PAFE: A lightweight visualization-based fast malware classification method

Abstract

With the development of automated malware toolkits, cybersecurity faces evolving threats. Although visualization-based malware analysis has proven to be an effective method, existing approaches struggle with challenging malware samples due to alterations in the texture features of binary images during the visualization preprocessing stage, resulting in poor performance. Furthermore, to enhance classification accuracy, existing methods sacrifice prediction time by designing deeper neural network architectures. This paper proposes PAFE, a lightweight and visualization-based rapid malware classification method. It addresses the issue of texture feature variations in preprocessing through pixel-filling techniques and applies data augmentation to overcome the challenges of class imbalance in small sample datasets. PAFE combines multi-scale feature fusion and a channel attention mechanism, enhancing feature expression through modular design. Extensive experimental results demonstrate that PAFE outperforms the current state-of-the-art methods in both efficiency and effectiveness for malware variant classification, achieving an accuracy rate of 99.25 % with a prediction time of 10.04 ms.

Highlights

• •Pixel Padding Technique: PAFE addresses texture distortion by adding black pixels around images to maintain original texture features. This ensures accurate feature extraction during resizing.
• •Multi-scale Feature Fusion: PAFE innovatively fuses multi-scale features using varying convolutional kernel sizes, enhancing feature representation. The integration of SE networks boosts efficiency and accuracy.
• •High Accuracy & Fast Prediction: PAFE attains 99.25% accuracy on the Malimg dataset, outperforming existing malware classification methods. Its prediction time of 10.04 ms underscores its practical significance.

1. Introduction

Malware, encompassing a diverse range of malicious software programs such as viruses, worms, Trojans, rootkits, and spyware, poses a significant threat to cybersecurity. The sheer volume of malware infections, as evidenced by reports indicating over 1.3 million infected hosts in a single week in early 2021 [1], underscores the urgency of effective malware detection methods. Traditionally, malware detection relied on static and dynamic analysis techniques [[2], [3], [4], [5], [6]], but these methods struggle with unknown malware variants generated through techniques like code obfuscation and packing, limiting their effectiveness against modern cyber threats [[7], [8], [9]].

More recently, visualization-based malware detection has gained prominence as a promising alternative. By converting malware files into images, this approach circumvents the need for manual feature extraction or domain expert knowledge, leading to high classification accuracies [[10], [11], [12], [13], [14]]. However, a critical challenge arises in preserving the integrity of malware texture features during the necessary normalization of image sizes for deep learning models. Current normalization methods, such as bilinear interpolation, can introduce distortions that compromise classification accuracy [[15], [16], [17], [18], [19], [20]].

Several studies have explored malware classification using visualization and machine learning techniques. For instance, Nataraj et al. [21] introduced the SPAM method, which represents malware samples as images and signals, achieving high accuracy using GIST features and a nearest neighbor classifier. Naeem et al. [22] proposed LGMP features that capture both local and global features of malware images, while Hashemi et al. [23] and Liu et al. [24] employed LBP and SIFT descriptors, respectively, to extract robust features. Despite their effectiveness, these methods rely on handcrafted feature extraction, which can be computationally expensive and may not fully represent the underlying characteristics of similar malware [25].

Deep learning has emerged as a powerful tool for malware classification, automatically extracting complex features from malicious images in an end-to-end manner [26]. Yue et al. [27] utilized a CNN with weighted softmax loss to address dataset imbalance, while Venkatraman et al. [28] integrated supervised and unsupervised learning for feature extraction. Cui et al. [29,30] proposed a dynamic resampling method using swarm intelligence to optimize sampling weights for each malware family. However, these methods still face challenges in accurately identifying malware with obfuscation and often require complex network architectures or retraining processes.

Danish et al. [31] enhanced malware visualization by converting files into color images and training a custom VGG16 model, achieving high accuracy but with a time-consuming pretraining process. Wang et al. [32] introduced the DEAM module to improve feature extraction in DenseNet, demonstrating improved accuracy but with a relatively complex model architecture.

In light of these limitations, we propose a novel malware classification method called PAFE (Padding and Data Augmentation with Feature Enhancement model). Our approach addresses the issue of malware texture feature changes during normalization by incorporating pixel padding. Furthermore, we employ data augmentation techniques to tackle the imbalance in malware families common in small sample datasets. The PAFE framework utilizes multiple convolutional kernel sizes for multiscale feature extraction, fused and optimized using squeeze and excitation networks, resulting in a shallower network architecture that achieves comparable performance to deeper networks with fewer parameters and faster prediction times.

The experimental analysis presented in this paper demonstrates that the proposed PAFE method achieves superior malware classification accuracy and faster prediction times compared to state-of-the-art methods. The remainder of this paper is structured as follows: Section 2 provides a comprehensive review of related work, Section 3 details the PAFE approach, Section 4 introduces the experimental datasets and statistical measures, Section 5 analyzes the experimental results, and Section 6 concludes the paper and discusses future directions.

2. Proposed method

In our research, an advanced malware classification method called PAFE is proposed, which is meticulously divided into two main parts: malware preprocessing and feature enhancement (FE) modeling. In the preprocessing phase, we first implemented malware visualization to convert binary files into image format to lay the foundation for subsequent analysis. Immediately after that, we adopted the pixel-filling technique to standardize the image size, an innovative method that adjusts the image size while avoiding the image distortion problem that may be caused by the size adjustment. In addition, to address the problems of insufficient sample size and category imbalance in the dataset, we introduced the data enhancement technique, which effectively increases the sample diversity and improves the model's generalization ability and recognition of a few classes through image rotation, scaling and cropping operations.

