Multi-feature fusion malware detection method based on attention and gating mechanisms
With the rapid development of network technology, the number and variety of malware have been increasing, posing a significant challenge in the field of network security.However, existing single-feature malware detection methods have proven inadequate in representing sample information effectively.M...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
POSTS&TELECOM PRESS Co., LTD
2024-02-01
|
| Series: | 网络与信息安全学报 |
| Subjects: | |
| Online Access: | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2024002 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841530294201483264 |
|---|---|
| author | Zhongyuan CHEN Jianbiao ZHANG |
| author_facet | Zhongyuan CHEN Jianbiao ZHANG |
| author_sort | Zhongyuan CHEN |
| collection | DOAJ |
| description | With the rapid development of network technology, the number and variety of malware have been increasing, posing a significant challenge in the field of network security.However, existing single-feature malware detection methods have proven inadequate in representing sample information effectively.Moreover, multi-feature detection approaches also face limitations in feature fusion, resulting in an inability to learn and comprehend the complex relationships within and between features.These limitations ultimately lead to subpar detection results.To address these issues, a malware detection method called MFAGM was proposed, which focused on multimodal feature fusion.By processing the .asm and .bytes files of the dataset, three key features belonging to two types (opcode statistics sequences, API sequences, and grey-scale image features) were successfully extracted.This comprehensive characterization of sample information from multiple perspectives aimed to improve detection accuracy.In order to enhance the fusion of these multimodal features, a feature fusion module called SA-JGmu was designed.This module utilized the self-attention mechanism to capture internal dependencies between features.It also leveraged the gating mechanism to enhance interactivity among different features.Additionally, weight-jumping links were introduced to further optimize the representational capabilities of the model.Experimental results on the Microsoft malware classification challenge dataset demonstrate that MFAGM achieves higher accuracy and F1 scores compared to other methods in the task of malware detection. |
| format | Article |
| id | doaj-art-6eaa07992e1b4d518f028a08be26f8ba |
| institution | Kabale University |
| issn | 2096-109X |
| language | English |
| publishDate | 2024-02-01 |
| publisher | POSTS&TELECOM PRESS Co., LTD |
| record_format | Article |
| series | 网络与信息安全学报 |
| spelling | doaj-art-6eaa07992e1b4d518f028a08be26f8ba2025-01-15T03:05:17ZengPOSTS&TELECOM PRESS Co., LTD网络与信息安全学报2096-109X2024-02-011012313559581797Multi-feature fusion malware detection method based on attention and gating mechanismsZhongyuan CHENJianbiao ZHANGWith the rapid development of network technology, the number and variety of malware have been increasing, posing a significant challenge in the field of network security.However, existing single-feature malware detection methods have proven inadequate in representing sample information effectively.Moreover, multi-feature detection approaches also face limitations in feature fusion, resulting in an inability to learn and comprehend the complex relationships within and between features.These limitations ultimately lead to subpar detection results.To address these issues, a malware detection method called MFAGM was proposed, which focused on multimodal feature fusion.By processing the .asm and .bytes files of the dataset, three key features belonging to two types (opcode statistics sequences, API sequences, and grey-scale image features) were successfully extracted.This comprehensive characterization of sample information from multiple perspectives aimed to improve detection accuracy.In order to enhance the fusion of these multimodal features, a feature fusion module called SA-JGmu was designed.This module utilized the self-attention mechanism to capture internal dependencies between features.It also leveraged the gating mechanism to enhance interactivity among different features.Additionally, weight-jumping links were introduced to further optimize the representational capabilities of the model.Experimental results on the Microsoft malware classification challenge dataset demonstrate that MFAGM achieves higher accuracy and F1 scores compared to other methods in the task of malware detection.http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2024002malware detectiondeep learningfeature fusionmultimodal learningstatic analysis |
| spellingShingle | Zhongyuan CHEN Jianbiao ZHANG Multi-feature fusion malware detection method based on attention and gating mechanisms 网络与信息安全学报 malware detection deep learning feature fusion multimodal learning static analysis |
| title | Multi-feature fusion malware detection method based on attention and gating mechanisms |
| title_full | Multi-feature fusion malware detection method based on attention and gating mechanisms |
| title_fullStr | Multi-feature fusion malware detection method based on attention and gating mechanisms |
| title_full_unstemmed | Multi-feature fusion malware detection method based on attention and gating mechanisms |
| title_short | Multi-feature fusion malware detection method based on attention and gating mechanisms |
| title_sort | multi feature fusion malware detection method based on attention and gating mechanisms |
| topic | malware detection deep learning feature fusion multimodal learning static analysis |
| url | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2024002 |
| work_keys_str_mv | AT zhongyuanchen multifeaturefusionmalwaredetectionmethodbasedonattentionandgatingmechanisms AT jianbiaozhang multifeaturefusionmalwaredetectionmethodbasedonattentionandgatingmechanisms |