheme is proposed to extract harmful hardware impressions. This scheme includes extracting and converting a file from process memory dumps into an image. A combined structural and statistical image textural analysis is performed by designing a hybrid local and global feature descriptor. The hybrid feature descriptor helps to improve the data training ability of the proposed deep-stacked ensemble model by reducing input dimensions. A deep-stacked ensemble model is developed by combining prediction outputs from weak learners (CNNs) and feeding them into a meta-learner (MLP) as learning input. An explainable artificial intelligence-based approach is employed to interpret and validate the final results of the proposed scheme. Evaluations are conducted using three datasets: the publicly available Dumpware10 dataset, which contains 3686 samples from 10 different malware families; the publicly available CIC-MalMem-2022 dataset, which includes 2,916 samples from 15 different obfuscated malware families; and a real-world dataset, which contains 2375 samples of both malware and benign android apps. Experimental outcomes show that the proposed scheme achieved 99.1% accuracy in analyzing Windows malware memory dumps, 94.3% accuracy in analyzing Android malware memory dumps, and 99.8% accuracy in analyzing Windows obfuscated malware memory dumps. The final results indicate that our vision-based system provides an excellent defense against malicious programs.

computer science, artificial intelligence,engineering, electrical & electronic,operations research & management science

Nguyen Minh Hai,Quan Thanh Tho

DOI: https://doi.org/10.1007/978-3-319-69456-6_8

2017-01-01

Abstract:Most of modern malware are packed by packers to evade the anti-virus software. Basically, packers will apply various obfuscating techniques to hide their true behaviors from static analysis methods. Thus, how to deal with packed malware has always been a tough problem so far. This paper proposes a novel approach for packer detection using a combination of BE-PUM tool and Hidden Markov Model. First, BE-PUM tool is applied to detect the sequence of possible obfuscation techniques embedded in the analyzed binary program. Then, Hidden Markov Model is used to effectively identify the possibility of packer existence from the generated sequences. As Hidden Markov is very effective for pattern recognition, our proposed technique can accurately identify the packers deployed in binaries files. We have performed experiments on more than 2000 real-world malwares taken from VirusShare. The result is very promising.

Ziyue Wang,Weizheng Wang,Yaoqi Yang,Zhaoyang Han,Dequan Xu,Chunhua Su

DOI: https://doi.org/10.1002/int.23094

IF: 8.993

2022-10-27

International Journal of Intelligent Systems

Abstract:Malicious code attacks have severely hindered the current development of the Internet technologies. Once the devices are infected with virus, the damages to companies and users are unpredictable. Although researchers have developed malware detection methods, the analysis result still cannot achieve the desired accuracy due to complicated malicious code families and fast‐growing variants. In this paper, to solve this problem, we combine Convolutional Neural Networks (CNNs) with Generative Adversarial Networks (GANs) to design an efficient and accurate malware detection method. First, we implement a code visualization method and utilize GAN to generate more samples of malicious code variants in the role of data augmentation. Then, the lightweight AlexNet originated from CNN to classify malware families. Finally, simulation experiments are conducted to evaluate that our CNN plus GAN model can achieve a higher classification accuracy (i.e., 97.78%) compared with some related work.

computer science, artificial intelligence

Yongkang Jiang,Gaolei Li,Shenghong Li,Ying Guo

DOI: https://doi.org/10.1016/j.cose.2024.103706

IF: 5.105

2024-01-11

Computers & Security

Abstract:Concept drift poses a critical challenge in deploying machine learning models to mitigate practical malware threats. It refers to the phenomenon that the distribution of test data changes over time, gradually deviating from the original training data and degrading model performance. A promising direction for addressing concept drift is to detect drift samples and then retrain the model. However, this field currently lacks a unified, well-curated, and comprehensive benchmark, which often leads to unfair comparisons and inconclusive outcomes. To improve the evaluation and advance further, this paper presents a new Bench mark dataset for trustworthy M alware F amily C lassification (BenchMFC), which includes 223 K samples of 526 families that evolve over years. BenchMFC provides clear family, packer, and timestamp tags for each sample, it thus can support research on three types of malware concept drift: 1) unseen families, 2) packed families, and 3) evolved families. To collect unpacked family samples from large-scale candidates, we introduce a novel crowdsourcing malware annotation pipeline, which unifies packing detection and family annotation as a consensus inference problem to prevent costly packing detection. Moreover, we provide two case studies to illustrate the application of BenchMFC in 1) concept drift detection and 2) model retraining. The first case demonstrates the impact of three types of malware concept drift and compares nine notable concept drift detectors. The results show that existing detectors have their own advantages in dealing with different types of malware concept drift, and there is still room for improvement in malware concept drift detection. The second case explores how static feature-based machine learning operates on packed samples when retraining a model. The experiments illustrate that packers do preserve some kind of signals that appear to be "effective" for machine learning models, but the robustness of these signals requires further research. BenchMFC has been released to the community at https://github.com/crowdma/benchmfc .

