Content uploaded by Haodi Jiang
Author content
All content in this area was uploaded by Haodi Jiang on May 23, 2024
Content may be subject to copyright.
DeepGray: Malware Classification Using Grayscale Images with Deep Learning
Harshitha Polsani
Sam Houston State University
Department of Computer Science
Huntsville, TX 77340
Haodi Jiang
Sam Houston State University
Department of Computer Science
Huntsville, TX 77340, USA
Correspondence: haodi.jiang@shsu.edu
Yuexin Liu
Texas A&M University
Department of ETID
College Station, TX 77843
Abstract
In the ever-evolving landscape of cybersecurity, the
threat posed by malware continues to loom large, ne-
cessitating innovative and robust approaches for its ef-
fective detection and classification. In this paper, we
introduce a novel method, DeepGray, for multi-class
malware classification utilizing malware images and
the power of deep learning. Our dataset combines the
malware sample from the BODMAS dataset and the
benign sample from the DikeDataset. The method-
ology involves transforming executable files into a
deep learning-friendly format by converting them into
grayscale images while preserving essential data char-
acteristics. Subsequently, Principal Component Analy-
sis (PCA) is applied to distill the most significant fea-
tures. The study harnesses the power of deep learning
and transfer learning, utilizing established neural net-
work architectures such as VGG16, InceptionV3, Effi-
cientnetv2b0, and Vision Transformers (ViT) for mal-
ware classification. Experimental results demonstrate
the effectiveness of the proposed method in accurately
classifying malware.
Introduction
The continuous evolution of malware presents formidable
challenges to cybersecurity, demanding ingenious solutions
for the timely and precise detection and classification of
these threats. Malicious software, commonly referred to as
malware, represents a grave peril to computer systems as it
exploits vulnerabilities to gain unauthorized access and in-
flict damage. Traditional signature-based detection methods
often struggle to keep pace with the continually mutating
and obfuscating malware. In response, there is growing in-
terest in exploring innovative deep learning approaches for
effective malware analysis and classification (Jiang, Turki,
and Wang 2018). Leveraging the success of deep learn-
ing in image recognition tasks, deep learning methods have
been proposed for malware classification using malware
grayscale images (Nataraj et al. 2011) because it offers the
capacity to identify complex patterns and extract meaningful
representations directly from raw data.
Copyright © 2024 by the authors.
This open access article is published under the Creative Commons
Attribution-NonCommercial 4.0 International License.
Researchers (Kalash et al. 2018) introduced a novel CNN-
based framework for malware classification, transforming
malware binaries into grayscale images for CNN process-
ing. This method facilitates automatic learning of distinctive
features, bypassing the need for manually crafted features.
Similarly, In the work conducted by (Deepa, Adithyaku-
mar, and Vinod 2022), the authors developed a deep learn-
ing approach for malware classification, combining CNNs
with various classifiers such as SVM, RF, XGBoost, and
Deep Neural Network (DNN). In another study, (Pant and
Bista 2022) explored the classification of grayscale mal-
ware images into family groups using the Malimg dataset
(Nataraj et al. 2011). Their research utilized transfer learn-
ing with pre-trained models like VGG16, ResNet-18, In-
ceptionV3, and a custom CNN, underlining the efficacy of
CNNs in image-based malware classification and suggest-
ing further refinement for improved performance across dif-
ferent datasets. The researchers (Acharya, Ravi, and Mo-
hammad 2021) proposed using the EfficientNet-B1 model
for classifying malware on the dataset from the Microsoft
Malware Classification Challenge (Ronen et al. 2018). Fi-
nally, the authors (Kwan 2022) proposed a method to en-
hance malware detection and classification accuracy on two
datasets, the Microsoft Malware Classification Challenge’s
dataset and the REWEMA dataset. This method involves
generating Markov images based on byte-level transfer fre-
quency and employing transfer learning with the VGG19 for
deep learning.
In this study, we aim to validate the effectiveness of vari-
ous transfer learning models through extensive experiments
and analysis on the selected dataset. Our goal is to find a
malware classification model that is both highly efficient and
accurate, using deep learning and grayscale image analysis,
thus making a significant contribution to the fight against
security threats. Our evaluation strategy involves using es-
tablished deep learning frameworks like VGG16 (Simonyan
and Zisserman 2015), EfficientNetV2B0 (Tan and Le 2021),
InceptionV3 (Szegedy et al. 2015), and Vision Transformers
(ViT) (Dosovitskiy et al. 2021) as foundational models for
transfer learning. By adapting these pre-trained models to
our enhanced dataset, our system is able to achieve precise
classification of malware.
