Using DTL-MD with GANs and ResNet for Malicious Code Detection

Abstract

This study proposes a malicious code detection model DTL-MD based on deep transfer learning, which aims to improve the detection accuracy of existing methods in complex malicious code and data scarcity. In the feature extraction process, the weighted sum method of GIST and LBP features is used to combine the advantages of the two features. Online transfer learning is used to reduce the data distribution difference between the target domain and the source domain. The model uses ResNet50V2 as the backbone network and combines SimAM to enhance the feature extraction and representation capabilities. In addition, in order to further improve the robustness of detection, GAN is used to generate malicious code variants and expand the training data set. In the experiment, the public CICIDS 2017 data set is used for model training and testing. The performance test results show that when the threshold is 0.7, the accuracy of DTL-MD is 95.8% and the F1 score is 0.93. In a performance test involving 30,000 samples, the throughput of the DTL-MD model under Trojans, viruses, worms, and adware is 11, 12, 11, and 12 tasks/s, respectively, and the inference time is 211, 225, 239, and 234 samples/s, respectively. Compared with GAN, DTL-MD increases the throughput by about 10% and the inference speed by about 15%. The research aims to provide new ideas for improving the intelligence and automation level of malicious code detection technology, which has certain application value and practical significance.

References

References

Wang R, Gao J, Huang S. AIHGAT: A novel method of malware detection and homology analysis using assembly instruction heterogeneous graph. International Journal of Information Security, 2023, 22(5): 1423-1443.

Li F, Ren J. Suppression of MC Propagation in software-defined networking. Wireless Personal Communications, 2024, 135(1): 493-516.

Liu T, Neware R, Bhatt M W, Shabaz M. A study on detection and defence of MC under network security over biomedical devices. The Journal of Engineering, 2022, 2022(11): 1041-1049.

Dam K H T, Touili T. Extracting malicious behaviours. International Journal of Information and Computer Security, 2022, 17(3): 365-404.

Groumpos P P. A critical historic overview of artificial intelligence: issues, challenges, opportunities, and threats. Artificial Intelligence and Applications. 2023, 1(4): 197-213.

Kim H W. A study on countermeasures by detecting trojan-type downloader/dropper MC. International Journal of Advanced Culture Technology, 2021, 9(4): 288-294.

Kim J, Lee S. Malicious behavior detection method using API sequence in binary execution path. Tehni Čki Vjesnik, 2021, 28(3): 810-818.

Wang Z, Wang W, Yang Y, Han Z, Xu D, Su C. CNN‐and GAN‐based classification of MC families: a code visualization approach. International Journal of Intelligent Systems, 2022, 37(12): 12472-12489.

Lan Z, Zhang B, Wen J, Cui Z, Gao X Z. A multi-objective sequential three-way decision approach for real-time malware detection. Applied Intelligence, 2023, 53(23): 28865-28878.

Li H, Jin Y, Chai T. Evolutionary multi-objective Bayesian optimization based on multisource online transfer learning. IEEE Transactions on Emerging Topics in Computational Intelligence, 2023, 8(1): 488-502.

Noori Saray S, Tahmoresnezhad J. Iterative joint classifier and domain adaptation for visual transfer learning. International Journal of Machine Learning and Cybernetics, 2022, 13(4): 947-961.

Dar Y, Baraniuk R G. Double double descent: on generalization errors in transfer learning between linear regression tasks. SIAM Journal on Mathematics of Data Science, 2022, 4(4): 1447-1472.

Qin P, Zhao L. An online transfer learning framework for cell SOC online estimation of battery pack in complex application conditions. IEEE Transactions on Transportation Electrification, 2023, 10(3): 5974-5986.

Lu H, Jin C, Helu X, Du X, Guizani M, Tian Z. DeepAutoD: Research on distributed machine learning oriented scalable mobile communication security unpacking system. IEEE Transactions on Network Science and Engineering, 2021, 9(4): 2052-2065.

Khan S, Nauman M. Interpretable detection of malicious behavior in windows portable Executables using Multi-Head 2D transformers. Big Data Mining and Analytics, 2024, 7(2): 485-499.

Gurjar A, Voditel P. Transfer learning: a paradigm for machine assisted knowledge transfer. ECS Transactions, 2022, 107(1): 7179-7188.

Dai S, Meng F. Addressing modern and practical challenges in machine learning: A survey of online federated and transfer learning. Applied Intelligence, 2023, 53(9): 11045-11072.

Zhu Z, Lin K, Jain A K, Zhou J. Transfer learning in deep reinforcement learning: A survey. IEEE Transactions on Pattern Analysis and Machine Intelligence, 2023, 45(11): 13344-13362.

Solís M, Calvo-Valverde L A. Performance of deep Learning models with transfer learning for multiple-step-ahead forecasts in monthly time series. Inteligencia Artificial-Iberoamerical Journal of Artificial Intelligence, 2022, 25(70): 110-125.

Minoofam S A H, Bastanfard A, Keyvanpour M R. TRCLA: a transfer learning approach to reduce negative transfer for cellular learning automata. IEEE transactions on neural networks and learning systems, 2021, 34(5): 2480-2489.

Authors

  • Yiming Li
  • Tao Xie
  • Dongdong Mei

DOI:

https://doi.org/10.31449/inf.v49i14.7937

Downloads

Published

03/04/2025

How to Cite

Li, Y., Xie, T., & Mei, D. (2025). Using DTL-MD with GANs and ResNet for Malicious Code Detection. Informatica, 49(14). https://doi.org/10.31449/inf.v49i14.7937

Issue

Vol. 49 No. 14 (2025): Online-only issue

Section

Online-only

License

I assign to Informatica, An International Journal of Computing and Informatics ("Journal") the copyright in the manuscript identified above and any additional material (figures, tables, illustrations, software or other information intended for publication) submitted as part of or as a supplement to the manuscript ("Paper") in all forms and media throughout the world, in all languages, for the full term of copyright, effective when and if the article is accepted for publication. This transfer includes the right to reproduce and/or to distribute the Paper to other journals or digital libraries in electronic and online forms and systems.

I understand that I retain the rights to use the pre-prints, off-prints, accepted manuscript and published journal Paper for personal use, scholarly purposes and internal institutional use.

In certain cases, I can ask for retaining the publishing rights of the Paper. The Journal can permit or deny the request for publishing rights, to which I fully agree.

I declare that the submitted Paper is original, has been written by the stated authors and has not been published elsewhere nor is currently being considered for publication by any other journal and will not be submitted for such review while under review by this Journal.  The Paper contains no material that violates proprietary rights of any other person or entity. I have obtained written permission from copyright owners for any excerpts from copyrighted works that are included and have credited the sources in my article. I have informed the co-author(s) of the terms of this publishing agreement.


Copyright ©  Slovenian Society Informatika