In the Feature Enhancement (FE) model section, we design a Convolutional Neural Network (CNN)-based architecture that utilizes multiple convolutional layers to automatically extract and enhance the features of malware images. In particular, we emphasize the importance of multi-scale feature fusion, where the model is able to capture both local details and global layout of the image by processing feature maps of different sizes in parallel. In addition, by introducing the channel attention mechanism, the model is able to intelligently evaluate and strengthen those channels that excel in feature extraction while suppressing those that contribute less. This mechanism significantly improves the model's ability to express key features and provides strong support for the final classification decision. Through the application of this comprehensive technique, the PAFE model achieves efficient identification and classification of malware variants while remaining lightweight. The basic PAFE framework is depicted in Fig. 1.

Fig. 1.

PAFE framework.

2.1. Malware preprocessing

2.1.1. Malware visualization

Malicious code visualization is an analysis method that converts executable malicious code files into grayscale images. This method eliminates the need for complex feature engineering or domain-specific knowledge, making it simple and convenient to use. It can visually display the static structural information of malicious code in image form, facilitating rapid processing of large samples. Additionally, this method can capture minute differences between variants of malicious code while preserving the overall structure, which is helpful for deep analysis of malicious code.

The process of malicious code visualization is illustrated in Fig. 2 the binary file of the malicious code needs to be read as an array of 8-bit unsigned integers. Then, these binary numbers are converted into decimal integers. Subsequently, the image width is determined based on the size of the PE file, and the data is converted into a two-dimensional array. The relationship between image width and file size is shown in Table 1. Finally, each element in the two-dimensional array is mapped to a grayscale value of the image, generating a grayscale image that visualizes the malicious code sample.

Fig. 2.

Process of raw malware binary visualization into an image.

Table 1.

Image width for various file sizes.

File size	Image width	File size	Image width
<10 KB	32	100 KB–200 KB	384
10 KB–3 0 KB	64	200 KB–500 KB	512
30 KB–60 KB	128	500 KB–1000 KB	768
60 KB–100 KB	256	>1000 KB	1024

The correspondence between different parts of the binary file of malicious software code and the grayscale image is shown in Fig. 3. In Fig. 3, the.text section not only contains the executable code of the malicious software but also includes black block areas filled with zeros. The.data section contains information about initialized and uninitialized variables. The.rsrc section covers various resources involved in the compilation and generation of malicious code, such as program icons.

Fig. 3.

Malicious code PE file section and its corresponding visualized image fragment information.

2.1.2. Malware image size normalization

In classic Convolutional Neural Networks, the weight matrix of the fully connected layer has a predetermined size, requiring a consistent number of input neurons. This necessitates obtaining a consistent feature size after convolution and pooling. If the input images are of different sizes, the feature sizes after convolution and pooling will also vary, causing the fully connected layer to malfunction. Therefore, malicious code images input into the neural network should have a consistent size. However, as shown in Fig. 3, visualized malicious code images do not always retain their original shape. Hence, it is crucial to normalize the size of all malicious code images in the dataset to ensure consistency. In recent research on malicious code visualization [32,33,34], bilinear interpolation is often used for size normalization due to its simplicity. Fig. 4(a) shows a sample obtained using this method. However, it is noteworthy that bilinear interpolation may alter some image textures, as indicated by the red rectangle in the figure, which could potentially reduce the accuracy of malicious code classification.

Fig. 4.

Samples after two malware visualization methods.

To address this issue, we propose a new solution, pixel padding, to resolve the problem of altering image textures during size normalization. Bilinear interpolation can lead to changes in image texture features, especially when the height and width of the original malicious code image do not match, resulting in stretching along the shorter dimension. To handle the issue of different dimensions during the size normalization of malicious code images, we adopt a square transformation technique. This involves filling missing pixels with black pixels. We choose black pixels because each channel value of an RGB black pixel is zero. By padding the input matrix with zeros, the gradients during the backpropagation process in the CNN model will become zero. Therefore, the weight matrix of each layer remains unaffected. Algorithm 1 illustrates the specific process of the pixel padding operation. This operation involves the dimensions of the malicious code image, where the height and width are represented as h and w, respectively. The longer dimension is selected as the side length for the padding process. As described in Algorithm 1, the padding operation involves setting a new image frame as a square with a length equal to the longer dimension (denoted as side length) of the original malicious code image. The original image is positioned at the center of the frame. To complete the frame, any missing pixels are filled with black pixels with RGB values of (0, 0, 0). Thus, a padded image is generated and resized to match the target size. To achieve size normalization of malicious code images, we employ the pixel padding method, as shown in Fig. 4(b). The original 128 × 244 image is converted into a 244 × 244 image. This process ensures that the texture features of the original malicious code image remain unchanged, as indicated by the green rectangle. By preserving these features without distortion, the model's ability to extract meaningful information is enhanced, thereby improving its performance. As shown in Fig. 4(b), we utilize pixel padding to achieve size normalization of malicious code images. The original 128 × 244 image is converted into a 244 × 244 image. The texture features of the original malicious code image are well preserved without distortion, as marked by the green rectangle. This enables the model to have better feature extraction capabilities, which can enhance its performance.