The rest of this paper is organized as follows. In the
Dataset Section, we provide detailed information about the
Figure 1: Extract malware grayscale image feature from the binary.
dataset utilized in our study, covering aspects such as its
composition, preprocessing techniques, and distribution of
classes. The Methodology Section describes our proposed
approach, including the processes of malware classification,
the selection of models, and framework building. The Exper-
imental Results section presents the outcomes of our exper-
iments, offering an in-depth evaluation of the model’s per-
formance and its capability in accurately classifying various
malware samples. Lastly, the Conclusion Section summa-
rizes the main discoveries and the broader impact of our re-
search.
Dataset
In this section, we detail the dataset employed in our re-
search, outlining its structure and the preparation process
for malware classification. Our study utilizes data from two
main sources: the BODMAS dataset (Yang et al. 2021) and
the DikeDataset Benign.
The BODMAS dataset is an extensive collection of
57,293 Windows PE files, encompassing a mix of disarmed
malware binaries and their associated metadata. From this
dataset, we selected a subset of 24,813 executable files, cat-
egorized into 14 distinct malware types. These categories
include trojans, worms, backdoors, droppers, ransomware,
potentially unwanted applications (PUAs), downloaders,
viruses, cryptominers, information stealers, exploits, rootk-
its, peer-to-peer worms, and trojan-gamethieves.
The DikeDataset is crucial to our study, providing a col-
lection of benign executable files, including both PE and
OLE files. This dataset comprises 1,083 samples of benign
executables, which we use as non-malicious comparison
points in our research. The inclusion of the DikeDataset al-
lows for a well-rounded analysis, contrasting malware sam-
ples with benign ones and thereby enhancing the overall as-
sessment of our classification approach.
Binaries to Grayscale Image Conversion
For our image-based malware classification approach, we
transformed malware binaries into grayscale images as
shown in Figure 1. This data preparation stage included
reading the binary data from each executable file and con-
verting it into a two-dimensional vector. Subsequently, we
transformed these 2D vectors into grayscale images. These
grayscale images provide a compact yet detailed representa-
tion of the malware samples, preserving key features neces-
sary for effective classification.
Principal Component Analysis
Considering the diverse file sizes of malware and benign
samples in binary data, we employed Principal Component
Analysis (PCA) as a key method (Jolliffe and Cadima 2016).
Our goal was to effectively compress grayscale images and
extract latent features from malware images derived from
both the BODMAS and DikeDataset. PCA is an effective
dimensionality reduction technique, aiming to reduce im-
age dimensions while retaining crucial information for ac-
curate classification. During PCA implementation, we chose
to use a single principal component, focusing on captur-
ing the most significant variance direction in each image.
This approach effectively compressed the data into a single
row, maintaining essential classification information while
greatly reducing image dimensionality. Post-PCA, we as-
sessed the explained variance ratio, which reflects the por-
tion of the dataset’s total variance each principal compo-
nent accounts for. We also calculated the cumulative vari-
ance, summing the explained variances in descending or-
der. To balance dimensionality reduction with information
preservation, we set a variance threshold of 0.95. This means
we chose the minimum number of principal components
needed to retain at least 95% of the variance. Once the vari-
ance threshold was established, we compressed the images
by projecting them onto the selected principal components.
This step transformed the original 2D vector of the grayscale
image into a more compact, lower-dimensional vector. Fi-
nally, for uniformity in our deep learning models’ input di-
mensions, we resized the compressed images to a consistent
size of 512x512 pixels by utilizing the bicubic interpolation
method with zero padding. This resizing maintained a stan-
dard format across all images used in our models.
Data Selection
In addressing the issue of class imbalance in the original
dataset, where certain categories had limited samples, we
concentrated on a subset of classes for our multiclass classi-
fication task. Our objective was to achieve a balanced class
distribution while ensuring enough samples for robust model
training.
