Cybersecurity threats continue to escalate with the rapid advancement of internet technology, with malicious code posing a particularly daunting challenge. Traditional detection methods based on feature code matching struggle to keep pace with evolving anti-detection techniques and the proliferation of malicious code variants. Current malware detection often relies on extracting opcode sequences or converting binary files into grayscale maps for analysis based on deep learning. However, text-based methods for malware detection face decompilation errors due to obfuscation, which compromise feature extraction accuracy, and the limitation of n-gram in capturing global behavior patterns beyond local opcode sequences. Image-based methods, on the other hand, risk losing code structure and semantics during image conversion, and the need for fixed-size inputs in convolutional neural networks can lead to feature information loss during resizing or cropping. To address these challenges, this paper proposes feature fusion-based squeeze and excitation (FFSE)–bidirectional temporal convolutional network (BiTCN), a novel hybrid malware detection model that integrates the advantages of FFSE and BiTCN. The FFSE is utilized to extract multi-scale features and fuse global and local features with a channel attention mechanism, while the BiTCN is adopted to capture temporal evolution of malware behavior and integrate features of different levels with a pooling fusion mechanism. Experimental results on the BIG2015 and DataCon datasets demonstrate that the proposed model outperforms existing malware detection methods in terms of , , and . It proves the robustness and generalization of the proposed model and contributes significantly to the field of malware detection.
WangG. Research on Malicious Code Family Detection Technology Based on Deep Learning. Chinese Public Security University, 2021. DOI: 10.27634/d.cnki.gzrgu.2021.000278.
LiY. Research on Network Worm Propagation and Control Model. North University of China, 2013.
6.
LiuH. Research on Homology Identification Technology of Malicious Code Based on Deep Learning. Electronic Science Research Institute of China Electronics Technology Corporation, 2020. DOI: 10.27728/d.cnki.gdzkx.2020.000008.
7.
BazrafshanZHashemiHFardSMH, et al.A survey on heuristic malware detection techniques. In: The 5th conference on information and knowledge technology, Shiraz, Iran, 28–30 May 2013, pp.113–120. IEEE.
8.
VasilescuMGheorgheLTapusN. Practical malware analysis based on sandboxing. In: 2014 RoEduNet conference 13th edition: Networking in education and research joint event RENAM 8th conference, Chisinau, Moldova, 11–13 September 2014, pp.1–6. IEEE.
9.
AgarapAF. Towards building an intelligent anti-malware system: a deep learning approach using support vector machine (SVM) for malware classification. arXiv preprint arXiv:180100318, 2017.
10.
ZulkifliAHamidIRAShahWM, et al.Android malware detection based on network traffic using decision tree algorithm. In: Recent advances on soft computing and data mining: proceedings of the third international conference on soft computing and data mining (SCDM 2018), Johor, Malaysia, 6–7 February 2018, pp.485–494.
11.
BensaoudAKalitaJBensaoudM. A survey of malware detection using deep learning. Mach Learn Appl2024; 16: 100546.
12.
RbahYMahfoudiMFattahM, et al.A comprehensive survey on deep learning approaches for safeguarding the internet of medical things from malicious intrusions. In: 2024 international conference on circuit, systems and communication (ICCSC), Fes, Morocco, 28–29 June 2024, pp.1–6.
13.
GibertDMateuCPlanesJ. A hierarchical convolutional neural network for malware classification. In: 2019 International joint conference on neural networks (IJCNN), Budapest, Hungary, 14–19 July 2019, pp.1–8. IEEE.
14.
CatakFOYazıAFElezajO, et al.Deep learning based sequential model for malware analysis using Windows exe API calls. PeerJ Comput Sci2020; 6: e285.
15.
BaeJLeeC. Easy data augmentation for improved malware detection: a comparative study. In: 2021 IEEE international conference on big data and smart computing (BigComp), Jeju Island, Korea (South), 17–20 January 2021, pp.214–218. IEEE.
16.
WangQQianQ. Malicious code classification based on opcode sequences and textCNN network. J Inf Secur Appl2022; 67: 103151.
17.
LiuZWangC. BiLSTM malicious code classification based on multi-feature fusion. Electron Des Eng2022; 30: 67–72.
18.
DemırcıDAcarturkC. Static malware detection using stacked BiLSTM and GPT-2. IEEE Access2022; 10: 58488–58502.
19.
FangWHeJLiW, et al.Comprehensive Android malware detection based on federated learning architecture. IEEE Trans Inf Forensics Secur2023; 18: 3977–3990.
20.