Algorithm 1

Pixel padding operation

Input:malage: malware image; size: target size of malware image; Output:p*: malware padding image 1initialize padding location L as (0, 0, 0, 0); 2//(top, bottom, left, right) 3Padding location (top, bottom, left, right) 4(top, bottom, left, right) ← initialize (0, 0, 0, 0); # Initialize fill position as (top, bottom, left, right) all 0. 5initialize pixel as (0, 0, 0);//RGB (red, green, blue); # Initialize pixel value as black with RGB color value (0, 0, 0). 6height, width ← malage; # Get the height and width from the input malware image malage. 7edge ← max (height, width) # Calculate the edge of the filled image by taking the maximum of the height and width. 8if width < edge then calculate padding width w; left, right ← $\Vert w/2\Vert$, $w-\Vert w/2\Vert$; 9else calculate padding height h; top, bottom ← $\Vert h/2\Vert$, $h-\Vert h/2\Vert$; 10end if; 11L* ← updata L; # Update the fill position L* to the calculated fill amount. 12p ← MakeBorder (malage, L*, pixel); # Use the MakeBorder function to add a border to the original image based on L* and pixel to generate the intermediate image p. 13p* ← resize (p, size); # Use the resize function to resize the intermediate image p to the target size size, generating the filled image p*. 14returnp*; # Returns the filled and resized image p*

Input: malage: malware image; size: target size of malware image; Output: p*: malware padding image 1initialize padding location L as (0, 0, 0, 0); 2//(top, bottom, left, right) 3Padding location (top, bottom, left, right) 4(top, bottom, left, right) ← initialize (0, 0, 0, 0); # Initialize fill position as (top, bottom, left, right) all 0. 5initialize pixel as (0, 0, 0);//RGB (red, green, blue); # Initialize pixel value as black with RGB color value (0, 0, 0). 6height, width ← malage; # Get the height and width from the input malware image malage. 7edge ← max (height, width) # Calculate the edge of the filled image by taking the maximum of the height and width. 8if width < edge then calculate padding width w; left, right ← $\Vert w/2\Vert$, $w-\Vert w/2\Vert$; 9else calculate padding height h; top, bottom ← $\Vert h/2\Vert$, $h-\Vert h/2\Vert$; 10end if; 11L* ← updata L; # Update the fill position L* to the calculated fill amount. 12p ← MakeBorder (malage, L*, pixel); # Use the MakeBorder function to add a border to the original image based on L* and pixel to generate the intermediate image p. 13p* ← resize (p, size); # Use the resize function to resize the intermediate image p to the target size size, generating the filled image p*. 14return p*; # Returns the filled and resized image p*

2.1.3. Data augmentation

The performance of deep learning models in classification tasks is closely related to the quality of the dataset. A well-constructed and balanced dataset can not only improve classification accuracy but also effectively mitigate overfitting. In the field of malicious code detection, datasets often face challenges such as insufficient sample size or imbalanced class distribution. To address these issues, data augmentation techniques have emerged as an effective solution. By applying appropriate data augmentation methods (such as geometric transformations, color transformations, etc.), the number of samples in the minority class can be increased, thereby addressing the problem of class imbalance. At the same time, data augmentation can further prevent overfitting and enhance the robustness of the model.

In this study, we employed data augmentation techniques to expand the sample size in response to the issue of imbalanced samples in the malicious code dataset. The data augmentation parameters used in the experiment are presented in Table 2, while Fig. 5 showcases some of the processed malicious code image samples. We allocated 70 % of the Malimg dataset for training purposes, with the remaining 30 % reserved for testing. By augmenting the original training set consisting of 6604 samples, our model successfully increased the dataset size to 51,608 samples, effectively resolving the problem of class imbalance and significantly improving classification accuracy.

Table 2.

Parameter settings of data augmentation.

Method	Setting	Method	Setting
Rescale	1/255	Shear range	0.0
Width shift	0.0	Zoom range	0.0
Height shift	0.0	Horizontal flip	False
Rotation range	0.0	Fill mode	None

Fig. 5.

Malicious code image data enhancement before and after comparison.

2.2. Feature enhancement model

Convolutional Neural Networks (CNNs) have the ability to automatically extract features from samples and perform end-to-end learning. In the realm of malicious code, detecting and identifying its variants primarily involve two parts: feature extraction and classification. Feature extraction relies on feature extraction algorithms to extract features from input data. Regarding the classification part, both the detection and classification of malware can be regarded as classification problems, where the detection of malicious code can be seen as a binary classification problem, and the classification of malicious code can be viewed as a multi-class classification problem. Among these, the feature extraction part is the focus of the research, as the quality of feature extraction determines the accuracy of detection and classification. Unlike traditional manually designed feature extractors, deep learning techniques input malicious code images into a convolutional neural network architecture, automatically extracting sample features through an end-to-end framework and simultaneously completing classification.

Currently, there have been many studies that construct convolutional neural network models to identify and classify malicious code and its variants [8,35,36]. However, these methods use single-layer, single-scale convolution kernels to extract features from malicious code images layer by layer, neglecting the diversity of feature extraction, resulting in relatively poor robustness of the extracted features and unsatisfactory detection accuracy.