We selected seven key categories from the BODMAS and
DikeDataset for this purpose: ’trojan’, ’worm’, ’backdoor’,
’dropper’, ’ransomware’, ’downloader’, and ’virus’. These
were chosen for their relative frequency in the dataset and
to represent a variety of malware types. Additionally, we in-
cluded a ’benign’ category as the eighth class. This class
comprises grayscale images from non-malicious executables
in the DikeDataset. Thus, the final classes for our multi-
Figure 2: Data distribution before and after augmentation, respectively.
class classification are ’trojan’, ’worm’, ’backdoor’, ’drop-
per’, ’ransomware’, ’downloader’, ’virus’, and ’benign’.
Data Augmentation
After performing the data selection process, we observed the
class imbalance issue is still existing in the dataset, where
some categories had a large number of samples while others
had very few. To address this issue, we utilized data aug-
mentation (Perez and Wang 2017) techniques to increase
the number of samples in each class and create a more bal-
anced dataset. This approach led to a more uniform dis-
tribution across different malware types. The augmented
dataset now comprises: 3020 images for trojans, 3010 for
worms, 2275 for backdoors, 2259 for droppers, 2236 for ran-
somware, 2805 for benign files, 2305 for downloaders, and
1262 for viruses. This balanced dataset is more conducive
for effective training of our multiclass classification model.
Figure 2 visually illustrates the transformation in data dis-
tribution both before and after the augmentation process,
which shows how augmentation has successfully equalized
the sample distribution across classes, which is crucial for
the training process.
Methodology
We first divided the augmented and preprocessed dataset
into training, validation, and testing sets at ratios of 60%,
20%, and 20% respectively. This distribution is designed to
train the model comprehensively, fine-tune hyperparameters
using a distinct subset, and assess the model’s ability to gen-
eralize on new, unseen data. Consequently, the training set
comprises 11,501 images across 8 classes, the validation set
includes 3,835 images also across 8 classes, and the testing
set has 3,836 images, likewise spanning 8 classes. Prior to
inputting the data into the deep learning model, we conduct
data normalization to scale pixel values to a range of [0, 1].
Framework Building
In this study, we focus on building efficient models for clas-
sifying different types of malware, utilizing transfer learning
techniques. The framework is visually summarized in Figure
3, illustrating the process from raw malware images to final
classification outcomes.
We start with raw grayscale images of malware sam-
ples as our initial input. These images then undergo a se-
quence of preprocessing actions, which include normalizing
the pixel values and converting them into a format that re-
sembles three-channel RGB. This is achieved by duplicating
the single-channel image to create an imitation of RGB rep-
resentation, thereby making it compatible with deep learning
architectures.
Our deep learning framework incorporates various pre-
trained models, specifically chosen for their proven capa-
bilities in image recognition. These model include VGG16,
InceptionV3, EfficientNetV2B0, and Vision Transformers
(ViT B32). Each model, with its final classification layer re-
moved, has been pretrained on the ImageNet dataset. This
pretraining provides a foundational understanding of com-
plex image features.
After the model’s primary architecture, feature aggrega-
tion is performed, condensing the spatial dimensions of fea-
ture maps into a fixed-length vector. Following this, the
models’ final classification layer, the softmax layer, outputs
probabilities across 8 classes. To ensure stable training and
prevent overfitting, callbacks were integrated into the train-
ing process for 50 epochs. The model adopts the categorical
cross-entropy loss with label smoothing. A detailed discus-
sion of each key architecture employed is as follows.
VGG16 Model: The architecture of the VGG16-based
model starts with a Lambda layer to concatenate the
grayscale image channel three times, followed by a frozen
VGG16 backbone. Feature aggregation includes a Flatten
layer, a Dense layer with 128 units using the ReLU acti-
vation function, and a Dropout layer with a 0.3 rate. A final
Dense layer with softmax activation is attached for classi-
fication across 8 classes. The model’s training utilized the
Adam optimizer.
InceptionV3 Model: Similarly, this model also begins
with a Lambda layer, but it is followed by a frozen Incep-
tionV3 backbone. Feature aggregation comprises a Global
Average Pooling 2D layer, a Dense layer with 128 units us-
ing the ReLU activation function, and a Dropout layer with
a 0.3 rate, ending in a final Dense layer with softmax acti-
vation for classification. The model was trained the Adam
optimizer.
EfficientNetV2B0 Model: The model starts with a Se-
Figure 3: Overview of proposed framework for the malware classification.
quential structure, including a Conv2D layer after the
Lambda layer, followed by a frozen EfficientNetV2B0 back-
bone. The feature aggregation and classification layers are
identical to those in the InceptionV3 Model. For training,
the Stochastic Gradient Descent (SGD) optimizer was used.
