Research of Obfuscated Malware with a Capsule Neural Network


  • Timur V. Jamgharyan National Polytechnic University of Armenia



Capsule neural network, Context triggered piecewise hashing, Edit distance, Intrusion detection system, Transfer learning


The paper presents the results of a research of using transfer training of the capsule neural network to detect malware. The research was carried out on the basis of the source code of malware using the context-triggered piecewise hashing method. The source codes of malware were obtained from public sources of software. Verification of the capsule neural network learning results was carried out using a trained convolutional neural network, and publicly available sources of test to malware. The research was conducted on six types of malware. Software source code, part of capsule neural network training datasets, pre-trained capsule neural network, and full research are publicly available at


D. Ashok Kumar and S. R.Venugopalan, “Intrusion Detection Systems: A Review” International Journal of Advanced Research in Computer Science, vol. 8, no 8, pp.356--370, 2017.

O. Shelukhin, D. Sakalema and A.Filinov, Detection of intrusions into computer networks. Hot line-Telecom, 2018.

S. Survey and D. Usha, “A survey of intrusion detection system in IoT devices”, International Journal of Advanced Research (IJAR), vol 6, pp. 23-31, 2018.

H.Hindy et al., “A taxonomy of network threats and the effect of current datasets on intrusion detection system”, arXiv preprint arXiv:1806.03517, 2020.

Tuan-Hong Chua and Iftektar Salam, “Evaluation of machine learning algorithms in network-based intrusion detection system”, arXiv preprint arXiv:2203.05232, 2022.

Snort intrusion detection and prevention system official website. [Online]. Available

Suricata intrusion detection and prevention system official website. [Online]. Available

Zeek an open source Network Security Monitoring tool system official website. [Online]. Available

Cisco NGIPS system web pages. [Online]. Available

F.Maymi and S.Harrris, CISSP, Exam Guide, Ninth Edition, Mc Graw Hill, New York, San Prancisco, Singapore, Sydney, Toronto, 2022.

C. Chio and D. Freeman, Machine Learning and Security, O`Reilly®, Boston•Sebastopol• Tokyo, 2020.

M. Collins, Network Security. Through Data Analysis, O`Reilly® (DMK press), 2020.

ISO/IEC 7498-1, Second edition 1994-11-15. Corrected and reprinted, 1996.

MITRE ATT&CK® official website. [Online]. Available

CVE cybersecurity web pages. [Online]. Available

OWASP Cheat Sheet Series. [Online].Available

A. Cheremushkin, “Cryptographig protocols: Main properties and vulnerabilites”, PDM , vol.2 appendix, pp.115-150, 2009.

T. V. Jamgharyan and V.H.Ispiryan, “Model of generative network attack” Proceedings of 13th International Conference on Computer Science and Information Technologies (CSIT), Yerevan, Armenia, pp. 90-94, 2021.

A. Ul Haq et al, “Addressing tactic volatility in self-adaptive systems using evolved recurrent neural networks and uncertainty reductions tactics”, arXiv preprint arXiv:2204.10308v1, 2022.

S. Das, “FGAN: Federated generative adversarial networks for anomaly detection in network traffic”, arXiv preprint arXiv:2203.11106v1, 2022.

Sk.Tanzir Mehedi, “Dependable intrusion detection system for iot: a deep transfer learning –based approach”, arXiv preprint arXiv:2204.0483v1,2022.

I. Panagiotis et al, “Securing the Smart Grid: A Comprehensive Compilation of Intrusion Detection and Prevention Systems”, DOI 10.1109/Access, 2017.

A. S. Dina et al , “Effect of balancing data using synhthetic data on the performance machine learning classifiers for intrusion detection in computer networks”, arXiv preprint arXiv:2204.00144v1,2022.

T.Nathuya and G.Suseendram, An Effective Hybrid Intrusion Detection System for Use in Security Monitoring in the Virtual Network Layer of Cloud Computing Technology, Springer Nature, Singapore, 2019.

E.Pelofske, “A robust cubersecurity topic classification tool”, International Journal of Network Security & Its Application (IJNSA), vol.14, № 1, pp. 1-25, 2022.

