IMCMK-CNN: A lightweight convolutional neural network with Multi-scale Kernels for Image-based Malware Classification
Rapid and accurate identification of unknown malware and its variants is the premise and basis for the effective prevention of malicious attacks. However, with the explosive growth of malware variants, the efficiency of manual updating of the sample database is getting worse and worse. It is difficu...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Elsevier
2025-01-01
|
| Series: | Alexandria Engineering Journal |
| Subjects: | |
| Online Access: | http://www.sciencedirect.com/science/article/pii/S1110016824012109 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841524927397625856 |
|---|---|
| author | Dandan Zhang Yafei Song Qian Xiang Yang Wang |
| author_facet | Dandan Zhang Yafei Song Qian Xiang Yang Wang |
| author_sort | Dandan Zhang |
| collection | DOAJ |
| description | Rapid and accurate identification of unknown malware and its variants is the premise and basis for the effective prevention of malicious attacks. However, with the explosive growth of malware variants, the efficiency of manual updating of the sample database is getting worse and worse. It is difficult for the traditional identification methods to effectively capture the sample feature information operated by the confusion method only based on the delayed database information. The research into the direction of malware detection is dedicated to surmounting the limitations of conventional detection methodologies, and delves deeply into the application of cutting-edge technologies such as data visualization, machine learning, and hybrid detection within the realm of malware detection. Through these investigations, our goal is to construct a detection system that is both more precise and efficient, capable of addressing the ever-evolving threats to cybersecurity. Pursuing research in this direction is not only vital for enhancing network security defenses and safeguarding user data, but it will also foster the advancement of related state-of-the-art technologies and further mitigate the economic and societal repercussions of malware attacks. In light of this issue, this paper proposes the Image-based Malware Classification with Multi-scale Kernels (IMCMK), a Convolutional Neural Network (CNN) architecture using multi-scale convolution kernels mixing action to improve malware variants detection capabilities. First, we propose the Multi-scale Kernels (MK) block combining deep large kernel convolution and standard small kernel convolution with shortcuts to improve the accuracy. Furthermore, we propose Multi-scale Kernel Fusion (MKF) to reduce the number of parameters that come with the large kernels. The improved Squeeze-and-Excitation (SE) block can obtain the correlation between different channels to further increase the model performance. Experimental results show that IMCMK outperforms the state-of-the-art methods in malware family classification accuracy, which has achieved 99.25 %. |
| format | Article |
| id | doaj-art-c261793fb4c94a479686bb7957e70d0b |
| institution | Kabale University |
| issn | 1110-0168 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | Elsevier |
| record_format | Article |
| series | Alexandria Engineering Journal |
| spelling | doaj-art-c261793fb4c94a479686bb7957e70d0b2025-01-18T05:03:38ZengElsevierAlexandria Engineering Journal1110-01682025-01-01111203220IMCMK-CNN: A lightweight convolutional neural network with Multi-scale Kernels for Image-based Malware ClassificationDandan Zhang0Yafei Song1Qian Xiang2Yang Wang3Institute of Air Defense and Anti-missile, Air Force Engineering University, Xi'an, Shaanxi 710051, ChinaCorresponding author.; Institute of Air Defense and Anti-missile, Air Force Engineering University, Xi'an, Shaanxi 710051, ChinaInstitute of Air Defense and Anti-missile, Air Force Engineering University, Xi'an, Shaanxi 710051, ChinaInstitute of Air Defense and Anti-missile, Air Force Engineering University, Xi'an, Shaanxi 710051, ChinaRapid and accurate identification of unknown malware and its variants is the premise and basis for the effective prevention of malicious attacks. However, with the explosive growth of malware variants, the efficiency of manual updating of the sample database is getting worse and worse. It is difficult for the traditional identification methods to effectively capture the sample feature information operated by the confusion method only based on the delayed database information. The research into the direction of malware detection is dedicated to surmounting the limitations of conventional detection methodologies, and delves deeply into the application of cutting-edge technologies such as data visualization, machine learning, and hybrid detection within the realm of malware detection. Through these investigations, our goal is to construct a detection system that is both more precise and efficient, capable of addressing the ever-evolving threats to cybersecurity. Pursuing research in this direction is not only vital for enhancing network security defenses and safeguarding user data, but it will also foster the advancement of related state-of-the-art technologies and further mitigate the economic and societal repercussions of malware attacks. In light of this issue, this paper proposes the Image-based Malware Classification with Multi-scale Kernels (IMCMK), a Convolutional Neural Network (CNN) architecture using multi-scale convolution kernels mixing action to improve malware variants detection capabilities. First, we propose the Multi-scale Kernels (MK) block combining deep large kernel convolution and standard small kernel convolution with shortcuts to improve the accuracy. Furthermore, we propose Multi-scale Kernel Fusion (MKF) to reduce the number of parameters that come with the large kernels. The improved Squeeze-and-Excitation (SE) block can obtain the correlation between different channels to further increase the model performance. Experimental results show that IMCMK outperforms the state-of-the-art methods in malware family classification accuracy, which has achieved 99.25 %.http://www.sciencedirect.com/science/article/pii/S1110016824012109Lightweight modelMalware detectionConvolutional neural networkMulti-scale KernelsMalware visualizationLarge kernel |
| spellingShingle | Dandan Zhang Yafei Song Qian Xiang Yang Wang IMCMK-CNN: A lightweight convolutional neural network with Multi-scale Kernels for Image-based Malware Classification Alexandria Engineering Journal Lightweight model Malware detection Convolutional neural network Multi-scale Kernels Malware visualization Large kernel |
| title | IMCMK-CNN: A lightweight convolutional neural network with Multi-scale Kernels for Image-based Malware Classification |
| title_full | IMCMK-CNN: A lightweight convolutional neural network with Multi-scale Kernels for Image-based Malware Classification |
| title_fullStr | IMCMK-CNN: A lightweight convolutional neural network with Multi-scale Kernels for Image-based Malware Classification |
| title_full_unstemmed | IMCMK-CNN: A lightweight convolutional neural network with Multi-scale Kernels for Image-based Malware Classification |
| title_short | IMCMK-CNN: A lightweight convolutional neural network with Multi-scale Kernels for Image-based Malware Classification |
| title_sort | imcmk cnn a lightweight convolutional neural network with multi scale kernels for image based malware classification |
| topic | Lightweight model Malware detection Convolutional neural network Multi-scale Kernels Malware visualization Large kernel |
| url | http://www.sciencedirect.com/science/article/pii/S1110016824012109 |
| work_keys_str_mv | AT dandanzhang imcmkcnnalightweightconvolutionalneuralnetworkwithmultiscalekernelsforimagebasedmalwareclassification AT yafeisong imcmkcnnalightweightconvolutionalneuralnetworkwithmultiscalekernelsforimagebasedmalwareclassification AT qianxiang imcmkcnnalightweightconvolutionalneuralnetworkwithmultiscalekernelsforimagebasedmalwareclassification AT yangwang imcmkcnnalightweightconvolutionalneuralnetworkwithmultiscalekernelsforimagebasedmalwareclassification |