To address these challenges, we utilize the Squeeze-and-Excitation Network (SENet) [37] in a multi-scale feature fusion network structure, as shown in Fig. 1 for the feature enhancement model (FE model). The main idea of this design is to leverage multi-scale feature fusion to enhance the diversity and feature extraction capability of the model. This method extracts features similar to those of deep neural networks, reduces network parameters and floating-point operations, thereby accelerating the detection of malicious code and improving classification accuracy. The main components of the model include CBR layers, max pooling layers, FFSE blocks, and fully connected layers.

The CBR layer is the basic unit of the model, which extracts features through a convolutional layer, accelerates the training process through a batch normalization layer, and introduces nonlinearity through a ReLU activation function, collectively enhancing the model's feature extraction capability. Input features are first sent to the convolutional layer, then passed through the batch normalization layer, and finally activated by the ReLU function to generate nonlinear feature outputs.

A notable component is the FFSE block, as shown in Fig. 6. It consists of two modules: a feature fusion module and a channel attention mechanism module. The feature fusion module uses convolution kernels of different sizes to extract multi-scale features from images. These features are then combined to generate a comprehensive representation that includes both local and global features. The feature maps created during the feature extraction process combine features extracted from each channel. However, not every channel is effective in feature extraction. To address this issue, the channel attention mechanism assigns weights to each channel based on its performance in feature extraction. Channels with better feature extraction performance receive larger weights, while those with poorer performance receive smaller weights. This approach allows us to prioritize the main features of the image, thereby enhancing the representation of key features in malicious code images. Consequently, the accuracy of malicious code detection and classification is improved.

Fig. 6.

Structure of FFSE block.

By introducing multi-scale feature fusion and SENet, our model can more effectively extract and utilize features from malicious code images, thereby improving the accuracy of detection and the performance of classification. As shown in Fig. 1, our feature enhancement model (FE model) adopts a multi-scale feature fusion network structure aimed at enhancing the diversity and accuracy of feature extraction. Fig. 6 illustrates the structure of the FFSE block, which includes a feature fusion module and a channel attention mechanism module, working together to extract and optimize features in malicious code images.

In the feature fusion module, the input features $V\in {\mathbb{R}}^{C\times H\times W}$ operate simultaneously through branches $I–IV$. To make the extracted features diverse and representative, these use convolution kernels with different receptive fields to perform feature extraction, and fuse respective output features $V_1\in {\mathbb{R}}^{C_1\times H^{\prime }\times W^{\prime }}$, $V_2\in {\mathbb{R}}^{C_2\times H^{\prime }\times W^{\prime }}$, $V_3\in {\mathbb{R}}^{C_3\times H^{\prime }\times W^{\prime }}$, and $V_4\in {\mathbb{R}}^{C_4\times H^{\prime }\times W^{\prime }}$ to obtain a total feature that contains both local and global features, which is used as the output feature $V_m\in {\mathbb{R}}^{C^{\prime }\times H^{\prime }\times W^{\prime }}$. The number of output channels is $C^{\prime }=C_1+C_2+C_3+C_4$. The channel attention module is divided into squeeze and excitation parts. The squeeze operation $F_s$ obtains $Z\in {\mathbb{R}}^{1\times 1\times C^{\prime }}$ by globally pooling $V_m$,

$$z_c=F_s\left(V_m\right)=\frac{1}{H^{\prime }+W^{\prime }}\sum _{i=1}^{H^{\prime }}\sum _{j=1}^{W^{\prime }}{V}_m\left(i,j\right)$$ (1)

and performing the excitation operation $F_e$ on $Z$ to obtain the weight of the channel,

$$w=F_e\left(Z,W^{\prime }\right)=\sigma \left(g\left(Z,W^{\prime }\right)\right)=\sigma \left({W_2}^{\prime }\delta \left({W_1}^{\prime }Z\right)\right)$$ (2)

where $\delta$ is the ReLU excitation function, ${W_1}^{\prime }\in {\mathbb{R}}^{\frac{C^{\prime }}{r}\times C^{\prime }}$, ${W_2}^{\prime }\in {\mathbb{R}}^{C^{\prime }\times \frac{C^{\prime }}{r}}$, $w\in {\mathbb{R}}^{1\times 1\times C^{\prime }}$, $r$ is the hyperparameter in the transformation, and $r=16$. in general. The $F_{scale}$ operation is performed on $w$ and $V_m$ to assign a weight to each channel of ${\tilde{V}}_m$ the input features and obtain the channel weighted output,

$${\tilde{V}}_m=F_{scale}\left(v_c,w_c\right)$$ (3)

where ${\tilde{V}}_m=\left[{\tilde{v}}_1,{\tilde{v}}_2,\cdots ,{\tilde{v}}_C\right],{\tilde{v}}_C\in {\mathbb{R}}^{H\text{'}\times W\text{'}}$.The malicious code image passes through the FFSE module to obtain a comprehensive feature that results from the fused local features and global features. The channel attention mechanism assigns weights to each channel feature in the comprehensive feature map, suppresses feature expressions from channels with poor feature extraction performance, and enhances feature extraction from channels with good feature extraction performance, to further improve image texture feature extraction.

