Main Menu

    A lightweight CNN malware classification method for software detection

    Citation

    Chen, Jiahui and Wu, Mingrui and Gan, Wensheng and Huang, Huiwu and Lau, Terry Shue Chien (2025) A lightweight CNN malware classification method for software detection. International Journal of Machine Learning and Cybernetics. ISSN 1868-8071

    [img] Text
    s13042-025-02662-5.pdf - Published Version
    Restricted to Repository staff only
    Download (6MB)

    Abstract

    Abstract In recent years, the proliferation of malware production tools and the advancement of ChatGPT has led to a signifcant increase in the number of malware and its variants. Consequently, the detection of malware families has become increasingly important. However, the growing use of sophisticated encryption and obfuscation techniques by malware has further complicated static and dynamic detection methods. Furthermore, the rise of fle-less malware, which can evade most static detection methods, has become a prominent trend in infecting victims’ devices. Because malicious software needs to decrypt or de-obfuscate its code and data segments during execution, we can obtain critical information by examining the memory dump of the malware process. Therefore, we propose MIL-CNN, a lightweight neural network based on the attention mechanism for malware classifcation, utilizing RGB images of malware memory dumps. When compared to other deep learning-based methods, our proposed model not only reduces the number of trainable parameters but also maintains classifcation accuracy. Experimental results demonstrate that our proposed model achieves a recognition accuracy of 98.1% on the Dumpware10 dataset, surpassing the classifcation accuracy of existing benchmark models. This highlights the potential of the attention-based lightweight neural network in efectively classifying malware and addressing the challenges posed by encryption, obfuscation, and fle-less malware techniques.

    Item Type: Article
    Uncontrolled Keywords: Malware · Memory dump · Image-based malware classifcation · Deep learning
    Subjects: Q Science > QA Mathematics > QA71-90 Instruments and machines
    Divisions: Faculty of Computing and Informatics (FCI)
    Depositing User: Ms Suzilawati Abu Samah
    Date Deposited: 26 Jun 2025 06:20
    Last Modified: 26 Jun 2025 06:20
    URII: http://shdl.mmu.edu.my/id/eprint/14086

    Downloads

    Downloads per month over past year

    View ItemEdit (login required)

    MMU Institutional Repository is powered by EPrints | Siti Hasmah Digital Library | Multimedia University