A novel framework for cross-platform malware detection via AFSP and ADASYN-based balancing

IF 4.9 3区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computers & Electrical Engineering Pub Date : 2025-08-31 DOI:10.1016/j.compeleceng.2025.110625

Tong Anh Tuan , Pham Sy Nguyen , Pham Ngoc Van , Nguyen Duc Hai , Pham Duy Trung , Nguyen Thi Kim Son , Hoang Viet Long

{"title":"A novel framework for cross-platform malware detection via AFSP and ADASYN-based balancing","authors":"Tong Anh Tuan , Pham Sy Nguyen , Pham Ngoc Van , Nguyen Duc Hai , Pham Duy Trung , Nguyen Thi Kim Son , Hoang Viet Long","doi":"10.1016/j.compeleceng.2025.110625","DOIUrl":null,"url":null,"abstract":"<div><div>The rapid spread of malware and the growing complexity of attack methods demand accurate and scalable detection solutions, particularly in classification techniques in which both feature selection and model selection play a critical role. However, malware datasets are often high-dimensional and imbalanced, leading to biased models and suboptimal classification performance. This paper introduces CMF, a novel cross-platform malware detection framework that integrates Adaptive Feature Selection and Projection (AFSP) for dimensionality reduction, Adaptive Synthetic Sampling (ADASYN) for data balancing, and voting ensemble learning for classification. ADASYN consistently outperforms SMOTE by adaptively oversampling hard-to-learn boundary regions, improving minority class detection. Meanwhile, AFSP preserves feature structures while reducing dimensions, while PCA only retains maximal variance directions, making AFSP more effective for malware classification. Extensive experiments on four comprehensive available malware datasets demonstrate that CMF outperforms traditional and deep learning-based approaches, achieving superior accuracy and robustness. Notably, the highest improvement was close to 5% compared to the state-of-the-art on the CIC-MalMem-2022 (16 classes) dataset. CMF framework is highly effective detection of malware variants across multiple operating systems, for instance Windows, Linux, and Android, and heterogeneous cloud environments. This confirms CMF framework as a scalable and high-performance solution for real-world malware detection across environmental diversity.</div></div>","PeriodicalId":50630,"journal":{"name":"Computers & Electrical Engineering","volume":"128 ","pages":"Article 110625"},"PeriodicalIF":4.9000,"publicationDate":"2025-08-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Electrical Engineering","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0045790625005683","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

The rapid spread of malware and the growing complexity of attack methods demand accurate and scalable detection solutions, particularly in classification techniques in which both feature selection and model selection play a critical role. However, malware datasets are often high-dimensional and imbalanced, leading to biased models and suboptimal classification performance. This paper introduces CMF, a novel cross-platform malware detection framework that integrates Adaptive Feature Selection and Projection (AFSP) for dimensionality reduction, Adaptive Synthetic Sampling (ADASYN) for data balancing, and voting ensemble learning for classification. ADASYN consistently outperforms SMOTE by adaptively oversampling hard-to-learn boundary regions, improving minority class detection. Meanwhile, AFSP preserves feature structures while reducing dimensions, while PCA only retains maximal variance directions, making AFSP more effective for malware classification. Extensive experiments on four comprehensive available malware datasets demonstrate that CMF outperforms traditional and deep learning-based approaches, achieving superior accuracy and robustness. Notably, the highest improvement was close to 5% compared to the state-of-the-art on the CIC-MalMem-2022 (16 classes) dataset. CMF framework is highly effective detection of malware variants across multiple operating systems, for instance Windows, Linux, and Android, and heterogeneous cloud environments. This confirms CMF framework as a scalable and high-performance solution for real-world malware detection across environmental diversity.

查看原文本刊更多论文

一种基于AFSP和ad异步平衡的跨平台恶意软件检测新框架

恶意软件的快速传播和越来越复杂的攻击方法需要精确和可扩展的检测解决方案，特别是在分类技术中，特征选择和模型选择都起着至关重要的作用。然而，恶意软件数据集通常是高维和不平衡的，导致有偏差的模型和次优的分类性能。本文介绍了一种新的跨平台恶意软件检测框架CMF，该框架集成了用于降维的自适应特征选择和投影（AFSP）、用于数据平衡的自适应合成采样（ADASYN）和用于分类的投票集成学习。ADASYN通过自适应地对难以学习的边界区域进行过采样，提高了少数类检测，从而始终优于SMOTE。同时，AFSP在降维的同时保留了特征结构，而PCA只保留了最大方差方向，使得AFSP对恶意软件分类更加有效。在四个综合可用的恶意软件数据集上进行的大量实验表明，CMF优于传统和基于深度学习的方法，具有更高的准确性和鲁棒性。值得注意的是，与CIC-MalMem-2022（16类）数据集的最新水平相比，最高的改进接近5%。CMF框架非常有效地检测跨多个操作系统的恶意软件变体，例如Windows、Linux和Android，以及异构云环境。这证实了CMF框架是一种可扩展的高性能解决方案，适用于跨环境多样性的真实恶意软件检测。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Electrical Engineering 工程技术-工程：电子与电气

CiteScore

9.20

自引率

7.00%

发文量

661

审稿时长

47 days

期刊介绍： The impact of computers has nowhere been more revolutionary than in electrical engineering. The design, analysis, and operation of electrical and electronic systems are now dominated by computers, a transformation that has been motivated by the natural ease of interface between computers and electrical systems, and the promise of spectacular improvements in speed and efficiency. Published since 1973, Computers & Electrical Engineering provides rapid publication of topical research into the integration of computer technology and computational techniques with electrical and electronic systems. The journal publishes papers featuring novel implementations of computers and computational techniques in areas like signal and image processing, high-performance computing, parallel processing, and communications. Special attention will be paid to papers describing innovative architectures, algorithms, and software tools.