Search Results (20)

The proliferation of sophisticated malware poses a persistent threat to cybersecurity. While visualizing malware as images enables the use of Convolutional Neural Networks, standard architectures are often inefficient and struggle with the high spatial and channel redundancy inherent in these representations. To address this challenge, we propose LR-MalConv, a new detection framework centered on a novel Low-Redundancy Convolution (LR-Conv) module. The LR-Conv module is uniquely designed to synergistically reduce both spatial redundancy, via a gating and reconstruction mechanism, and channel redundancy, through an efficient split–transform–fuse strategy. By integrating LR-Conv into a ResNet backbone, our framework enhances discriminative feature extraction while significantly reducing computational overhead. Extensive experiments on the Malimg benchmark dataset show our method achieves an accuracy of 99.52%, outperforming existing methods. LR-MalConv establishes a new benchmark for visualized malware detection by striking a superior balance between accuracy and computational efficiency, demonstrating the significant potential of redundancy reduction in this domain. Full article

Identifying malware families is vital for predicting attack campaigns and creating effective defense strategies. Traditional signature-based methods are insufficient against new and evasive malware, highlighting the need for adaptive, multimodal solutions. This paper proposes a deep learning framework that fuses visual and static features through a ConvNeXt-Tiny backbone with cross-attention integration and incorporates calibration strategies such as snapshot ensembling, test-time augmentation, and per-class bias adjustment. The model is evaluated on two publicly available datasets: Malimg and Fusion Malware. The results demonstrate an outstanding accuracy of 99.69% on Malimg and 98.67% on Fusion, with macro F1 scores of 99.22% and 98.12%, respectively. Bias calibration improved the detection of difficult families on Malimg, and error analysis of Fusion identified challenges with polymorphic and underrepresented families. Overall, combining multimodal fusion with lightweight calibration enhances robustness and interpretability for real-world malware detection and attribution. Full article

Malware continues to develop, posing significant challenges for traditional signature-based detection systems. Visual malware classification, which transforms malware binaries into grayscale images, has emerged as a promising alternative for recognizing patterns in malicious code. This study presents a hybrid deep learning architecture that combines the local feature extraction capabilities of ConvNeXt-Tiny (a CNN-based model) with the global context modeling of the Swin Transformer. The proposed model is evaluated using three benchmark datasets—Malimg, MaleVis, VirusMNIST—encompassing 61 malware classes. Experimental results show that the hybrid model achieved a validation accuracy of 94.04%, outperforming both the ConvNeXt-Tiny-only model (92.45%) and the Swin Transformer-only model (90.44%). Additionally, we extended our validation dataset to two more datasets—Maldeb and Dumpware-10—to strengthen the empirical foundation of our work. The proposed hybrid model achieved competitive accuracy on both, with 98% on Maldeb and 97% on Dumpware-10. To enhance model interpretability, we employed Gradient-weighted Class Activation Mapping (Grad-CAM), which visualizes the learned representations and reveals the complementary nature of CNN and Transformer modules. The hybrid architecture, combined with explainable AI, offers an effective and interpretable approach for malware classification, facilitating better understanding and trust in automated detection systems. In addition, a real-time deployment scenario is demonstrated to validate the model’s practical applicability in dynamic environments. Full article

The growing sophistication of malware and other cyber threats presents significant challenges for detection and prevention in modern cybersecurity systems. In this paper an efficient and novel malware classification model using the Hybrid Resnet-Transformer Network (HRT-Net) and Improved Grasshopper Optimization Algorithm (IGOA) is proposed. Convolutional layers in the resnet50 model effectively extract local features from malware patterns, while the Transformer focuses on long-range dependencies and complex patterns by leveraging multi-head attention. The extracted local and global features are concatenated to create a rich feature representation, enabling precise malware detection. The Improved Grasshopper Optimization Algorithm with dynamic mutation coefficient and dynamic inertia motion weights is employed to select an optimal subset of features, reducing computational complexity and enhancing classification performance. Finally, the Ensemble Learning technique is used to robustly classify malware samples. Experimental evaluations on the Malimg dataset demonstrate the high efficiency of the proposed method, achieving an impressive accuracy of 99.77%, which shows greater efficiency compared to other recent studies. Full article

