Malware Detection Method Based on Multi-Dimensional Dynamic Weighted Alpha Image Fusion and Feature Enhancement

XIE Li-xia; WEI Chen-yang; YANG Hong-yu; HU Ze; CHENG Xiang

doi:10.12263/DZXB.20240746

您当前的位置：

首页 >

文章列表页 >

Malware Detection Method Based on Multi-Dimensional Dynamic Weighted Alpha Image Fusion and Feature Enhancement

PAPERS | 更新时间：2025-12-08

- Malware Detection Method Based on Multi-Dimensional Dynamic Weighted Alpha Image Fusion and Feature Enhancement
- ACTA ELECTRONICA SINICA Vol. 53, Issue 3, Pages: 849-863(2025)
- 作者机构：
  
  1.中国民航大学计算机科学与技术学院，天津 300300
  2.中国民航大学安全科学与工程学院，天津 300300
  3.扬州大学信息工程学院，江苏扬州 225127
  4.中国民航大学民航飞联网重点实验室，天津 300300
- 作者简介：
- 基金信息：
  
  National Natural Science Foundation of China(62201576;U1833107);Basic Research Program Natural Science Foundation of Jiangsu Province(BK20230558)
- DOI：10.12263/DZXB.20240746
  CLC： TP309.5;
- Received：13 August 2024，
  
  Revised：2025-01-20，
  
  Published：25 March 2025
- 稿件说明：
移动端阅览
谢丽霞, 魏晨阳, 杨宏宇, 等. 基于多维度动态加权alpha图像融合与特征增强的恶意软件检测方法[J]. 电子学报, 2025, 53(03): 849-863.

XIE Li-xia, WEI Chen-yang, YANG Hong-yu, et al. Malware Detection Method Based on Multi-Dimensional Dynamic Weighted Alpha Image Fusion and Feature Enhancement[J]. Acta Electronica Sinica, 2025, 53(03): 849-863.
谢丽霞, 魏晨阳, 杨宏宇, 等. 基于多维度动态加权alpha图像融合与特征增强的恶意软件检测方法[J]. 电子学报, 2025, 53(03): 849-863. DOI：10.12263/DZXB.20240746

XIE Li-xia, WEI Chen-yang, YANG Hong-yu, et al. Malware Detection Method Based on Multi-Dimensional Dynamic Weighted Alpha Image Fusion and Feature Enhancement[J]. Acta Electronica Sinica, 2025, 53(03): 849-863. DOI：10.12263/DZXB.20240746

摘要

针对现有恶意软件检测方法缺乏对样本特征的有效提取、过度依赖领域专家知识和运行行为监控，导致严重影响检测分类性能的问题，提出一种基于多维度动态加权alpha图像融合与特征增强的恶意软件检测方法.通过无效样本清洗与异常值处理获得标准化样本集，利用三通道图像生成与多维度动态加权alpha图像融合方法生成高质量融合图像样本.采用傀儡优化算法进行数据重构，减少因数据类不平衡对检测结果造成的影响，并对重构数据样本进行图像增强.通过基于双分支特征提取与融合通道信息表示的空间注意力增强网络，分别提取图像特征和文本特征并进行特征增强，提高特征表达能力.通过加权融合的方法将增强的图像特征与文本特征进行融合，实现恶意软件家族的检测分类.实验结果表明，本文所提方法在BIG2015数据集上的恶意软件检测分类准确率为99.72%，与现有检测方法相比提升幅度为0.22~2.50个百分点.

Abstract

Existing malware detection methods suffer from inadequate extraction of sample features

excessive reliance on domain expert knowledge

and operational behavior monitoring

significantly impacting detection and classification performance. To address these issues

we propose a malware detection method based on multidimensional dynamic weighted alpha image fusion and feature enhancement. Standardized sample sets are obtained through invalid sample cleaning and outlier processing. High-quality fused image samples are then generated using a three-channel image generation and multidimensional dynamic weighted alpha image fusion method. The puppet optimization algorithm is employed for data reconstruction to mitigate the impact of data class imbalance on detection results

and image enhancement is performed on the reconstructed data samples. A spatial attention enhancement network based on dual-branch feature extraction and fusion channel information representation is used to extract and enhance image and text features

thereby improving feature representation capabilities. The enhanced image and text features are fused using a weighted fusion method to achieve malware family detection and classification. Experimental results show that the proposed method achieves a malware detection classification accuracy of 99.72% on the BIG2015 dataset

representing an improvement of 0.22~2.50 percentage points over existing detection methods.

关键词

Keywords

references

SHU L H , DONG S , SU H D , et al . Android malware detection methods based on convolutional neural network: A survey [J ] . IEEE Transactions on Emerging Topics in Computational Intelligence , 2023 , 7 ( 5 ): 1330 - 1350 .

NAEEM H , DONG S , FALANA O J , et al . Development of a deep stacked ensemble with process based volatile memory forensics for platform independent malware detection and classification [J ] . Expert Systems with Applications , 2023 , 223 : 119952 .

CHAI Y H , QIU J , YIN L H , et al . From data and model levels: Improve the performance of few-shot malware classification [J ] . IEEE Transactions on Network and Service Management , 2022 , 19 ( 4 ): 4248 - 4261 .

NATARAJ L , KARTHIKEYAN S , JACOB G , et al . Malware images: Visualization and automatic classification [C ] // Proceedings of the 8th International Symposium on Visualization for Cyber Security . New York : ACM , 2011 : 1 - 7 .

CUI Z H , XUE F , CAI X J , et al . Detection of malicious code variants based on deep learning [J ] . IEEE Transactions on Industrial Informatics , 2018 , 14 ( 7 ): 3187 - 3196 .