computer science, information systems

Charles-Henry Bertrand Van Ouytsel,Khanh Huu The Dam,Axel Legay

DOI: https://doi.org/10.1016/j.cose.2023.103536

IF: 5.105

2024-01-01

Computers & Security

Abstract:Packing is a widely used obfuscation technique by which malware hides content and behavior. Much research explores how to detect a packed program via such varied approaches as entropy analysis, syntactic signatures, and, more recently, machine learning classifiers using various features. Yet no robust results indicate which algorithms perform best or which features are most significant. Reviews of these results highlight how accuracy, cost, generalization of capabilities, and other measures complicate evaluations. Our work addresses deficiencies by assessing nine different machine-learning approaches using 119 features to identify which features are most significant for packing detection, which algorithms offer the best performance, and which algorithms are most economical.

computer science, information systems

Qi Xie,Yongjun Wang,Zhiquan Qin

DOI: https://doi.org/10.1109/CISP-BMEI51763.2020.9263499

2020-01-01

Abstract:As the damage caused by malware gets severer and involves a wider range of fields, the capability of detecting and classifying the malware becomes increasingly urgent and significant. Modern malware are usually equipped with metamorphic and polymorphic techniques, which means that malware from the same family might be modified. It is noteworthy that dynamic analysis can partially tackle those anti-static techniques. However, many malware authors have already realized that more dynamic methods are employed in malware analysis. Therefore, this field still suffers heavily from the anti-dynamic techniques. To address these problems, this paper first utilizes the static approach to disassembly the malware and obtains the assembly code. Harnessing the power of word embedding, our method then effectively learns the relationships of instructions within each block split by jump instructions and represents them as vectors. These vectors are fed into the LSTM to get each block's representative features. We then incorporate the attention mechanism to reduce these junk codes which belongs to one of the anti-static analysis techniques or atypical features, and thus our method can obtain significantly better feature representation capability of a malware file. Empirical experiments show that our method prevails its competitors and achieves the best performance with an accuracy of 94.25% and an f1 score of 0.95 on a dataset with 16,718 samples from 6 malware families.

Chowdhury Sajadul Islam,Madihah Mohd Saudi,Nur Hafiza Zakaria,Muji Setiyo

DOI: https://doi.org/10.37934/araset.57.1.253273

2024-10-07

Journal of Advanced Research in Applied Sciences and Engineering Technology

Abstract:The attack that occurred recently involved the utilization of malicious software, commonly referred to as malware, along with advanced techniques such as machine learning, specifically deep learning, code transformation, and polymorphism. This makes it harder for cyber experts to detect malware using traditional analysis methods. In view of the low accuracy and high false positive rate of traditional malware detection methods, this research proposes a fine-tuned deep learning model with a novel dataset that is compared with ANN, Support Vector Machine (SVM), random forest (RF), K-Nearest Neighbourhood (KNN) classifiers. Converting a malware code into an image could allow users to effectively identify the presence of malware, even if the original code is modified by the creator. This is due to the fact that the attributes of images remain unchanged, allowing for reliable identification. So, researchers used deep learning technology to detect malware, like detecting malaria from red blood cells. The deep learning model found that a more detailed analysis of malware data sets, focusing on RGB and greyscale images, is needed. These data sets currently rely on publicly available data, but the accuracy of the traditional model could be a lot higher. It also produces many false positive results. The main goal is to create a new data set and model using malware images to identify and categorize malware using deep learning without relying on existing image detection and transfer learning models. The researcher adjusted different hyper parameters, like the number of neurons, filters, stride, hidden units, layers, learning rate, batch size, activation function, optimizer, and epochs. Identifying and correcting issues in models, improving their clarity, stability, and fairness, as well as debugging and monitoring them, is a challenging task. To eliminate this obstacle, assess the model's behaviour and performance by employing various methods such as logging, profiling, testing, visualization, and model clarity. To overcome the challenges posed by the electricity shutdown, we utilized Google's cloud-based GPU and Python 3.7 language to conduct the experiment and train the model. Kali Linux is an operating system that can automatically encrypt file systems and has a lower chance of crashing the system due to malware in a virtual sandbox. The researcher used techniques like early stopping and cross-validation to prevent over fitting and assess generalization in addition to monitoring and evaluating the model's behaviour and performance. The researcher used different methods like L1 and L2 regularization, dropout, and batch normalization to improve the model's performance and avoid over fitting. The binary portable executable (PE) malware dataset is collected from Kaggle, Malimg, Virusshare, Malvis, MS Big2015, and VX-underground and finally converted to greyscale and RGB images to create a novel dataset to fill the lack of image dataset. The raw dataset was then rescaled to a 128x128 greyscale and RGB (red, green, blue) image and flattened to 1024-byte vector images input into convolution neural network (CNN) interpolation to extract features for malware detection. The newly acquired dataset is utilized as an input for the innovative DL algorithms in order to create a tailor-made model capable of accurately predicting malware. The findings in this customized CNN model by fine-tuning hyper-parameters with the three-channel RGB dataset outperformed a greyscale dataset with an accuracy of 98.7% and error rate of 1.3% in current malware compared with other artificial neural network (ANN), ML algorithms such as Support Vector Machine (SVM), K-Nearest Neighbour (KNN), and also Random Forest (RF) models. The proposed approach is compatible with all operating systems (Windows, Linux, and Mac) and can identify different types of malwares, such as packed, polymorphic, obfuscated, metamorphic, or variations of a malware family. There are some limitations to the shortage of malware image datasets and computational costs for fine-tuning hyper parameters in the whole model. Furthermore, the proposed approach detects malware and groups it into families without using common techniques like disassembly, decompilation, de-obfuscation, or running malicious code in a virtual environment.