← all projects

Image-Based Malware Classification

Malware Mugshots

My thesis. I turned malware files into pictures and taught three vision models to recognize the family on sight. They vote together and agree 94 percent of the time across 17 families. It became a co-authored paper, now under review.

  • Python
  • PyTorch
  • OpenCV
  • ViT
  • Docker
  • CUDA
github ↗

Problem

Signature-based malware detection breaks down as soon as authors repack or obfuscate their binaries. Image-based classification sidesteps this: render the raw bytes of an executable as an image, and family-level visual structure survives obfuscation that defeats string signatures.

Approach

I built a three-track ensemble that votes on every sample:

  • Eight binary-to-image visualization techniques, including Hilbert curve mappings and byteclass coloring, to turn each executable into image representations.
  • Track 1 — handcrafted features: HOG and Haralick texture descriptors feeding classical classifiers.
  • Track 2 — deep CNNs: fine-tuned VGG16, ResNet50, and a custom CNN.
  • Track 3 — Vision Transformer fine-tuned on the same imagery.

Late-fusion soft voting combines the tracks’ probability distributions. Training ran CUDA-accelerated on GPU with Bayesian hyperparameter sweeps, structured logging, Docker for reproducibility, and pytest coverage on the data pipeline.

Result

94% accuracy across 17 malware families on 100K+ image samples, beating each individual track. The work became a co-authored paper — Image-Based Techniques and Ensemble Soft Voting for Malware Classification (S. Lokhande, F. Di Troia, M. Stamp) — currently under review.