The increasing complexity and frequency of malware attacks pose significant challenges to cybersecurity, as traditional methods struggle to keep pace with the evolving threat landscape. Current malware classification techniques often fail to account for the heterogeneity of malware data and models across different clients, limiting their effectiveness. In this chapter, we propose a distributed model enhancement-based malware classification method that leverages federated learning to address these limitations. Our approach employs generative adversarial networks to generate synthetic malware data, transforming non-independent datasets into approximately independent ones to mitigate data heterogeneity. Additionally, we utilize knowledge distillation to facilitate the transfer of knowledge between client-specific models and a global classification model, promoting effective collaboration among diverse systems. Inspired by active defense theory, our method identifies suboptimal models during training and replaces them on a central server, ensuring all clients operate with optimal classification capabilities. We conducted extensive experimentation on the Malimg dataset and the Microsoft Malware Classification Challenge (MMCC) dataset. In scenarios characterized by both model heterogeneity and data heterogeneity, our proposed method demonstrated its effectiveness by improving the global malware classification model’s accuracy to 96.80%. Overall, our research presents a robust framework for improving malware classification while maintaining data privacy across distributed environments, highlighting its potential to strengthen cybersecurity defenses against increasingly sophisticated malware threats. Full article

A significant quantity of malware is created on purpose every day. Users of smartphones and computer networks now mostly worry about malware. These days, malware detection is a major concern in the cybersecurity area. Several factors can impact malware detection performance, such as inappropriate features and classifiers, extensive domain knowledge, imbalanced data environments, computational complexity, and resource usage. A significant number of existing malware detection methods have been impacted by these factors. Therefore, in this paper, we will first identify and determine the best features and classifiers and then use them in order to propose the malware detection method. The comparative strategy and proposed malware detection procedure consist of four basic steps: malware transformation (converting images of malware from RGB to grayscale), feature extraction (using the ResNet-50, DenseNet-201, GoogLeNet, AlexNet, and SqueezeNet models), feature selection (using PCA method), classification (including GDA, KNN, logistic, SVM, RF, and ensemble learning), and evaluation (using accuracy and error evaluation metrics). Unbalanced Malimg datasets are used in experiments to validate the efficacy of the results that were obtained. According to the comparison findings, KNN is the best machine learning classifier. It outperformed the other classifiers in the Malimg datasets in terms of both accuracy and error. In addition, DenseNet201 is the best pretrained model in the Malimg dataset. Therefore, the proposed DenseNet201-KNN methods had an accuracy rate of 96% and a minimal error rate of 3.07%. The proposed methods surpass existing state-of-the-art approaches. The proposed feature extraction is computationally quicker than most other methods since it uses a lightweight design and fewer feature vector dimensions. Full article

To address the challenges of weak model generalization and limited model capacity adaptation in traditional malware detection methods, this article presents a novel malware detection approach based on stacked depthwise separable convolutions and self-attention, termed CoAtNet. This method combines the strengths of the self-attention module’s robust model adaptation and the convolutional networks’ powerful generalization abilities. The initial step involves transforming the malicious code into grayscale images. These images are subsequently processed using a detection model that employs stacked depthwise separable convolutions and an attention mechanism. This model effectively recognizes and classifies the images, automatically extracting essential features from malicious software images. The effectiveness of the method was validated through comparative experiments using both the Malimg dataset and the augmented Blended+ dataset. The approach’s performance was evaluated against popular models, including XceptionNet, EfficientNetB0, ResNet50, VGG16, DenseNet169, and InceptionResNetV2. The experimental results highlight that the model surpasses other malware detection models in terms of accuracy and generalization ability. In conclusion, the proposed method addresses the limitations of traditional malware detection approaches by leveraging stacked depthwise separable convolutions and self-attention. Comprehensive experiments demonstrate its superior performance compared to existing models. This research contributes to advancing the field of malware detection and provides a promising solution for enhanced accuracy and robustness. Full article

Malware has become increasingly prevalent in recent years, endangering people, businesses, and digital assets worldwide. Despite the numerous techniques and methodologies proposed for detecting and neutralizing malicious agents, modern automated malware creation methods continue to produce malware that can evade modern detection techniques. This has increased the need for advanced and accurate malware classification and detection techniques. This paper offers a unique method for classifying malware, using images that use dual attention and convolutional neural networks. Our proposed model has demonstrated exceptional performance in malware classification, achieving the remarkable accuracy of 98.14% on the Malimg benchmark dataset. To further validate its effectiveness, we also evaluated the model’s performance on the big 2015 dataset, where it achieved an even higher accuracy rate of 98.95%, surpassing previous state-of-the-art solutions. Several metrics, including the precision, recall, specificity, and F1 score were used to evaluate accuracy, showing how well our model performed. Additionally, we used class-balancing strategies to increase the accuracy of our model. The results obtained from our experiments indicate that our suggested model is of great interest, and can be applied as a trustworthy method for image-based malware detection, even when compared to more complex solutions. Overall, our research highlights the potential of deep learning frameworks to enhance cyber security measures, and mitigate the risks associated with malware attacks. Full article