G.Renjith et al, “GANG-MAM: GAN based enGine for modifying android malware” arXiv preprint arXiv: 2109.13297, 2021.

F.Zhong et al, “MalFox: Camouflaged adversarial malware example generation based on Conv-GANs againist black—box detectors”, arXiv preprint arXiv: 2011.01509, 2021.

B.E.Zolbayar et al, “Generating practical adversarial network traffic flows using NIDSGAN”, arXiv preprint arXiv: 2203.06694v1, 2022.

Md.Ariful Haqua, R.Palit, “ A review on deep neural network for computer network traffic classification”, arXiv preprint arXiv: 2205.10830v1, 2022.

D. Kus et al, “A false sense of security? Revisting the state of machine learning-based industrial intrusion system”, arXiv preprint arXiv: 2205.09199v1, 2022.

S.Layeghy and M. Portmann, “On generalisibility of mashnine learning-based network intrusion detection systems”, arXiv preprint arXiv: 2205.041112v1,2022.

S.Sohail et al, “Explainable and optimally configured artifical neural networks for attack detections in smart homes”, arXiv preprint arXiv:2205.080443v1,2202.

T. Jamgharyan, “Research of the data preparation algorithm for training generative-adversarial network”, Bulletin of High Technology, no. 19, pp. 40-50, 2022.

Kaggle datasets base website. [Online]. Available

Registry of Open Data on AWS website. [Online]. Available

Public data sets for testing and prototyping. [Online]. Available

Datasets base website. [Online]. Available

Datasets of overhead imagery. [Online]. Available

Google open images dataset. [Online]. Available

MalwareBazaar Database. [Online]. Available

Malware database. [Online]. Available

A free malware repository for researches. [Online]. Available

Malware repository. [Online]. Available

Malware repository. [Online]. Available

Viruses repository. [Online]. Available

A live malware repository. [Online]. Available

F.Wang et al, “An efficient unsupervised domain adaptation deep learning model for unknown malware detection”, International conference on security and privacy in new computing environments (SPNCE ), vol. 423, pp. 64 -76, 2022.

G. Pitolli et al, “MalFamAware: automatic family identification and malware classification through online clustering”, International Journal of information security vol. 20, pp. 371-386, 2021.

S. David, R. Anand, V. Jeyakrishnan and M Niranjanamurthy, “Security issues and privacy concerns in industry 4.0 applications”, Wiley, Beverly, 2021.

I. Priyadarshimi and R.Sharma, “Artifical Intelligency and Cybersecurity”, CRC Press Taylor&Francis Group, New York, 2022.

Encyclopedia by Kasperky. [Online].Available

Nettitude labs web site. [Online].Available

S.Kumar and Sudhakar, “MCFT-CNN: Malware classification with-tune convolutional neural networks using traditional and transfer learning in IoT”, DOI 10.1016 Future Generation Computer systems, vol.25 pp. 334-351, 2021.

C.Rong et al, “TransNet: Unseen malware variants detection using deep transfer learning”, International Conference on Security and Privacy in communication systems (LNICST) vol.336, pp.84-101, 2020.

R.Mortier et al, “Distributed data analysis”, arXiv preprint arXiv:.2203.14088.2021.

D.Pogorelov et al, “Comparative analysis of the Levenstein and Dameray-Levenstein edit distance algorithms”, Processing of Moscow State University after N.Bauman, vol. 31, pp. 803-811, 2019.

ssdeep software project website. [Online].Available Professional information and analytical resource dedicated to machine learning, pattern recognition and data mining. [Online].Available

Capsule networks paperspace. [Online]. Available networks/

Free service that analyzes malware. [Online].Available

Malware scanning platform. [Online].Available

“Dotfuscator” software web pages. [Online].Available

“Guardsquare” software web site. [Online]. Available




How to Cite

Jamgharyan, T. V. (2022). Research of Obfuscated Malware with a Capsule Neural Network. Mathematical Problems of Computer Science, 58, 67–83.