Cyber assaults on people, businesses, and organisations have risen in recent years. Cybercriminals are continuously searching for efficient routes to start attacks and spread malware to victims. Images are used every day by millions of people around the globe, and most people believe that using them is secure. However, some picture kinds have malicious payloads that can carry out evil deeds. Due in large part to its lossy compression, JPEG is the most widely used picture file. They are utilised by almost everyone, from small businesses to big corporations, and are present on almost every type of gadget. (digital camera, smartphone, website, social media, etc.). Because of their widespread use, low risk of misuse, and status as being safe, JPEG images are frequently used by cybercriminals as attack vectors. However, to our understanding, machine learning techniques have not been applied to identify malicious JPEG pictures. Machine learning techniques have demonstrated effectiveness in identifying both known and undiscovered malware in a variety of disciplines. No specific study method was ever employed. Here, we introduce MalJPEG, the first machine learning-based tool designed with the goal of quickly identifying undocumented malicious JPEG pictures. MalJPEG uses a machine learning classifier to automatically extract 10 easily recognisable characteristics from the JPEG file structure and uses them to differentiate between legitimate and malicious JPEG pictures.Utilizing a comprehensive sample of 156,818 real-world pictures, including 155,013 (98.85%) innocuous and 1,805 (1.15%) malignant images, we thoroughly assessed MalJPEG. The findings indicate that when MalJPEG is combined with the LightGBM classifier, the true positive rate (TPR) is 0.951 and the area under the receiver operating characteristic curve (AUC) is 0.997, the greatest with a very low false positive rate. (FPR) 0.004.

INDEX TERMS JPEG, image, malware, detection, machine learning, features.