Vision Transformers (ViT B32): Again,the model be-
gins with a Lambda layer, followed by the Vision Trans-
former backbone. Feature aggregation consists of a flatten-
ing layer, a Batch Normalization layer, followed by a Dense
Layer with 11 units using GELU activation, and another
Batch Normalization layer. Finally, a Dense layer with soft-
max activation is attached for classification. The Rectified
Adam optimizer was adopted for training.
Experimental Results
Evaluation Metrics
For multi-class malware classification, the performance of
deep learning models is assessed using the following evalu-
ation metrics:
Accuracy: This metric calculates the ratio of correctly
classified samples to the total number of samples. It is an
indicator of the model’s overall classification performance.
Accuracy =TP+TN
TP+FP+TN+FN
Precision:Precision measures the ratio of correctly pre-
dicted instances for a specific malware class to all predic-
tions made for that class. It reflects how accurate the predic-
tions are for that class.
P recision =TP
TP+FP
Recall: Also known as sensitivity, recall calculates the ra-
tio of correctly predicted instances for a specific malware
class to all actual instances of that class in the dataset. It in-
dicates the model’s ability to find all relevant instances in
that class.
Recall =TP
TP+FN
F1-Score: The F1-score is the harmonic mean of preci-
sion and recall, providing a balance between them. It is es-
pecially useful when the class distribution is uneven.
F1Score =2 x Precision x Recall
Precision+Recall
where, TP (True Positive) is the number of correctly pre-
dicted instances of a specific malware family. FP (False Pos-
itive) is the number of instances where the model incorrectly
classifies a sample as a specific malware family, but it actu-
ally belongs to a different class or is benign. TN (True Nega-
tive) is the number of correctly identified samples that do not
belong to the predicted malware class. FN (False Negative)
is the number of instances where the model incorrectly clas-
sifies a sample as benign or as a different malware family
when it actually belongs to the predicted malware class.”
Performance Metrics of Each Model
In this section, we detail the outcomes of our deep learning
model evaluations, which were applied to malware classifi-
cation tasks using transfer learning techniques. The models
underwent a comprehensive training, validation, and testing
regime on a dataset comprised of grayscale images, repre-
senting both malware and benign files.
Table 1: Performance Metrics of Each Model
Model Accuracy Score Precision Recall F1 Score
VGG16 0.82 Macro
Weighted
0.83
0.83
0.8
0.82
0.8
0.82
InceptionV3 0.9 Macro
Weighted
0.9
0.9
0.9
0.9
0.9
0.9
Efficientnet
V2B0 0.93 Macro
Weighted
0.93
0.93
0.93
0.93
0.93
0.93
Vision
Transformers
vit b32
0.95 Macro
Weighted
0.96
0.95
0.96
0.95
0.96
0.95
Table 1 summarizes the performance metrics, including
accuracy, precision, recall, and F1-score, for each model
tested. These results are key in assessing the effectiveness
of each model. According to the results, the VGG16, In-
ceptionV3, EfficientNetV2B0, and Vision Transformers ViT
B32 models attained accuracy of 78%, 82%, 90%, 93%, and
95%, respectively. Of these, the Vision Transformers ViT
B32 model outperformed the others, demonstrating the high-
est Macro (Weighted) scores across precision, recall, and
F1-score, with a consistent 96% (95%) in each metric. This
clearly positions the ViT B32 as the superior choice for mal-
ware classification for the datasets we considered in our ex-
periments.
Comprehensive Analysis of Different Models
VGG16 Model: Table 2 presents the classification results
obtained by employing the VGG16 model across various
malware categories, demonstrating its potential in the field
of malware identification. The model performed well in
identifying backdoor and ransomware types, with both pre-
cision and recall rates at 0.90 and 0.95 respectively, empha-
sizing its ability to leverage pre-trained networks to identify
complex malware features effectively.
Table 2: Classification Results on each Category of Malware
Using VGG16
Malware Family Precision Recall F1-Score
Backdoor 0.90 0.90 0.90
Downloader 0.79 0.82 0.80
Dropper 0.72 0.80 0.76
Ransomware 0.95 0.87 0.91
Trojan 0.87 0.82 0.84
Virus 0.80 0.43 0.56
Worm 0.84 0.93 0.88
Benign 0.73 0.81 0.76
InceptionV3 Model: Table 3 details the classification
metrics of the InceptionV3 model across various malware
families. The model displays a strong capacity for correctly
classifying malware, with particularly high precision and
F1-scores in backdoor, dropper, and ransomware categories.
