Crossmark

A lightweight CNN malware classification method for software detection

Published Online: 2025-05-26

Authors

Chen, Jiahui

Wu, Mingrui

Gan, Wensheng

Huang, Huiwu

Lau, Terry Shue Chien
Funding

Funding for this research was provided by:

Guangdong Provincial Key Laboratory of Power System Network Security (GPKLPSNS-2023-KF-04)
License Information

Text and Data Mining valid from 2025-05-26

Version of Record valid from 2025-05-26
More Information

Article History

Received: 2 June 2024

Accepted: 26 April 2025

First Online: 26 May 2025

Declarations

:

: The authors declare no competing interests.

: In malware detection, false positives happen when the system mistakenly labels benign software as malicious. This can impact user experience and reduce trust in the system. In businesses, false positives can also burden security teams, as they must check and fix the wrong alerts. Conversely, false negatives occur when malware is wrongly seen as safe, letting it run unchecked and posing real security risks. In the Dumpware10 dataset, the MIL-CNN model shows the fewest false negatives when the memory dump image is set to resolution. At resolution, its false positive rate is similar to that of MobileNetV2-CA. This balance helps the model improve security while reducing user inconvenience, aligning better with ethical standards.

Document is current