DEFENDIFY: defense amplified with transfer learning for obfuscated malware framework
Abstract The existence of malicious software (malware) represents a potential threat to users who connect to a large set of services provided by multiple providers. Such malware is capable of stealing, spying on, encrypting data from users, and spreading, provoking impacts that are beyond a single c...
Saved in:
| Main Authors: | , , , , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
SpringerOpen
2025-04-01
|
| Series: | Cybersecurity |
| Subjects: | |
| Online Access: | https://doi.org/10.1186/s42400-025-00396-z |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849314714687897600 |
|---|---|
| author | Rodrigo Castillo Camargo Juan Murcia Nieto Nicolás Rojas Daniel Díaz-López Santiago Alférez Angel Luis Perales Gómez Pantaleone Nespoli Félix Gómez Mármol Umit Karabiyik |
| author_facet | Rodrigo Castillo Camargo Juan Murcia Nieto Nicolás Rojas Daniel Díaz-López Santiago Alférez Angel Luis Perales Gómez Pantaleone Nespoli Félix Gómez Mármol Umit Karabiyik |
| author_sort | Rodrigo Castillo Camargo |
| collection | DOAJ |
| description | Abstract The existence of malicious software (malware) represents a potential threat to users who connect to a large set of services provided by multiple providers. Such malware is capable of stealing, spying on, encrypting data from users, and spreading, provoking impacts that are beyond a single citizen’s device and reaching critical information systems. To detect malware families, Machine Learning and Deep Learning techniques have been employed recently, demonstrating promising results. However, these techniques lack in detecting more advanced malware that employs obfuscation techniques. In this paper, we present DEFENDIFY, a novel framework, empowered by Computer Vision, Deep Learning, and Transfer Learning techniques, that is able to detect completely obfuscated malware with high performance in terms of accuracy and computational consumption. DEFENDIFY comprises three modules: Dataset Creation, Binary Obfuscation, and Model Generation. These modules work together to detect both obfuscated and non-obfuscated malware. The core module, i.e., the Model Generation, employs an entropy tester that determines whether a sample is obfuscated or not. Then, a Deep Learning model powered by Transfer Learning is employed to determine if it is malware or goodware. We validated our framework using real data gathered from malware repositories and legitimate software. The proposed framework was configured to test four Convolutional Neural Network architectures: ResNet18, ResNet34, EfficientNetB3, and EfficientNetV2S. Among them, the ResNet18 architecture obtained the best performance in detecting both non-obfuscated and obfuscated samples with an F1-score of 99.34% and 97.5%, respectively. |
| format | Article |
| id | doaj-art-80bce7a16a5d4a52b777b7eaf2a33c2a |
| institution | Kabale University |
| issn | 2523-3246 |
| language | English |
| publishDate | 2025-04-01 |
| publisher | SpringerOpen |
| record_format | Article |
| series | Cybersecurity |
| spelling | doaj-art-80bce7a16a5d4a52b777b7eaf2a33c2a2025-08-20T03:52:23ZengSpringerOpenCybersecurity2523-32462025-04-018112310.1186/s42400-025-00396-zDEFENDIFY: defense amplified with transfer learning for obfuscated malware frameworkRodrigo Castillo Camargo0Juan Murcia Nieto1Nicolás Rojas2Daniel Díaz-López3Santiago Alférez4Angel Luis Perales Gómez5Pantaleone Nespoli6Félix Gómez Mármol7Umit Karabiyik8School of Engineering, Science and Technology, Universidad del RosarioSchool of Engineering, Science and Technology, Universidad del RosarioSchool of Engineering, Pontifical Xavierian UniversitySchool of Engineering, Science and Technology, Universidad del RosarioDepartment of Mathematics, Barcelona East Engineering School, Polytechnic University of CataloniaFaculty of Computer Science, University of MurciaFaculty of Computer Science, University of MurciaFaculty of Computer Science, University of MurciaDepartment of Computer and Information Technology, Purdue UniversityAbstract The existence of malicious software (malware) represents a potential threat to users who connect to a large set of services provided by multiple providers. Such malware is capable of stealing, spying on, encrypting data from users, and spreading, provoking impacts that are beyond a single citizen’s device and reaching critical information systems. To detect malware families, Machine Learning and Deep Learning techniques have been employed recently, demonstrating promising results. However, these techniques lack in detecting more advanced malware that employs obfuscation techniques. In this paper, we present DEFENDIFY, a novel framework, empowered by Computer Vision, Deep Learning, and Transfer Learning techniques, that is able to detect completely obfuscated malware with high performance in terms of accuracy and computational consumption. DEFENDIFY comprises three modules: Dataset Creation, Binary Obfuscation, and Model Generation. These modules work together to detect both obfuscated and non-obfuscated malware. The core module, i.e., the Model Generation, employs an entropy tester that determines whether a sample is obfuscated or not. Then, a Deep Learning model powered by Transfer Learning is employed to determine if it is malware or goodware. We validated our framework using real data gathered from malware repositories and legitimate software. The proposed framework was configured to test four Convolutional Neural Network architectures: ResNet18, ResNet34, EfficientNetB3, and EfficientNetV2S. Among them, the ResNet18 architecture obtained the best performance in detecting both non-obfuscated and obfuscated samples with an F1-score of 99.34% and 97.5%, respectively.https://doi.org/10.1186/s42400-025-00396-zMalware detectionMalware obfuscationComputer visionTransfer learningDeep learningNetworking system of artificial intelligence |
| spellingShingle | Rodrigo Castillo Camargo Juan Murcia Nieto Nicolás Rojas Daniel Díaz-López Santiago Alférez Angel Luis Perales Gómez Pantaleone Nespoli Félix Gómez Mármol Umit Karabiyik DEFENDIFY: defense amplified with transfer learning for obfuscated malware framework Cybersecurity Malware detection Malware obfuscation Computer vision Transfer learning Deep learning Networking system of artificial intelligence |
| title | DEFENDIFY: defense amplified with transfer learning for obfuscated malware framework |
| title_full | DEFENDIFY: defense amplified with transfer learning for obfuscated malware framework |
| title_fullStr | DEFENDIFY: defense amplified with transfer learning for obfuscated malware framework |
| title_full_unstemmed | DEFENDIFY: defense amplified with transfer learning for obfuscated malware framework |
| title_short | DEFENDIFY: defense amplified with transfer learning for obfuscated malware framework |
| title_sort | defendify defense amplified with transfer learning for obfuscated malware framework |
| topic | Malware detection Malware obfuscation Computer vision Transfer learning Deep learning Networking system of artificial intelligence |
| url | https://doi.org/10.1186/s42400-025-00396-z |
| work_keys_str_mv | AT rodrigocastillocamargo defendifydefenseamplifiedwithtransferlearningforobfuscatedmalwareframework AT juanmurcianieto defendifydefenseamplifiedwithtransferlearningforobfuscatedmalwareframework AT nicolasrojas defendifydefenseamplifiedwithtransferlearningforobfuscatedmalwareframework AT danieldiazlopez defendifydefenseamplifiedwithtransferlearningforobfuscatedmalwareframework AT santiagoalferez defendifydefenseamplifiedwithtransferlearningforobfuscatedmalwareframework AT angelluisperalesgomez defendifydefenseamplifiedwithtransferlearningforobfuscatedmalwareframework AT pantaleonenespoli defendifydefenseamplifiedwithtransferlearningforobfuscatedmalwareframework AT felixgomezmarmol defendifydefenseamplifiedwithtransferlearningforobfuscatedmalwareframework AT umitkarabiyik defendifydefenseamplifiedwithtransferlearningforobfuscatedmalwareframework |