For backdoor, it has a precision of 0.96 and an F1-score of
0.93; dropper classification stands at a precision of 0.92 with
an F1-score of 0.91; and ransomware detection is notably
accurate, with a precision of 0.98 and an F1-score of 0.9.
EfficientNetV2B0 Model: Table 4 provides a clear view
of the performance of the EfficientNetV2B0 model in clas-
sifying various malware families, with precision, recall, and
F1-score metrics for each category. The model demonstrates
strong capability in distinguishing between different mal-
ware types, achieving high scores across most families. For
instance, it excels in identifying ransomware with a preci-
sion of 0.98, a recall of 0.96, and an F1-score of 0.97, and is
similarly effective in classifying dropper and backdoor cate-
gories with F1-scores of 0.96 and 0.93, respectively.
However, the data also highlights a discrepancy in the tro-
jan category, where the model shows a lower recall of 0.85
and an F1-score of 0.89, despite a high precision of 0.92.
Table 3: Classification Results on each Category of Malware
Using InceptionV3
Malware Family Precision Recall F1-Score
Backdoor 0.96 0.91 0.93
Downloader 0.92 0.86 0.89
Dropper 0.92 0.90 0.91
Ransomware 0.98 0.95 0.96
Trojan 0.85 0.87 0.86
Virus 0.86 0.86 0.86
Worm 0.87 0.92 0.90
Benign 0.85 0.90 0.88
This suggests that while the model is precise in labeling true
trojan instances, it is not as effective in identifying all the
trojans present, which is reflected in the lower recall and F1-
score. Similarly, the virus category shows a balanced per-
formance with an F1-score of 0.91, which indicates a good
balance between precision and recall.
Table 4: Classification Results on each Category of Malware
Using EfficientnetV2B0
Malware Family Precision Recall F1-Score
Backdoor 0.92 0.93 0.93
Downloader 0.97 0.93 0.95
Dropper 0.95 0.97 0.96
Ransomware 0.98 0.96 0.97
Trojan 0.92 0.85 0.89
Virus 0.91 0.91 0.91
Worm 0.87 0.94 0.94
Benign 0.94 0.94 0.94
ViT Model: Table 5 presents the classification accuracy
of the Vision Transformers (ViT) B32 model across various
malware families, showcasing its impressive performance in
malware identification. The ViT B32 model excels across
most categories, with exceptional precision and recall met-
rics in the classification of backdoor, downloader, dropper,
and ransomware types. It achieves a perfect precision of 1.00
in virus detection and near-perfect scores in ransomware
classification, with a precision and F1-score of 0.99. These
figures indicate the model’s adeptness at identifying and cat-
egorizing these malware types with high accuracy. While
the model performs well overall, it does show some areas
for potential improvement. The trojan category, with a recall
of 0.86 and an F1-score of 0.89, indicates that the model
might occasionally miss identifying this type of malware.
Additionally, the precision slightly dips to 0.88 in classify-
ing worm malware, suggesting a minor challenge in accu-
rately marking all instances of this category.
Overall, the ViT B32 model outperforms VGG16, Incep-
tionV3, and EfficientNetV2B0, particularly with its unpar-
alleled precision in virus detection and overall consistency
across diverse malware categories. While VGG16 struggles
with viruses and InceptionV3 lacks peak performance, the
ViT B32 model excels, demonstrating superior capability.
Even against EfficientNetV2B0’s strong ransomware detec-
tion, the ViT B32’s near-perfect scores across multiple cate-
gories confirm its advanced classification proficiency in the
field of malware detection for the dataset in this work.
Table 5: Classification Results on each Category of Malware
Using ViT B32
Malware Family Precision Recall F1-Score
Backdoor 0.94 0.94 0.94
Downloader 0.98 0.98 0.98
Dropper 0.97 0.99 0.98
Ransomware 0.99 0.99 0.99
Trojan 0.93 0.86 0.89
Virus 1.00 0.97 0.98
Worm 0.88 0.96 0.92
Benign 0.99 0.97 0.98
Conclusion
We present ’DeepGray,’ a deep learning-based model that
highlights the significance of grayscale image analysis in
malware classification. Our study demonstrates the crucial
role of grayscale images in capturing key features of mal-
ware, enabling the sophisticated detection of complex mali-
cious patterns through deep learning.
