• 文献检索
  • 文档翻译
  • 深度研究
  • 学术资讯
  • Suppr Zotero 插件Zotero 插件
  • 邀请有礼
  • 套餐&价格
  • 历史记录
应用&插件
Suppr Zotero 插件Zotero 插件浏览器插件Mac 客户端Windows 客户端微信小程序
定价
高级版会员购买积分包购买API积分包
服务
文献检索文档翻译深度研究API 文档MCP 服务
关于我们
关于 Suppr公司介绍联系我们用户协议隐私条款
关注我们

Suppr 超能文献

核心技术专利:CN118964589B侵权必究
粤ICP备2023148730 号-1Suppr @ 2026

文献检索

告别复杂PubMed语法,用中文像聊天一样搜索,搜遍4000万医学文献。AI智能推荐,让科研检索更轻松。

立即免费搜索

文件翻译

保留排版,准确专业,支持PDF/Word/PPT等文件格式,支持 12+语言互译。

免费翻译文档

深度研究

AI帮你快速写综述,25分钟生成高质量综述,智能提取关键信息,辅助科研写作。

立即免费体验

一种用于视觉恶意软件分类的可解释混合卷积神经网络-Transformer架构

An Explainable Hybrid CNN-Transformer Architecture for Visual Malware Classification.

作者信息

Alshomrani Mohammed, Albeshri Aiiad, Alsulami Abdulaziz A, Alturki Badraddin

机构信息

Department of Computer Science, Faculty of Computing and Information Technology, King Abdulaziz University, Jeddah 21589, Saudi Arabia.

Department of Information Systems, Faculty of Computing and Information Technology, King Abdulaziz University, Jeddah 21589, Saudi Arabia.

出版信息

Sensors (Basel). 2025 Jul 24;25(15):4581. doi: 10.3390/s25154581.

DOI:10.3390/s25154581
PMID:40807763
原文链接:https://pmc.ncbi.nlm.nih.gov/articles/PMC12349062/
Abstract

Malware continues to develop, posing significant challenges for traditional signature-based detection systems. Visual malware classification, which transforms malware binaries into grayscale images, has emerged as a promising alternative for recognizing patterns in malicious code. This study presents a hybrid deep learning architecture that combines the local feature extraction capabilities of ConvNeXt-Tiny (a CNN-based model) with the global context modeling of the Swin Transformer. The proposed model is evaluated using three benchmark datasets-Malimg, MaleVis, VirusMNIST-encompassing 61 malware classes. Experimental results show that the hybrid model achieved a validation accuracy of 94.04%, outperforming both the ConvNeXt-Tiny-only model (92.45%) and the Swin Transformer-only model (90.44%). Additionally, we extended our validation dataset to two more datasets-Maldeb and Dumpware-10-to strengthen the empirical foundation of our work. The proposed hybrid model achieved competitive accuracy on both, with 98% on Maldeb and 97% on Dumpware-10. To enhance model interpretability, we employed Gradient-weighted Class Activation Mapping (Grad-CAM), which visualizes the learned representations and reveals the complementary nature of CNN and Transformer modules. The hybrid architecture, combined with explainable AI, offers an effective and interpretable approach for malware classification, facilitating better understanding and trust in automated detection systems. In addition, a real-time deployment scenario is demonstrated to validate the model's practical applicability in dynamic environments.

摘要

恶意软件持续发展,给传统的基于特征码的检测系统带来了重大挑战。可视化恶意软件分类将恶意软件二进制文件转换为灰度图像,已成为识别恶意代码模式的一种有前途的替代方法。本研究提出了一种混合深度学习架构,该架构将ConvNeXt-Tiny(一种基于卷积神经网络的模型)的局部特征提取能力与Swin Transformer的全局上下文建模相结合。使用包含61个恶意软件类别的三个基准数据集——Malimg、MaleVis、VirusMNIST对所提出的模型进行评估。实验结果表明,混合模型的验证准确率达到了94.04%,优于仅使用ConvNeXt-Tiny的模型(92.45%)和仅使用Swin Transformer的模型(90.44%)。此外,我们将验证数据集扩展到另外两个数据集——Maldeb和Dumpware-10,以加强我们工作的实证基础。所提出的混合模型在这两个数据集上都取得了具有竞争力的准确率,在Maldeb上为98%,在Dumpware-10上为97%。为了提高模型的可解释性,我们采用了梯度加权类激活映射(Grad-CAM),它可视化了学习到的表示,并揭示了卷积神经网络和Transformer模块的互补性质。这种混合架构与可解释人工智能相结合,为恶意软件分类提供了一种有效且可解释的方法,有助于更好地理解和信任自动检测系统。此外,还展示了一个实时部署场景,以验证该模型在动态环境中的实际适用性。

https://cdn.ncbi.nlm.nih.gov/pmc/blobs/7c34/12349062/e3375d8bd201/sensors-25-04581-g008.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/7c34/12349062/48f47c257fc3/sensors-25-04581-g001.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/7c34/12349062/4f5fa52c16cf/sensors-25-04581-g002.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/7c34/12349062/b71bf11e8deb/sensors-25-04581-g003.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/7c34/12349062/1613c2706c87/sensors-25-04581-g004.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/7c34/12349062/c2a37bb360d8/sensors-25-04581-g005.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/7c34/12349062/3ea2f7a5c9e7/sensors-25-04581-g006.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/7c34/12349062/490781982de9/sensors-25-04581-g007.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/7c34/12349062/e3375d8bd201/sensors-25-04581-g008.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/7c34/12349062/48f47c257fc3/sensors-25-04581-g001.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/7c34/12349062/4f5fa52c16cf/sensors-25-04581-g002.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/7c34/12349062/b71bf11e8deb/sensors-25-04581-g003.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/7c34/12349062/1613c2706c87/sensors-25-04581-g004.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/7c34/12349062/c2a37bb360d8/sensors-25-04581-g005.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/7c34/12349062/3ea2f7a5c9e7/sensors-25-04581-g006.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/7c34/12349062/490781982de9/sensors-25-04581-g007.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/7c34/12349062/e3375d8bd201/sensors-25-04581-g008.jpg

