The exponential growth of malware variants, driven by black market incentives and evasion techniques like packing and polymorphism, necessitates advanced detection solutions. This paper presents three key contributions to address this challenge: (1) A static detection method employing an enhanced malware imaging scheme that converts binaries into RGB images, coupled with a DenseNet model, achieving 99.57% accuracy on the Malimg dataset; (2) A dynamic detection approach utilizing API execution sequence serialization, where word vectors are processed through an improved TextCNN architecture with dilated convolution and K-max pooling, attaining 92.06% accuracy on the Alibaba Cloud dataset; and (3) An integrated framework synergistically combining both static and dynamic methodologies. Experimental results demonstrate superior performance over existing methods, with the hybrid system showing particular efficacy in real-world malware recognition. The imaging-based method preserves structural features while mitigating information loss through optimized entropy-aware color mapping, whereas the serialization approach captures behavioral patterns via enhanced context modeling. This work provides a comprehensive multi-modal framework for malware analysis, advancing the field through deep learning innovations that address both evasion resilience and variant recognition challenges. The proposed techniques offer significant implications for next-generation cybersecurity systems.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Deep Neural Network-Based Framework for Enhanced Malware Variant Detection

  • Wei Dai,
  • Junping Zhou,
  • Fangbing Yue,
  • Guoai Xu

摘要

The exponential growth of malware variants, driven by black market incentives and evasion techniques like packing and polymorphism, necessitates advanced detection solutions. This paper presents three key contributions to address this challenge: (1) A static detection method employing an enhanced malware imaging scheme that converts binaries into RGB images, coupled with a DenseNet model, achieving 99.57% accuracy on the Malimg dataset; (2) A dynamic detection approach utilizing API execution sequence serialization, where word vectors are processed through an improved TextCNN architecture with dilated convolution and K-max pooling, attaining 92.06% accuracy on the Alibaba Cloud dataset; and (3) An integrated framework synergistically combining both static and dynamic methodologies. Experimental results demonstrate superior performance over existing methods, with the hybrid system showing particular efficacy in real-world malware recognition. The imaging-based method preserves structural features while mitigating information loss through optimized entropy-aware color mapping, whereas the serialization approach captures behavioral patterns via enhanced context modeling. This work provides a comprehensive multi-modal framework for malware analysis, advancing the field through deep learning innovations that address both evasion resilience and variant recognition challenges. The proposed techniques offer significant implications for next-generation cybersecurity systems.