The feature map of a malicious image after passing through the first SE block of the neural network is shown in Fig. 7. This visualization reveals that certain channels are more effective in extracting features from grayscale images of malicious code. Consequently, it is crucial to enhance the promotion of channels that exhibit superior feature extraction capabilities while suppressing those with inferior performance.

Fig. 7.

Feature maps after SE block.

3. Datasets and performance metrics

3.1. Dataset and experimental environment

In this study, we used the Malimg dataset for evaluation experiments on malware classification. This dataset is a real-world dataset containing 9435 different types of malware covering 25 different malware families [14]. The details of the dataset have been described in detail in Table 3. We adopt a standard data processing strategy where 70 % of the data from each category is used for model training, while the remaining 30 % of the data is used to test the model's malware recognition ability. This division strategy ensures that the model is exposed to diverse samples during training while retaining enough samples to evaluate the model's generalization performance.

Table 3.

Details of malware families in Malimg dataset.

Malware type	Family name	number	sample size
Worm	Allaple.A	3	2824
	Allaple.L	4	1491
	VB.AT	23	383
	Yuner.A	25	775
Worm: AutoIT	Autorun.K	6	81
Trojan	Alueron.gen!J	5	173
	C2LOP.gen!g	7	175
	C2LOP.P	8	121
	Malex.gen!J	17	111
	Skintrim.N	20	55
Dialer	Adialer.C	1	97
	Dialplatform.B	9	152
	Instantaccess	12	356
PWS	Lolyda.AA1	13	153
	Lolyda.AA2	14	159
	Lolyda.AA3	15	98
	Lolyda.AT	16	134
Trojan Downloader	Dontovo.A	10	137
	Obfuscator.AD	18	117
	Swizzor.gen!E	21	103
	Swizzor.gen!I	22	107
	Wintrim.BX	24	72
Rogue	Fakerean	11	306
Backdoor	Agent.FYI	2	91
	Rbot!gen	19	133

To fully utilize the Malimg dataset, we followed a series of data collection and preprocessing steps. First, we selected representative malware samples from the dataset, which were isolated and analyzed in a secure sandbox environment to extract key static and dynamic features. Next, the transformed visualized grayscale images are acquired to prepare for feature extraction and model training. In the data preprocessing phase, we normalized the images, used pixel filling techniques to resize the images, and applied data enhancement methods to improve the generalization of the models.

In order to evaluate the malicious code detection performance of the PAFE model, we conducted a large number of experiments on it from several aspects, and the hardware and software environment configurations built for the experiments are shown in Table 4.

Table 4.

Experimental setting.

Parameters	Configuration
CPU Model	Intel Core i7-7700HQ (2.08 GHz)
GPU Model	NVIDIA GeForce RTX 1050 GPU (4 GB)
RAM	16G
Operating System	Windows 10
Language	Python 3.6
IDE	PyCharm 2021
Deep Learning Framework	Tensorflow 2.10
CUDA Version	CUDA 10.1
Tensorboard	Tensorboard 2.10

3.2. Performance metrics

We evaluated the classification performance of the model by the widely used Accuracy, Precision, Recall, and F₁-score:

$$Accuracy=\frac{TP+TN}{TP+TN+FP+FN}$$ (4)

$$Precision=\frac{TP}{TP+FP}$$ (5)

$$Recall=\frac{TP}{TP+FN}$$ (6)

$$F_1-score=2\times \frac{Precision\times Recall}{Precision+Recall}$$ (7)

where TP represents true positives, FP false positives, FN false negatives, and TN true negatives.

4. Experimental results and discussion

We verified the effectiveness and efficiency of PAFE by the following experiments.

• (1)Validation of malware preprocessing;
• (2)Effects of different input sizes on model performance;
• (3)Comparison of performance with advanced deep learning frameworks;
• (4)Comparative analysis with the state-of-art solutions.

4.1. Validation of malware preprocessing

Malware preprocessing included malicious image size normalization and data augmentation. We compare the classification performance of FE, PFE, AFE, and PAFE to validate the effectiveness of malware preprocessing, including pixel padding and data augmentation. Table 5 summarizes the performance metrics of the models. It is evident that the additional 0.32 % increase in classification accuracy achieved by PFE (99.14 %) compared to FE indicates the superiority of pixel padding in our size normalization process over the commonly used bilinear interpolation [34,37,38]. This outcome demonstrates the ability of pixel padding to eliminate texture feature variations resulting from size scaling in malicious images, thereby preserving their original texture features and ultimately enhancing the classification performance of the model. The classification accuracy for AFE was 99.04 %, which exceeded that of FE by 0.16 %, indicating the effective improvement in classification accuracy through data augmentation. Moreover, this result highlights the impact of dataset size and imbalanced samples of malware families on model performance. Data augmentation serves to mitigate these effects and enhance model robustness. PAFE which utilizes pixel padding and data augmentation had the highest classification accuracy among all the models, at 99.25 %, indicating that our proposed malware preprocessing can effectively improve classification performance. Importantly, the combination of pixel padding and data augmentation yields superior results compared to using either technique in isolation, while maintaining the individual effectiveness of both approaches.

Table 5.

Comparative summary of different methods of size normalization.

Model	Evaluation Metric (%)
	Accuracy	Precision	Recall	F1-score
FEa	98.82	98.81	98.82	98.81
PFE (Padding)b	99.14	99.17	99.14	99.15
AFE (Aug)c	99.04	99.08	99.04	99.05
PAFE (Padding + Aug)d	99.25	99.29	99.25	99.27

^aFE: FE model with bilinear interpolation.

