Feature fusion-based squeeze and excitation (FFSE)–bidirectional temporal convolutional network (BiTCN): A hybrid malware detection model

Abstract

Cybersecurity threats continue to escalate with the rapid advancement of internet technology, with malicious code posing a particularly daunting challenge. Traditional detection methods based on feature code matching struggle to keep pace with evolving anti-detection techniques and the proliferation of malicious code variants. Current malware detection often relies on extracting opcode sequences or converting binary files into grayscale maps for analysis based on deep learning. However, text-based methods for malware detection face decompilation errors due to obfuscation, which compromise feature extraction accuracy, and the limitation of n-gram in capturing global behavior patterns beyond local opcode sequences. Image-based methods, on the other hand, risk losing code structure and semantics during image conversion, and the need for fixed-size inputs in convolutional neural networks can lead to feature information loss during resizing or cropping. To address these challenges, this paper proposes feature fusion-based squeeze and excitation (FFSE)–bidirectional temporal convolutional network (BiTCN), a novel hybrid malware detection model that integrates the advantages of FFSE and BiTCN. The FFSE is utilized to extract multi-scale features and fuse global and local features with a channel attention mechanism, while the BiTCN is adopted to capture temporal evolution of malware behavior and integrate features of different levels with a pooling fusion mechanism. Experimental results on the BIG2015 and DataCon datasets demonstrate that the proposed model outperforms existing malware detection methods in terms of $Accuracy$ , $Recall$ , and $F1-score$ . It proves the robustness and generalization of the proposed model and contributes significantly to the field of malware detection.

Keywords

malware detection FFSE BiTCN channel attention mechanism pooling fusion mechanism

Get full access to this article

View all access options for this article.

References

CNNIC . The 52nd statistical report on the development of the internet in China. China Internet Network Information Center (CNNIC), August 2023. https://www.cnnic.net.cn/n4/2023/0828/c88-10829.html.

kaspersky . 2022 cybercriminals-attack, 2022. https://www.kaspersky.com.cn/about/press-releases/2022cybercriminals-attack.

Wang

. Research on Malicious Code Family Detection Technology Based on Deep Learning. Chinese Public Security University, 2021. DOI: 10.27634/d.cnki.gzrgu.2021.000278.

Sun

Wang

Xin

. Malicious code homology analysis technology research. New Ind 2021; 11: 114–117.

. Research on Network Worm Propagation and Control Model. North University of China, 2013.

Liu

. Research on Homology Identification Technology of Malicious Code Based on Deep Learning. Electronic Science Research Institute of China Electronics Technology Corporation, 2020. DOI: 10.27728/d.cnki.gdzkx.2020.000008.

Bazrafshan

Hashemi

Fard

SMH

, et al. A survey on heuristic malware detection techniques. In: The 5th conference on information and knowledge technology, Shiraz, Iran, 28–30 May 2013, pp.113–120. IEEE.

Vasilescu

Gheorghe

Tapus

. Practical malware analysis based on sandboxing. In: 2014 RoEduNet conference 13th edition: Networking in education and research joint event RENAM 8th conference, Chisinau, Moldova, 11–13 September 2014, pp.1–6. IEEE.

Agarap

. Towards building an intelligent anti-malware system: a deep learning approach using support vector machine (SVM) for malware classification. arXiv preprint arXiv:180100318, 2017.

10.

Zulkifli

Hamid

IRA

Shah

, et al. Android malware detection based on network traffic using decision tree algorithm. In: Recent advances on soft computing and data mining: proceedings of the third international conference on soft computing and data mining (SCDM 2018), Johor, Malaysia, 6–7 February 2018, pp.485–494.

11.

Bensaoud

Kalita

Bensaoud

. A survey of malware detection using deep learning. Mach Learn Appl 2024; 16: 100546.

12.

Rbah

Mahfoudi

Fattah

, et al. A comprehensive survey on deep learning approaches for safeguarding the internet of medical things from malicious intrusions. In: 2024 international conference on circuit, systems and communication (ICCSC), Fes, Morocco, 28–29 June 2024, pp.1–6.

13.

Gibert

Mateu

Planes

. A hierarchical convolutional neural network for malware classification. In: 2019 International joint conference on neural networks (IJCNN), Budapest, Hungary, 14–19 July 2019, pp.1–8. IEEE.

14.

Catak

Yazı

Elezaj

, et al. Deep learning based sequential model for malware analysis using Windows exe API calls. PeerJ Comput Sci 2020; 6: e285.

15.

Bae

Lee

. Easy data augmentation for improved malware detection: a comparative study. In: 2021 IEEE international conference on big data and smart computing (BigComp), Jeju Island, Korea (South), 17–20 January 2021, pp.214–218. IEEE.

16.

Wang

Qian

. Malicious code classification based on opcode sequences and textCNN network. J Inf Secur Appl 2022; 67: 103151.

17.

Liu

Wang

. BiLSTM malicious code classification based on multi-feature fusion. Electron Des Eng 2022; 30: 67–72.

18.

