LDAM: A lightweight dual attention module for optimizing automotive malware classification

Abstract

In recent years, electric vehicles have become prime targets for cyberattacks, with attackers exploiting public charging stations, USB ports, and other entry points to implant malware. This can lead to network outages and power disruptions. Traditional rule-based classification methods struggle against malware due to advanced encryption and obfuscation techniques. Thus, innovative classification approaches are urgently needed. Previous research often focused on converting malware binary files into RGB images for family classification, but overlooked the importance of runtime memory data. Inspired by earlier work, this study introduces a new deep neural network feature extraction module, the Lightweight Dual Attention Module (LDAM), for malware image classification. LDAM leverages attention mechanisms to capture both global and detailed features and uses feature fusion to balance these scales. This approach allows the neural network to effectively classify both raw binary and memory images of malware, while maintaining a low number of trainable parameters. By integrating LDAM into EfficientNet, the model achieves classification accuracies of 96.7% on the Malvis dataset and 98.1% on the Dumpware10 dataset, making it suitable for classifying malware on vehicle systems.