相似文献

1
An Explainable Hybrid CNN-Transformer Architecture for Visual Malware Classification.一种用于视觉恶意软件分类的可解释混合卷积神经网络-Transformer架构
Sensors (Basel). 2025 Jul 24;25(15):4581. doi: 10.3390/s25154581.
2
A deep learning approach to direct immunofluorescence pattern recognition in autoimmune bullous diseases.深度学习方法在自身免疫性大疱性疾病中的直接免疫荧光模式识别。
Br J Dermatol. 2024 Jul 16;191(2):261-266. doi: 10.1093/bjd/ljae142.
3
Leveraging a foundation model zoo for cell similarity search in oncological microscopy across devices.利用基础模型库进行跨设备肿瘤显微镜检查中的细胞相似性搜索。
Front Oncol. 2025 Jun 18;15:1480384. doi: 10.3389/fonc.2025.1480384. eCollection 2025.
4
DBA-ViNet: an effective deep learning framework for fruit disease detection and classification using explainable AI.DBA-ViNet:一种使用可解释人工智能进行水果疾病检测和分类的有效深度学习框架。
BMC Plant Biol. 2025 Jul 28;25(1):965. doi: 10.1186/s12870-025-07015-6.
5
Enhancing breast cancer detection on screening mammogram using self-supervised learning and a hybrid deep model of Swin Transformer and convolutional neural networks.使用自监督学习以及Swin Transformer和卷积神经网络的混合深度模型提高筛查乳腺钼靶片中的乳腺癌检测率。
J Med Imaging (Bellingham). 2025 Nov;12(Suppl 2):S22007. doi: 10.1117/1.JMI.12.S2.S22007. Epub 2025 May 14.
6
Two stage malware detection model in internet of vehicles (IoV) using deep learning-based explainable artificial intelligence with optimization algorithms.基于深度学习的可解释人工智能与优化算法的车联网(IoV)两阶段恶意软件检测模型
Sci Rep. 2025 Jul 1;15(1):20615. doi: 10.1038/s41598-025-00269-y.
7
CBAM VGG16: An efficient driver distraction classification using CBAM embedded VGG16 architecture.CBAM-VGG16:一种使用嵌入 CBAM 的 VGG16 架构的高效驾驶员分心分类方法。
Comput Biol Med. 2024 Sep;180:108945. doi: 10.1016/j.compbiomed.2024.108945. Epub 2024 Aug 1.
8
BlockDroid: detection of Android malware from images using lightweight convolutional neural network models with ensemble learning and blockchain for mobile devices.BlockDroid:使用带有集成学习和区块链的轻量级卷积神经网络模型从图像中检测安卓恶意软件,用于移动设备。
PeerJ Comput Sci. 2025 May 30;11:e2918. doi: 10.7717/peerj-cs.2918. eCollection 2025.
9
Robust multiclass classification of crop leaf diseases using hybrid deep learning and Grad-CAM interpretability.利用混合深度学习和Grad-CAM可解释性对作物叶片病害进行稳健的多类分类。
Sci Rep. 2025 Aug 15;15(1):29955. doi: 10.1038/s41598-025-14847-7.
10
Are Artificial Intelligence Models Listening Like Cardiologists? Bridging the Gap Between Artificial Intelligence and Clinical Reasoning in Heart-Sound Classification Using Explainable Artificial Intelligence.人工智能模型能像心脏病专家一样“聆听”吗?利用可解释人工智能弥合人工智能与心音分类临床推理之间的差距。
Bioengineering (Basel). 2025 May 22;12(6):558. doi: 10.3390/bioengineering12060558.

本文引用的文献

1
Transfer Learning for Image-Based Malware Detection for IoT.基于图像的物联网恶意软件检测的迁移学习。
Sensors (Basel). 2023 Mar 20;23(6):3253. doi: 10.3390/s23063253.
2
Explainable Malware Detection System Using Transformers-Based Transfer Learning and Multi-Model Visual Representation.基于转换器的迁移学习和多模型视觉表示的可解释恶意软件检测系统。
Sensors (Basel). 2022 Sep 7;22(18):6766. doi: 10.3390/s22186766.
3
A Novel Detection and Multi-Classification Approach for IoT-Malware Using Random Forest Voting of Fine-Tuning Convolutional Neural Networks.
基于卷积神经网络微调随机森林投票的物联网恶意软件新型检测与多分类方法。
Sensors (Basel). 2022 Jun 6;22(11):4302. doi: 10.3390/s22114302.
4
An Efficient CNN-Based Deep Learning Model to Detect Malware Attacks (CNN-DMA) in 5G-IoT Healthcare Applications.基于高效 CNN 的深度学习模型,用于检测 5G-IoT 医疗保健应用中的恶意软件攻击 (CNN-DMA)。
Sensors (Basel). 2021 Sep 23;21(19):6346. doi: 10.3390/s21196346.