Demırcı

Acarturk

. Static malware detection using stacked BiLSTM and GPT-2. IEEE Access 2022; 10: 58488–58502.

19.

Fang

, et al. Comprehensive Android malware detection based on federated learning architecture. IEEE Trans Inf Forensics Secur 2023; 18: 3977–3990.

20.

Cui

Xue

Cai

, et al. Detection of malicious code variants based on deep learning. IEEE Trans Ind Inf 2018; 14: 3187–3196.

21.

Vinayakumar

Alazab

Soman

, et al. Robust intelligent malware detection using deep learning. IEEE Access 2019; 7: 46717–46738.

22.

Vasan

Alazab

Wassan

, et al. IMCFN: image-based malware classification using fine-tuned convolutional neural network architecture. Comput Networks 2020; 171: 107138.

23.

Wan

Cheng

. Research on application of attention-CNN in malware detection. Comput Sci Explor 2021; 15: 670–681.

24.

Hemalatha

Roseline

Geetha

, et al. An efficient DenseNet-based deep learning model for malware detection. Entropy 2021; 23: 344.

25.

Jiang

Bai

Zhang

, et al. Malicious code detection based on multi-channel image deep learning. J Comput Appl 2021; 41: 1142.

26.

Zhang

Feng

Han

, et al. A malicious code detection method based on FF-MICNN in the internet of things. Sensors 2022; 22: 8739.

27.

Shen

Chen

Wang

, et al. Feature fusion-based malicious code detection with dual attention mechanism and BiLSTM. Comput Secur 2022; 119: 102761.

28.

Chai

Qiu

, et al. Dynamic prototype network based on sample adaptation for few-shot malware detection. IEEE Trans Knowl Data Eng 2022; 35: 4754–4766.

29.

Nataraj

Karthikeyan

Jacob

, et al. Malware images: visualization and automatic classification. In: Proceedings of the 8th international symposium on visualization for cyber security, Pittsburgh Pennsylvania USA, 20 July 2011, pp.1–7. Association for Computing Machinery, New York, NY, United States.

30.

Bai

Wang

. Improving malware detection using multi-view ensemble learning. Secur Commun Networks 2016; 9: 4227–4241.

31.

Wang

, et al. A fast malicious code detection method based on feature fusion. Chin J Electron 2023; 51: 57–66.

32.

Wang

Song

, et al. Malicious code classification method based on BiTCN-DLP. Inf Netw Secur 2023; 23: 104–117.

33.

Royi

Marian

Corina

, et al. Microsoft malware classification challenge. arXiv preprint arXiv: 1802.10135, 2018.

34.

Institute QAXTR . DataCon: multi-domain large-scale competition open data for security research[EB/OL]. [2020-08-25]. https://DataCon.qianxin.com/opendata.

35.

Wang

Yang

Xuan

, et al. Research on multi-classification method of malicious code family based on one-dimensional convolutional neural network. Comput Appl Softw 2021; 38: 332–336.

36.

Ren

Bai

Malware visualization based on deep learning. In: 2021 14th international congress on image and signal processing, biomedical engineering and informatics (CISP-BMEI), Shanghai, China, October 23-25, 2021, pp.1–5. IEEE.

37.

Wang

Gao

Tong

, et al. Research on the classification of malicious code families with attention mechanism. J Front Comput Sci Technol 2021; 15: 881–892.

38.

Falana

Sodiya

Onashoga

, et al. Mal-detect: an intelligent visualization approach for malware detection. J King Saud Univ Comput Inf Sci 2022; 34: 1968–1983.

39.

, et al. Android malware family classification method based on synthetic image and Xception improved model. Comput Sci 2023; 50: 351.

40.

Zhu

Wang

, et al. Simplified-Xception: a new way to speed up malicious code classification. In: 2023 26th International conference on computer supported cooperative work in design (CSCWD), Rio de Janeiro, Brazil, 24–26 May 2023, pp.582–587. IEEE.

41.

Kumar

Sapru

Chahal

. Malicious program detection using distinct textural features and fine-tuned InceptionV3 model. In: 2024 IEEE 5th India council international subsections conference (INDISCON), Chandigarh, India, 22–24 August 2024, pp.1–6.

42.

Zhao

Zou

, et al. DeepCG: Classifying metamorphic malware through deep learning of call graphs. Cham: Springer, 2019.

43.

Liu

Wang

Hou

, et al. A malicious code feature extraction method based on probabilistic topic model. Comput Res Dev 2019; 56: 2339–2348.

44.

Guo

Huang

Zhang

, et al. Classification of malware variant based on ensemble learning. In: International Conference on Machine learning for cyber security, Guangzhou, China, 8–10 October 2020, pp.125–139. Cham: Springer International Publishing.

45.

Saadat

Joseph Raymond

. Malware classification using CNN-XGBoost model. In: Artificial intelligence techniques for advanced computing applications: proceedings of ICACT 2020, Chennai, India, 23–24 January 2020, pp.191–202. Singapore: Springer Singapore.

46.

Wang

Song

, et al. Malware variants detection model based on MFF–HDBA. Appl Sci 2022; 12: 9593.