Multimodal malware classification using proposed ensemble deep neural network framework
Abstract In the contemporary technological world, fortifying cybersecurity defense against dynamic threat landscapes is imperative. Malware detectors play a critical role in this endeavor, utilizing various techniques such as statistical analysis, static and dynamic analysis, and machine learning (M...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Nature Portfolio
2025-05-01
|
| Series: | Scientific Reports |
| Subjects: | |
| Online Access: | https://doi.org/10.1038/s41598-025-96203-3 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850269219283795968 |
|---|---|
| author | Sadia Nazim Muhammad Mansoor Alam Safdar Rizvi Jawahir Che Mustapha Syed Shujaa Hussain Mazliham Mohd Su’ud |
| author_facet | Sadia Nazim Muhammad Mansoor Alam Safdar Rizvi Jawahir Che Mustapha Syed Shujaa Hussain Mazliham Mohd Su’ud |
| author_sort | Sadia Nazim |
| collection | DOAJ |
| description | Abstract In the contemporary technological world, fortifying cybersecurity defense against dynamic threat landscapes is imperative. Malware detectors play a critical role in this endeavor, utilizing various techniques such as statistical analysis, static and dynamic analysis, and machine learning (ML) to compare signatures and identify threats. Deep learning (DL) aids in accurately classifying complex malware features. The cross-domain research in data fusion strives to integrate information from multiple sources to augment reliability and minimize errors in detecting sophisticated cyber threats. This collaborative approach is the least addressed and pivotal for protecting against the advancing environment of modern malware attacks. This study presents a state-of-the-art malware analysis framework that employs a multimodal approach by integrating malware images and numeric features for effective malware classification. The experiments are performed sequentially, encompassing data preprocessing, feature selection using Neighbourhood Component Analysis (NCA), and dataset balancing with Synthetic Minority Over-sampling Technique (SMOTE). Subsequently, the late fusion technique is utilized for multimodal classification by employing Random Under Sampling and Boosting (RUSBoost) and the proposed ensemble deep neural network. The RUSBoost technique involves random undersampling and adaptive boosting to moderate bias toward majority classes while improving minority class (malware) detection. Multimodal Late fusion experimental results (95.36%) of RUSBoost (numeric) and the proposed model (imagery) outperform the standalone prevailing results for imagery (95.02%) and numeric (93.36%) data. The effectiveness of the proposed model is verified through the evaluation metrics such as Recall (86.5%), F1-score (85.0%), and Precision (79.9%). The multimodal late fusion of numeric and visual data makes the model more robust in detecting diverse malware variants. The experimental outcomes demonstrate that multimodal analysis may efficiently increase the identification strength and accuracy, especially when majority vote and bagging are employed for late fusion. |
| format | Article |
| id | doaj-art-a68005f847ff4ba5b5c85687e221a280 |
| institution | OA Journals |
| issn | 2045-2322 |
| language | English |
| publishDate | 2025-05-01 |
| publisher | Nature Portfolio |
| record_format | Article |
| series | Scientific Reports |
| spelling | doaj-art-a68005f847ff4ba5b5c85687e221a2802025-08-20T01:53:12ZengNature PortfolioScientific Reports2045-23222025-05-0115112410.1038/s41598-025-96203-3Multimodal malware classification using proposed ensemble deep neural network frameworkSadia Nazim0Muhammad Mansoor Alam1Safdar Rizvi2Jawahir Che Mustapha3Syed Shujaa Hussain4Mazliham Mohd Su’ud5Malaysian Institute of Information Technology, Universiti Kuala LumpurFaculty of Computing, Riphah International UniversityDepartment of Computer Science, Bahria University Karachi CampusMalaysian Institute of Information Technology, Universiti Kuala LumpurDepartment of Computer Science, Sir Syed CASE Institute of TechnologyMultimedia UniversityAbstract In the contemporary technological world, fortifying cybersecurity defense against dynamic threat landscapes is imperative. Malware detectors play a critical role in this endeavor, utilizing various techniques such as statistical analysis, static and dynamic analysis, and machine learning (ML) to compare signatures and identify threats. Deep learning (DL) aids in accurately classifying complex malware features. The cross-domain research in data fusion strives to integrate information from multiple sources to augment reliability and minimize errors in detecting sophisticated cyber threats. This collaborative approach is the least addressed and pivotal for protecting against the advancing environment of modern malware attacks. This study presents a state-of-the-art malware analysis framework that employs a multimodal approach by integrating malware images and numeric features for effective malware classification. The experiments are performed sequentially, encompassing data preprocessing, feature selection using Neighbourhood Component Analysis (NCA), and dataset balancing with Synthetic Minority Over-sampling Technique (SMOTE). Subsequently, the late fusion technique is utilized for multimodal classification by employing Random Under Sampling and Boosting (RUSBoost) and the proposed ensemble deep neural network. The RUSBoost technique involves random undersampling and adaptive boosting to moderate bias toward majority classes while improving minority class (malware) detection. Multimodal Late fusion experimental results (95.36%) of RUSBoost (numeric) and the proposed model (imagery) outperform the standalone prevailing results for imagery (95.02%) and numeric (93.36%) data. The effectiveness of the proposed model is verified through the evaluation metrics such as Recall (86.5%), F1-score (85.0%), and Precision (79.9%). The multimodal late fusion of numeric and visual data makes the model more robust in detecting diverse malware variants. The experimental outcomes demonstrate that multimodal analysis may efficiently increase the identification strength and accuracy, especially when majority vote and bagging are employed for late fusion.https://doi.org/10.1038/s41598-025-96203-3Malware detectionMultimodal analysisDeep learningLate fusionAndroid malwareArtificial intelligence |
| spellingShingle | Sadia Nazim Muhammad Mansoor Alam Safdar Rizvi Jawahir Che Mustapha Syed Shujaa Hussain Mazliham Mohd Su’ud Multimodal malware classification using proposed ensemble deep neural network framework Scientific Reports Malware detection Multimodal analysis Deep learning Late fusion Android malware Artificial intelligence |
| title | Multimodal malware classification using proposed ensemble deep neural network framework |
| title_full | Multimodal malware classification using proposed ensemble deep neural network framework |
| title_fullStr | Multimodal malware classification using proposed ensemble deep neural network framework |
| title_full_unstemmed | Multimodal malware classification using proposed ensemble deep neural network framework |
| title_short | Multimodal malware classification using proposed ensemble deep neural network framework |
| title_sort | multimodal malware classification using proposed ensemble deep neural network framework |
| topic | Malware detection Multimodal analysis Deep learning Late fusion Android malware Artificial intelligence |
| url | https://doi.org/10.1038/s41598-025-96203-3 |
| work_keys_str_mv | AT sadianazim multimodalmalwareclassificationusingproposedensembledeepneuralnetworkframework AT muhammadmansooralam multimodalmalwareclassificationusingproposedensembledeepneuralnetworkframework AT safdarrizvi multimodalmalwareclassificationusingproposedensembledeepneuralnetworkframework AT jawahirchemustapha multimodalmalwareclassificationusingproposedensembledeepneuralnetworkframework AT syedshujaahussain multimodalmalwareclassificationusingproposedensembledeepneuralnetworkframework AT mazlihammohdsuud multimodalmalwareclassificationusingproposedensembledeepneuralnetworkframework |