Malware Classification Using Deep Learning: Hybrid Approach

Abstract

Malware classification is a critical task in cybersecurity, aimed at identifying and categorizing malicious software to protect digital systems from potential threats. Traditional malware detection methods, such as signature-based and heuristic approaches, often struggle with detecting new, obfuscated, or polymorphic malware variants. This study proposes a hybrid deep learning approach combining Convolutional Neural Networks (CNNs) and Long Short-Term Memory (LSTM) networks for malware classification. The CNN component extracts spatial features from malware binaries transformed into grayscale images, while the LSTM network processes sequential data such as API calls and opcode sequences, capturing the temporal behavior of malware. Experimental results on the Microsoft Malware Classification Challenge (BIG 2015) and EMBER 2020 datasets demonstrate that the hybrid model outperforms standalone CNN and LSTM models, achieving an accuracy of 96.4% and an AUC score of 0.98. The model also exhibits strong generalization capabilities, effectively identifying malware families with low misclassification rates, including those with complex obfuscation techniques. These findings suggest that the proposed hybrid model offers a robust, scalable, and adaptable solution for malware classification, with significant potential for real-time cybersecurity applications