^bPFE: FE model with pixel padding.

^cAFE: FE model with data augmentation.

^dPAFE: FE model with pixel padding and data augmentation.

To observe the classification of each model, Fig. 8(a–d) presents the confusion matrices. The main diagonal values indicate the correct classification rates, while the remaining values represent misclassification rates. Notably, the FE model achieves a classification accuracy of 100 % in 21 malware families, especially Yuner.A, VB.AT, Malex.gen!J, Autorun.K, and Rbot!gen, which use the same UPX packing technology and has similar structures, making them hard to be discriminated. Allaple.A and Allaple.L are encrypted by Allaple with different random keys, and thus are difficult to be identified. However, FE achieved 100 % classification accuracy on these families, which demonstrates its robustness in identifying encapsulated and encrypted malicious codes.This success can be attributed to our model's proficiency in extracting distinctive features that differentiate between different families. Nevertheless, FE performed poorly in the other four families. The classification accuracies for Swizzor.gen!E and Swizzor.gen!I were less than 90 %, and 20 % of Swizzor.gen!E were misclassified as Swizzor.gen!I while 12 % of Swizzor.gen!I as Swizzor.gen!E, because they belong to homologous families with very similar codes. This also occurred with C2LOP.gen!g and C2LOP.P. In the AFE and PFE models, the classification accuracies of these four families were improved to varying degrees compared with FE, indicating that pixel padding and data augmentation can improve their classification accuracies when applied separately. In addition, the comparison of the confusion matrices of PAFE with those of AFE and PFE shows that the classification accuracies of PAFE on the Swizzor.gen!E and C2LOP.P families were improved by 0.04, which further demonstrates the combined advantage of pixel padding and data augmentation; hence to apply them together effectively improved the classification performance of the model.

Fig. 8.

Confusion matrices for PAFE with normal method and padding method.

4.2. Effects of different input sizes on model performance

The classification performance of the model is affected by the size of malicious images. Smaller image sizes make it more challenging to preserve all the texture information, potentially resulting in a loss of discriminative information among similar families.The size of the image affects the performance of the model. Larger images lead to larger model volume and longer calculation time, and there is a risk of overfitting. To determine the optimal input size that balances classification accuracy and detection speed, we adopt the padding method to normalize malicious images to various sizes and assess their performance metrics.The findings are presented in Table 6, which demonstrates that as the size of malicious code images grows from 64 × 64 to 512 × 512, the number of parameters rises from 0.33 Million (M) to 1.95 M, and the detection time increases from 8.56 ms (ms) to 14.97 ms. It is important to highlight that with the increase in the size of malicious code images, the model initially experiences a rise in classification accuracy from 97.43 % to 99.25 %, followed by a decrease to 98.72 %.The results indicate that overfitting arises when the input size of the model becomes excessively large. From the experimental findings, it is evident that an input size of 256 × 256 is crucial. Although further increases in size do not significantly impact the classification accuracy, they lead to an escalation in the number of parameters and the detection time. In light of these trends, we opt to utilize 256 × 256 as the input size for the model.

Table 6.

Model performance metrics at different input sizes.

Input shape	Parameters	Accuracy (%)	Prediction time (ms)
64 × 64	337,913	97.43	8.56
128 × 128	414,713	98.07	9.05
224 × 224	625,913	99.14	9.62
256 × 256	721,913	99.25	10.04
299 × 299	889,913	99.25	10.70
512 × 512	1,950,713	98.72	14.97

4.3. Comparison of performance with advanced deep learning frameworks

We evaluate the performance of PAFE by comparing it with several well-known models, namely AlexNet8 [38], VGG16 [39], ResNet50 [40], and Inception V3 [41], from different aspects. These established model frameworks have been successfully applied to solve the multiclass malicious code classification problem [[42], [43], [44]]. To adapt these models for malicious code classification, we performed data augmentation and adjusted the number of neurons in the output layers accordingly.

We trained the aforementioned models on malware images that underwent two different preprocessing techniques: bilinear interpolation (referred to as "normal") and pixel padding (referred to as "normal padding"). The classification performance metrics of these models are presented in Table 7. It is evident from the table that, under identical conditions, the classification accuracy of the models improved when the padding method was employed for preprocessing compared to the normal method. This finding further reinforces the efficacy of padding in enhancing the detection accuracy of malicious codes. Moreover, it is worth noting that padding not only benefits PAFE but also effectively improves the classification accuracy of the other models. Among all the models, PAFE achieved the highest performance metrics. For example, the precision was 99.29 % for PAFE, 99.08 % for Inception V3, 98.95 % for ResNet50, 97.92 % for VGG16, and 93.93 % for AlexNet8. These results highlight the exceptional classification accuracy of our model.

Table 7.

Comparative summary of the performance of different models.