The tremendous growth in online activity and the Internet of Things (IoT) led to an increase in cyberattacks. Malware infiltrated at least one device in almost every household. Various malware detection methods that use shallow or deep IoT techniques were discovered in recent years. Deep learning models with a visualization method are the most commonly and popularly used strategy in most works. This method has the benefit of automatically extracting features, requiring less technical expertise, and using fewer resources during data processing. Training deep learning models that generalize effectively without overfitting is not feasible or appropriate with large datasets and complex architectures. In this paper, a novel ensemble model, Stacked Ensemble—autoencoder, GRU, and MLP or SE-AGM, composed of three light-weight neural network models—autoencoder, GRU, and MLP—that is trained on the 25 essential and encoded extracted features of the benchmark MalImg dataset for classification was proposed. The GRU model was tested for its suitability in malware detection due to its lesser usage in this domain. The proposed model used a concise set of malware features for training and classifying the malware classes, which reduced the time and resource consumption in comparison to other existing models. The novelty lies in the stacked ensemble method where the output of one intermediate model works as input for the next model, thereby refining the features as compared to the general notion of an ensemble approach. Inspiration was drawn from earlier image-based malware detection works and transfer learning ideas. To extract features from the MalImg dataset, a CNN-based transfer learning model that was trained from scratch on domain data was used. Data augmentation was an important step in the image processing stage to investigate its effect on classifying grayscale malware images in the MalImg dataset. SE-AGM outperformed existing approaches on the benchmark MalImg dataset with an average accuracy of 99.43%, demonstrating that our method was on par with or even surpassed them. Full article

Malware is becoming an effective support tool not only for professional hackers but also for amateur ones. Due to the support of free malware generators, anyone can easily create various types of malicious code. The increasing amount of novel malware is a daily global problem. Current machine learning-based methods, especially image-based malware classification approaches, are attracting significant attention because of their accuracy and computational cost. Convolutional Neural Networks are widely applied in malware classification; however, CNN needs a deep architecture and GPUs for parallel processing to achieve high performance. By contrast, a simple model merely contained a Multilayer Perceptron called MLP-mixer with fewer hyperparameters that can run in various environments without GPUs and is not too far behind CNN in terms of performance. In this study, we try applying an Autoencoder (AE) to improve the performance of the MLP-mixer. AE is widely used in several applications as dimensionality reduction to filter out the noise and identify crucial elements of the input data. Taking this advantage from AE, we propose a lightweight ensemble architecture by combining a customizer MLP-mixer and Autoencoder to refine features extracted from the MLP-mixer with the encoder-decoder architecture of the autoencoder. We achieve overperformance through various experiments compared to other cutting-edge techniques using Malimg and Malheur datasets which contain 9939 (25 malware families) and 3133 variant samples (24 malware families). Full article

The applications of computer networks are increasingly extensive, and networks can be remotely controlled and monitored. Cyber hackers can exploit vulnerabilities and steal crucial data or conduct remote surveillance through malicious programs. The frequency of malware attacks is increasing, and malicious programs are constantly being updated. Therefore, more effective malware detection techniques are being developed. In this paper, a convolutional fuzzy neural network (CFNN) based on feature fusion and the Taguchi method is proposed for malware image classification; this network is referred to as FT-CFNN. Four fusion methods are proposed for the FT-CFNN, namely global max pooling fusion, global average pooling fusion, channel global max pooling fusion, and channel global average pooling fusion. Data are fed into this network architecture and then passed through two convolutional layers and two max pooling layers. The feature fusion layer is used to reduce the feature size and integrate the network information. Finally, a fuzzy neural network is used for classification. In addition, the Taguchi method is used to determine optimal parameter combinations to improve classification accuracy. This study used the Malimg dataset to evaluate the accuracy of the proposed classification method. The accuracy values exhibited by the proposed FT-CFNN, proposed CFNN, and original LeNet model in malware family classification were 98.61%, 98.13%, and 96.68%, respectively. Full article

