Multimodal malware classification using proposed ensemble deep neural network framework

Citation

Nazim, Sadia and Alam, Muhammad Mansoor and Rizvi, Safdar Ali and Mustapha, Jawahir Che and Hussain, Syed Shujaa and Su’ud, Mazliham Mohd (2025) Multimodal malware classification using proposed ensemble deep neural network framework. Scientific Reports, 15 (1). ISSN 2045-2322

[img] Text
s41598-025-96203-3.pdf - Published Version
Restricted to Repository staff only

Download (8MB)

Abstract

In the contemporary technological world, fortifying cybersecurity defense against dynamic threat landscapes is imperative. Malware detectors play a critical role in this endeavor, utilizing various techniques such as statistical analysis, static and dynamic analysis, and machine learning (ML) to compare signatures and identify threats. Deep learning (DL) aids in accurately classifying complex malware features. The cross-domain research in data fusion strives to integrate information from multiple sources to augment reliability and minimize errors in detecting sophisticated cyber threats. This collaborative approach is the least addressed and pivotal for protecting against the advancing environment of modern malware attacks. This study presents a state-of-the-art malware analysis framework that employs a multimodal approach by integrating malware images and numeric features for effective malware classification. The experiments are performed sequentially, encompassing data preprocessing, feature selection using Neighbourhood Component Analysis (NCA), and dataset balancing with Synthetic Minority Over-sampling Technique (SMOTE). Subsequently, the late fusion technique is utilized for multimodal classification by employing Random Under Sampling and Boosting (RUSBoost) and the proposed ensemble deep neural network. The RUSBoost technique involves random undersampling and adaptive boosting to moderate bias toward majority classes while improving minority class (malware) detection. Multimodal Late fusion experimental results (95.36%) of RUSBoost (numeric) and the proposed model (imagery) outperform the standalone prevailing results for imagery (95.02%) and numeric (93.36%) data. The effectiveness of the proposed model is verified through the evaluation metrics such as Recall (86.5%), F1-score (85.0%), and Precision (79.9%). The multimodal late fusion of numeric and visual data makes the model more robust in detecting diverse malware variants. The experimental outcomes demonstrate that multimodal analysis may efficiently increase the identification strength and accuracy, especially when majority vote and bagging are employed for late fusion.

Item Type: Article
Uncontrolled Keywords: Malware detection, Multimodal analysis, Deep learning, Late fusion, Android malware, Artificial intelligence, Cyberattacks
Subjects: Q Science > QA Mathematics > QA71-90 Instruments and machines
Divisions: Others
Depositing User: Ms Suzilawati Abu Samah
Date Deposited: 30 Jun 2025 07:06
Last Modified: 30 Jun 2025 07:06
URII: http://shdl.mmu.edu.my/id/eprint/14176

Downloads

Downloads per month over past year

View ItemEdit (login required)