Model	Method	Evaluation metric (%)
		Accuracy	Precision	Recall	F1-score
AlexNet8	Normal	94.12	92.77	94.11	93.19
	Padding	95.18	93.93	95.19	94.31
VGG16	Normal	97.11	97.00	97.11	97.03
	Padding	97.97	97.92	97.96	97.93
Inception V3	Normal	98.71	98.72	98.71	98.71
	Padding	99.03	99.08	99.04	99.04
ResNet50	Normal	98.63	98.65	98.63	98.64
	Padding	98.93	98.95	98.93	98.92
PAFE	Normal	98.82	98.81	98.82	98.81
	Padding	99.25	99.29	99.25	99.27

Normal: bilinear interpolation.

Padding: Pixel padding.

To further observe and analyze the models' classification performance, we have plotted the classification details for each model within each malicious family.

The experimental results shown in Fig. 9(a–d) indicate that PAFE exhibits strong performance on a variety of metrics within each malware family. It is worth noting that the Swizzorgen!E and Swizzorgen!I families, as well as the C2LOP. p and C2LOP.gen!g families, are all structurally similar derivatives, with only a small portion of the code differing. This inherent similarity poses considerable challenges for categorization and often leads to confusion between other models. However, PAFE greatly reduces its confusion, and although it does not perform as well as other classification families among the 25 classification families through horizontal comparison, vertical comparison can greatly demonstrate the advantages of PAFE over other methods.In summary, PAFE is effective in extracting deep features from malicious images and highlighting the expression of key features. It is especially good at distinguishing representative texture features of different malicious image families. This capability can provide more effective analysis for malware classification and identification of variants.

Fig. 9.

Classification details of each model in malicious families.

The time a model takes to detect unknown malicious codes is another important metric. Prediction time refers to the duration it takes for a trained model to identify an unknown sample. We recorded the number of parameters for each model and calculated the average classification time per sample based on a dataset of 935 malicious images. Table 8 presents the results, indicating that PAFE has the smallest parameter volume, with 721,913 parameters. This is only 1/501 of AlexNet, 1/186 of VGG16, 1/30 of Inception V3, and 1/32 of Resnet50. Additionally, PAFE exhibits the fastest detection speed among the models, with an average of 10.04 ms per sample. In comparison, AlexNet takes 30.18 ms, VGG16 takes 25.84 ms, Inception V3 takes 33.16 ms, and Resnet50 takes 24.60 ms. To visualize the relationship between classification accuracy and detection speed for each model, we present Fig. 10. The plot clearly demonstrates that PAFE achieves the highest accuracy alongside the fastest detection time. This verifies its exceptional classification accuracy in identifying malicious codes and their variants, all while maintaining a small model size and an extremely short detection time. PAFE is capable of promptly and accurately classifying malicious codes within a network environment.

Table 8.

Prediction time of different models.

Model	AlexNet	VGG16	InceptionV3	Resnet50	PAFE
Parameters	361,991,449	134,361,817	21,854,009	23,638,937	721,913
Prediction time(ms)	30.18	25.84	33.16	24.60	10.04

Fig. 10.

Comparison of classification accuracy and detection time for various models.

4.4. Comparative analysis with the state-of-art solutions

We provide a comprehensive comparison of PAFE with existing malicious code classification methods that utilize machine learning and deep learning techniques. Most of these existing methods extract texture features from malicious code images through manual or automated feature extraction techniques and employ machine learning algorithms (e.g., KNN, SVM) or deep learning (e.g., softmax) for classification. We performed this comparison on the same dataset and the results, as shown in Table 9, show that PAFE outperforms the other methods in terms of classification accuracy, highlighting its superior performance in the field.

Table 9.

Comparative summary.

Methods	Year	Accuracy(%)	Precision(%)	Recall(%)	F1-score(%)
Nataraj et al. [13]	2011	97.18	–	–	–
SPAM-GIST [22]	2016	97.40	–	–	–
Vgg-very deep-19 [26]	2017	97.32	–	–	–
DRBA + CNN [28]	2018	94.50	96.60	88.40	–
LGMP + KNN [23]	2019	98.40	–	98.20	97.1
NSGA-II + CNN [29]	2019	97.60	97.60	88.40	–
Venkatraman [27]	2019	96.30	91.80	91.50	91.60
Gibert et al. [15]	2019	98.50	98.00	98.00	98.00
CNN + LSTM [17]	2019	96.30	96.30	96.20	96.20
Roseline [45]	2019	98.91	99.00	99.00	99.00
GIST + KNN [46]	2020	97.00	97.00	97.00	97.00
Verma [47]	2020	98.58	98.04	98.06	98.05
Deep RF [48]	2020	98.65	98.86	98.63	98.74
Naeem [49]	2020	98.79	98.79	98.47	98.46
IMCFN [30]	2020	98.82	98.85	98.81	98.75
DenseNet-improved [50]	2021	98.23	97.78	97.92	97.85
DenseNet [51]	2021	98.97	–	–	98.88
DEAM-Densenet201 [32]	2021	98.50	96.90	96.60	96.70
Two-level ANN [34]	2021	99.13	–	–	–
PAFE	-	99.25	99.29	99.25	99.27

The unique contribution of PAFE lies in its combination of pixel filling techniques and data enhancement strategies, as well as multi-scale feature fusion and channel attention mechanisms, the integration of which significantly improves the feature extraction capability and classification accuracy of the model. In addition, PAFE's lightweight design and fast detection speed enable it to operate efficiently in resource-constrained environments, which is clearly demonstrated in comparisons with other models. For example, when compared to IMCEC [52], although IMCEC improves classification accuracy by integrating five CNN models, its detection speed is significantly slower, taking an average of 1.18 s to identify unknown malware, whereas our model takes only 10.04 ms to perform the same task. This comparison not only highlights the advantages of PAFE in terms of classification speed, but also reflects its potential value in practical applications.

