Obfuscated Malware Detection Using Deep Generative Model based on Global/Local Features

Jin Young Kim, Sung Bae Cho

Research output: Contribution to journalArticlepeer-review

23 Citations (Scopus)


As a large amount of malicious software (malware), including DDoS or Trojan horse pervade in communication networks, several approaches based on global and local features have been attempted to cope with some modifications added in malware variants such as null value insertion, code interchange, and reordering of subroutines. Detectors that use only one type of feature have been studied a lot, but what uses both features is rarely investigated, although good performance might be expected due to their complementary characteristics. In this paper, we propose a hybrid deep generative model that exploits global and local features together to detect the malware variants effectively. While transforming malware into an image to efficiently represent global features with pre-defined latent space, it extracts local features using the binary code sequences. The two features extracted from the data with their respective characteristics are concatenated and entered into the malware detector. By using both features, the proposed model achieves an accuracy of 97.47%, resulting in the state-of-the-art performance. We analyze what parts of the malware code affect the results of detection through a class activation map (CAM) and confirm the usefulness by analyzing the CAM results of the generated malware that virtual malware generation improves detection performance.

Original languageEnglish
Article number102501
JournalComputers and Security
Publication statusPublished - 2022 Jan

Bibliographical note

Publisher Copyright:
© 2021

All Science Journal Classification (ASJC) codes

  • Computer Science(all)
  • Law


Dive into the research topics of 'Obfuscated Malware Detection Using Deep Generative Model based on Global/Local Features'. Together they form a unique fingerprint.

Cite this