DONG S , SHU L H , NIE S . Android malware detection method based on CNN and DNN bybrid mechanism [J ] . IEEE Transactions on Industrial Informatics , 2024 , 20 ( 5 ): 7744 - 7753 .

DENG H X , GUO C , SHEN G W , et al . MCTVD: A malware classification method based on three-channel visualization and deep learning [J ] . Computers & Security , 2023 , 1126 : 103084 .

NI S , QIAN Q , ZHANG R . Malware identification using visualization images and deep learning [J ] . Computers & Security , 2018 , 77 ( 8 ): 871 - 885 .

VASAN D , ALAZAB M , WASSAN S , et al . Image-Based malware classification using ensemble of CNN architectures (IMCEC) [J ] . Computers & Security , 2020 , 92 : 101748 .

NAEEM H , CHENG X C , ULLAH F , et al . A deep convolutional neural network stacked ensemble for malware threat classification in Internet of Things [J ] . Journal of Circuits, Systems and Computers , 2022 , 31 ( 17 ): 2250302 .

ZOU B H , CAO C J , WANG L J , et al . FACILE: A capsule network with fewer capsules and richer hierarchical information for malware image classification [J ] . Computers & Security , 2024 , 137 : 103606 .

TANG Y H , QI X Y , JING J , et al . BHMDC: A byte and hex n-gram based malware detection and classification method [J ] . Computers & Security , 2023 , 128 : 103118 .

WANG H , GAO Z Y , ZHANG C , et al . CLAP: Learning transferable binary code representations with natural language supervision [C ] // Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis . New York : ACM , 2024 : 503 - 515 .

WANG Y D , ZHANG J , KAN M N , et al . Self-supervised equivariant attention mechanism for weakly supervised semantic segmentation [C ] // 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) . Piscataway : IEEE , 2020 : 12272 - 12281 .

WOO S , PARK J , LEE J Y , et al . CBAM: Convolutional Block Attention Module [M ] // Computer Vision-ECCV 2018 . Cham : Springer International Publishing , 2018 : 3 - 19 .

CONTI M , KHANDHAR S , VINOD P . A few-shot malware classification approach for unknown family recognition using malware feature visualization [J ] . Computers & Security , 2022 , 122 : 102887 .

KUMAR S , JANET B . DTMIC: Deep transfer learning for malware image classification [J ] . Journal of Information Security and Applications , 2022 , 64 : 103063 .

XUAN B N , LI J , SONG Y F . BiTCN-TAEfficientNet malware classification approach based on sequence and RGB fusion [J ] . Computers & Security , 2024 , 139 : 1 - 17 .

SHEN G N , CHEN Z X , WANG H , et al . Feature fusion-based malicious code detection with dual attention mechanism and BiLSTM [J ] . Computers & Security , 2022 , 119 : 102761 .

JEON J , JEONG B , BAEK S , et al . Static multi feature-based malware detection using multi SPP-net in smart IoT environments [J ] . IEEE Transactions on Information Forensics and Security , 2024 , 19 ( 1 ): 2487 - 2500 .

SUN G S , QIAN Q . Deep learning and visualization for identifying malware families [J ] . IEEE Transactions on Dependable and Secure Computing , 2021 , 18 ( 1 ): 283 - 295 .

轩勃娜 , 李进 . 基于改进CNN的恶意软件分类方法 [J ] . 电子学报 , 2023 , 51 ( 5 ): 1187 - 1197 .

XUAN B N , LI J . Malware classification method based on improved CNN [J ] . Acta Electronica Sinica , 2023 , 51 ( 5 ): 1187 - 1197 . (in Chinese)

杨望 , 高明哲 , 蒋婷 . 一种基于多特征集成学习的恶意代码静态检测框架 [J ] . 计算机研究与发展 , 2021 , 58 ( 5 ): 1021 - 1034 .

YANG W , GAO M Z , JIANG T . A malicious code static detection framework based on multi-feature ensemble learning [J ] . Journal of Computer Research and Development , 2021 , 58 ( 5 ): 1021 - 1034 . (in Chinese)

XUAN B N , LI J , SONG Y F . SFCWGAN-BiTCN with sequential features for malware detection [J ] . Applied Sciences , 2023 , 13 ( 4 ): 1 - 21 .

LI S C , WANG J , SONG Y F , et al . RETRACTED:TriCh-LKRepNet:A large kernel convolutional malicious code classification network for structure reparameterisation and triple-channel mapping [J ] . Computers& Security , 2024 , 144 : 103937 .

LI S C , WANG J , SONG Y F , et al . Tri-channel visualised malicious code classification based on improved ResNet [J ] . Applied Intelligence , 2024 , 54 ( 23 ): 12453 - 12475 .

Views

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

Low-Light Small Target Detection Method Combining Feature Fusion Enhancement and Detail Features

Object Detection Based on EIMYOLO for High-Resolution Remote Sensing Images

Low Illumination Image Object Detection Method Based on ICFIE-YOLO

A Scene-Adaptive Dual-Branch Efficient Cattle Facial Recognition Algorithm

Related Author

XIE Li-xia

WEI Chen-yang

YANG Hong-yu

HU Ze

CHENG Xiang

JIANG Ze-tao

CHENG Liu-ming

YANG Jian-chen

Related Institution

Guangxi Key Laboratory of Image and Graphics Processing and Intelligent Processing, Guilin University of Electronic Technology

School of Information and Technology, Shanxi University

School of Computer Science and Technology, Soochow University

School of Electronics and Information Engineering, Suzhou University of Science and Technology

⁰