However, we also realize that PAFE may have some limitations. Although PAFE performs well in experiments, its generalization ability and adaptability to new malware variants still need to be further verified in a wider range of datasets and real-world environments. In addition, as malware technologies continue to evolve, PAFE, like all other deep learning-based models, may need to be regularly updated to adapt to new threats. Therefore, we suggest that future work should focus on the continuous optimization of the model and its ability to respond quickly to emerging malware types.

5. Conclusion

In this study, we introduce PAFE, a pioneering approach that demonstrates superior accuracy and efficiency in malware classification. By utilizing pixel-filling and data enhancement techniques, PAFE effectively mitigates the challenges posed by small sample sizes and unbalanced datasets, surpassing the limitations of existing methods. In addition, the integration of multi-scale feature fusion and channel attention mechanism greatly enhances PAFE's ability to recognize malware variants. Experimental results show that PAFE achieves 99.25 % accuracy in malware variant classification with a prediction time of only 10.04 ms, which outperforms state-of-the-art methods on the Malimg dataset.PAFE is designed with a focus on modularity, and achieves the same level of feature extraction as deep neural networks through a lightweight deep network architecture, which not only reduces the number of parameters, but also improves prediction speed. Beyond the lab environment, PAFE's lightweight nature and robust performance make it an ideal candidate for integration into a wide range of security solutions for individual users, enterprises, and cybersecurity operators. As cybersecurity threats continue to escalate, PAFE provides a valuable solution for malware classification, delivering higher accuracy and faster detection than current approaches, while adapting to deployment in resource-limited environments.

In future research, we plan to extend and improve the PAFE technique to further enhance its performance and application scope. Specifically, we will focus on applying the PAFE technique to steganography detection and exploring multi-channel image processing techniques that utilize complete RGB information to enhance the model's ability to recognize malware images. This includes the development of new algorithms to integrate features from different channels, as well as optimizing the model structure to improve real-time performance and adapt to resource-constrained environments. In addition, we will integrate model interpretation tools and explore the fusion of symbolic reasoning and deep learning to enhance the interpretability and transparency of the models. Recognizing that the limitations of the datasets used may affect the generalization ability of the model, we plan to introduce a wider range of data sources to enhance the diversity and robustness of the model. Also, considering the impact of different types of malware on classification accuracy, we will delve into the model's ability to recognize various types of malware in an effort to improve the model's adaptability to novel variants. With these comprehensive improvements, PAFE will reach new heights of accuracy, speed, and interpretability, and become a more robust and adaptable cybersecurity solution that effectively responds to evolving cybersecurity threats.

Ethical and informed consent for data used

The data utilized in this paper does not encompass any matters pertaining to morality or ethics. Prior to engaging in the study, all participants provided their informed consent, and the authors were granted the liberty to withdraw from the study at any juncture without facing any penalty. Furthermore, the authors were entitled to pose any questions pertaining to the study and obtain unambiguous responses.

Data Availability statement

The Malimg dataset, which contains a comprehensive collection of malware samples used in this study, is available for research purposes. Due to the sensitive nature of the data and to prevent potential misuse, the dataset is not publicly accessible without restrictions. However, researchers interested in accessing the Malimg dataset for non-commercial academic research can request it by contacting the corresponding author at [yafei_song@163.com]. Access to the dataset will be granted following a review process to ensure compliance with ethical standards and the protection of sensitive information.

CRediT authorship contribution statement

Sicong Li: Writing – original draft, Methodology. Jian Wang: Investigation, Data curation. Shuo Wang: Writing – review & editing, Validation. Yafei Song: Formal analysis, Data curation, Conceptualization.

Declaration of competing interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

Appendix.

Symbol/Notation	Description
malage	Malware image
size	Target size of the malware image
P*= resize (p, size)	Malware padding image (output)
L	Padding location initialized as (0,0,0,0)
pixel	RGB value initialized as (0,0,0)
height	Height of the malware image
width	Width of the malware image
edge	Maximum of height and width
w	Padding width to be calculated
h	Padding height to be calculated
L*= update L	Updated padding location
P = Make Border (malage, L∗, pixel)	Intermediate image with border
ReLU	Rectified Linear Unit activation function
FFSE	Feature Fusion + Squeeze and Excitation block
CBR	Convolution + Batch Normalization + ReLU
SE	Squeeze and Excitation operation for channel attention
TP	True Positives
FP	False Positives
FN	False Negatives
TN	True Negatives
Accuracy	The number of correctly categorized positive samples divided by the total number of samples predicted to be positive.
precision	The proportion of samples predicted to be positive that are actually positive.
recall	The proportion of all samples that were actually positive that were correctly predicted as positive.
F1-score	The reconciled mean of precision and recall.
edge=max (height, width)	Side length of the filled image, which takes the maximum of the height and width of the original image.
left, right	Width to be filled, calculated when the original image width is less than the edge length.
top, bottom	Height to be filled, calculated when the original image height is less than the side length.
Feature=FFSE block (input features)	Process the input features through the FFSE module for feature fusion and channel attention weighting.