In our experiments, we constructed a dataset compris-
ing BODMAS and DikeDataset, and employed various deep
learning architectures, such as VGG16, InceptionV3, Effi-
cientNetV2B0, and Vision Transformers (ViT) B32, to clas-
sify malware. We compared their performance across vari-
ous metrics. The findings indicate that the Vision Transform-
ers model is the most accurate, showing superior capabil-
ity in identifying different malware types. The application
of transfer learning in the model demonstrates its promis-
ing capabilities in malware classification. Our results also
highlight the significant impact of combining deep learning
with grayscale image analysis, offering a powerful tool for
strengthening cybersecurity.
Moving forward, our research will aim to refine these
deep learning models, particularly focusing on a custom
CNN model, and to further develop our grayscale image
analysis techniques. This future work is intended to improve
our model’s efficacy and keep pace with the continuously
evolving nature of malware threats, thereby reinforcing the
security of digital environments.
References
Acharya, V.; Ravi, V.; and Mohammad, N. 2021.
Efficientnet-based convolutional neural networks for mal-
ware classification. In 2021 12th International Conference
on Computing Communication and Networking Technolo-
gies (ICCCNT), 1–6.
Deepa, K.; Adithyakumar, K. S.; and Vinod, P. 2022. Mal-
ware image classification using vgg16. In 2022 Interna-
tional Conference on Computing, Communication, Security
and Intelligent Systems (IC3SIS), 1–6.
Dosovitskiy, A.; Beyer, L.; Kolesnikov, A.; Weissenborn,
D.; Zhai, X.; Unterthiner, T.; Dehghani, M.; Minderer, M.;
Heigold, G.; Gelly, S.; Uszkoreit, J.; and Houlsby, N. 2021.
An image is worth 16x16 words: Transformers for image
recognition at scale.
Jiang, H.; Turki, T.; and Wang, J. T. L. 2018. Dlgraph: Mal-
ware detection using deep learning and graph embedding.
In 2018 17th IEEE International Conference on Machine
Learning and Applications (ICMLA), 1029–1033.
Kalash, M.; Rochan, M.; Mohammed, N.; Bruce, N. D. B.;
Wang, Y.; and Iqbal, F. 2018. Malware classification with
deep convolutional neural networks. In 2018 9th IFIP In-
ternational Conference on New Technologies, Mobility and
Security (NTMS), 1–5.
Kwan, L. M. 2022. Markov image with transfer learning
for malware detection and classification. In TENCON 2022
- 2022 IEEE Region 10 Conference (TENCON), 1–6.
Nataraj, L.; Karthikeyan, S.; Jacob, G.; and Manjunath, B. S.
2011. Malware images: Visualization and automatic classi-
fication. In Proceedings of the 8th International Symposium
on Visualization for Cyber Security, VizSec ’11. New York,
NY, USA: Association for Computing Machinery.
Pant, D., and Bista, R. 2022. Image-based malware classifi-
cation using deep convolutional neural network and transfer
learning. In Proceedings of the 3rd International Confer-
ence on Advanced Information Science and System, AISS
’21. New York, NY, USA: Association for Computing Ma-
chinery.
Perez, L., and Wang, J. 2017. The effectiveness of data
augmentation in image classification using deep learning.
Ronen, R.; Radu, M.; Feuerstein, C.; Yom-Tov, E.; and Ah-
madi, M. 2018. Microsoft malware classification challenge.
Simonyan, K., and Zisserman, A. 2015. Very deep convolu-
tional networks for large-scale image recognition.
Szegedy, C.; Vanhoucke, V.; Ioffe, S.; Shlens, J.; and Wojna,
Z. 2015. Rethinking the inception architecture for computer
vision.
Tan, M., and Le, Q. V. 2021. Efficientnetv2: Smaller models
and faster training.
Yang, L.; Ciptadi, A.; Laziuk, I.; Ahmadzadeh, A.; and
Wang, G. 2021. Bodmas: An open dataset for learning based
temporal analysis of pe malware. In 2021 IEEE Security and
Privacy Workshops (SPW), 78–84.