Malware development has significantly increased recently, posing a serious security risk to both consumers and businesses. Malware developers continually find new ways to circumvent security research’s ongoing efforts to guard against malware attacks. Malware Classification (MC) entails labeling a class of malware to a specific sample, while malware detection merely entails finding malware without identifying which kind of malware it is. There are two main reasons why the most popular MC techniques have a low classification rate. First, Finding and developing accurate features requires highly specialized domain expertise. Second, a data imbalance that makes it challenging to classify and correctly identify malware. Furthermore, the proposed malware classification (MC) method consists of the following five steps: (i) Dataset preparation: 2D malware images are created from the malware binary files; (ii) Visualized Malware Pre-processing: the visual malware images need to be scaled to fit the CNN model’s input size; (iii) Feature extraction: both hand-engineering (Tamura) and deep learning (GoogLeNet) techniques are used to extract the features in this step; (iv) Classification: to perform malware classification, we employed k-Nearest Neighbor (KNN), Support Vector Machines (SVM), and Extreme Learning Machine (ELM). The proposed method is tested on a standard Malimg unbalanced dataset. The accuracy rate of the proposed method was extremely high, making it the most efficient option available. The proposed method’s accuracy rate was outperformed both the Hand-crafted feature and Deep Feature techniques, at 95.42 and 96.84 percent. Full article

The smart factory environment has been transformed into an Industrial Internet of Things (IIoT) environment, which is an interconnected and open approach. This has made smart manufacturing plants vulnerable to cyberattacks that can directly lead to physical damage. Most cyberattacks targeting smart factories are carried out using malware. Thus, a solution that efficiently detects malware by monitoring and analyzing network traffic for malware attacks in smart factory IIoT environments is critical. However, achieving accurate real-time malware detection in such environments is difficult. To solve this problem, this study proposes an edge computing-based malware detection system that efficiently detects various cyberattacks (malware) by distributing vast amounts of smart factory IIoT traffic information to edge servers for deep learning processing. The proposed malware detection system consists of three layers (edge device, edge, and cloud layers) and utilizes four meaningful functions (model training and testing, model deployment, model inference, and training data transmission) for edge-based deep learning. In experiments conducted on the Malimg dataset, the proposed malware detection system incorporating a convolutional neural network with image visualization technology achieved an overall classification accuracy of 98.93%, precision of 98.93%, recall of 98.93%, and F1-score of 98.92%. Full article

Malware is a key component of cyber-crime, and its analysis is the first line of defence against cyber-attack. This study proposes two new malware classification frameworks: Deep Feature Space-based Malware classification (DFS-MC) and Deep Boosted Feature Space-based Malware classification (DBFS-MC). In the proposed DFS-MC framework, deep features are generated from the customized CNN architectures and are fed to a support vector machine (SVM) algorithm for malware classification, while, in the DBFS-MC framework, the discrimination power is enhanced by first combining deep feature spaces of two customized CNN architectures to achieve boosted feature spaces. Further, the detection of exceptional malware is performed by providing the deep boosted feature space to SVM. The performance of the proposed malware classification frameworks is evaluated on the MalImg malware dataset using the hold-out cross-validation technique. Malware variants like Autorun.K, Swizzor.gen!I, Wintrim.BX and Yuner.A is hard to be correctly classified due to their minor inter-class differences in their features. The proposed DBFS-MC improved performance for these difficult to discriminate malware classes using the idea of feature boosting generated through customized CNNs. The proposed classification framework DBFS-MC showed good results in term of accuracy: 98.61%, F-score: 0.96, precision: 0.96, and recall: 0.96 on stringent test data, using 40% unseen data. Full article

In recent years the amount of malware spreading through the internet and infecting computers and other communication devices has tremendously increased. To date, countless techniques and methodologies have been proposed to detect and neutralize these malicious agents. However, as new and automated malware generation techniques emerge, a lot of malware continues to be produced, which can bypass some state-of-the-art malware detection methods. Therefore, there is a need for the classification and detection of these adversarial agents that can compromise the security of people, organizations, and countless other forms of digital assets. In this paper, we propose a spatial attention and convolutional neural network (SACNN) based on deep learning framework for image-based classification of 25 well-known malware families with and without class balancing. Performance was evaluated on the Malimg benchmark dataset using precision, recall, specificity, precision, and F1 score on which our proposed model with class balancing reached 97.42%, 97.95%, 97.33%, 97.11%, and 97.32%. We also conducted experiments on SACNN with class balancing on benign class, also produced above 97%. The results indicate that our proposed model can be used for image-based malware detection with high performance, despite being simpler as compared to other available solutions. Full article