CuiZXueFCaiX, et al.Detection of malicious code variants based on deep learning. IEEE Trans Ind Inf2018; 14: 3187–3196.
21.
VinayakumarRAlazabMSomanK, et al.Robust intelligent malware detection using deep learning. IEEE Access2019; 7: 46717–46738.
22.
VasanDAlazabMWassanS, et al.IMCFN: image-based malware classification using fine-tuned convolutional neural network architecture. Comput Networks2020; 171: 107138.
23.
MaDWanLChengQ. Research on application of attention-CNN in malware detection. Comput Sci Explor2021; 15: 670–681.
24.
HemalathaJRoselineSAGeethaS, et al.An efficient DenseNet-based deep learning model for malware detection. Entropy2021; 23: 344.
25.
JiangKBaiWZhangL, et al.Malicious code detection based on multi-channel image deep learning. J Comput Appl2021; 41: 1142.
26.
ZhangWFengYHanG, et al.A malicious code detection method based on FF-MICNN in the internet of things. Sensors2022; 22: 8739.
27.
ShenGChenZWangH, et al.Feature fusion-based malicious code detection with dual attention mechanism and BiLSTM. Comput Secur2022; 119: 102761.
28.
ChaiYDuLQiuJ, et al.Dynamic prototype network based on sample adaptation for few-shot malware detection. IEEE Trans Knowl Data Eng2022; 35: 4754–4766.
29.
NatarajLKarthikeyanSJacobG, et al. Malware images: visualization and automatic classification. In: Proceedings of the 8th international symposium on visualization for cyber security, Pittsburgh Pennsylvania USA, 20 July 2011, pp.1–7. Association for Computing Machinery, New York, NY, United States.
WangSWangJWangY, et al.A fast malicious code detection method based on feature fusion. Chin J Electron2023; 51: 57–66.
32.
LiSWangJSongY, et al.Malicious code classification method based on BiTCN-DLP. Inf Netw Secur2023; 23: 104–117.
33.
RoyiRMarianRCorinaF, et al. Microsoft malware classification challenge. arXiv preprint arXiv: 1802.10135, 2018.
34.
Institute QAXTR. DataCon: multi-domain large-scale competition open data for security research[EB/OL]. [2020-08-25]. https://DataCon.qianxin.com/opendata.
35.
WangDYangKXuanJ, et al.Research on multi-classification method of malicious code family based on one-dimensional convolutional neural network. Comput Appl Softw2021; 38: 332–336.
36.
RenZBaiTMalware visualization based on deep learning. In: 2021 14th international congress on image and signal processing, biomedical engineering and informatics (CISP-BMEI), Shanghai, China, October 23-25, 2021, pp.1–5. IEEE.
37.
WangRGaoJTongX, et al.Research on the classification of malicious code families with attention mechanism. J Front Comput Sci Technol2021; 15: 881–892.
38.
FalanaOJSodiyaASOnashogaSA, et al.Mal-detect: an intelligent visualization approach for malware detection. J King Saud Univ Comput Inf Sci2022; 34: 1968–1983.
39.
YuXLuTDuY, et al.Android malware family classification method based on synthetic image and Xception improved model. Comput Sci2023; 50: 351.
40.
ZhuXHeSWangX, et al.Simplified-Xception: a new way to speed up malicious code classification. In: 2023 26th International conference on computer supported cooperative work in design (CSCWD), Rio de Janeiro, Brazil, 24–26 May 2023, pp.582–587. IEEE.
41.
KumarSSapruYChahalNS. Malicious program detection using distinct textural features and fine-tuned InceptionV3 model. In: 2024 IEEE 5th India council international subsections conference (INDISCON), Chandigarh, India, 22–24 August 2024, pp.1–6.
42.
ZhaoSMaXZouW, et al.DeepCG: Classifying metamorphic malware through deep learning of call graphs. Cham: Springer, 2019.
43.
LiuYWangZHouY, et al.A malicious code feature extraction method based on probabilistic topic model. Comput Res Dev2019; 56: 2339–2348.
44.
GuoHHuangSZhangM, et al. Classification of malware variant based on ensemble learning. In: International Conference on Machine learning for cyber security, Guangzhou, China, 8–10 October 2020, pp.125–139. Cham: Springer International Publishing.
45.
SaadatSJoseph RaymondV. Malware classification using CNN-XGBoost model. In: Artificial intelligence techniques for advanced computing applications: proceedings of ICACT 2020, Chennai, India, 23–24 January 2020, pp.191–202. Singapore: Springer Singapore.
46.
WangSWangJSongY, et al.Malware variants detection model based on MFF–HDBA. Appl Sci2022; 12: 9593.
