Journal of Frontiers of Computer Science and Technology ›› 2021, Vol. 15 ›› Issue (4): 670-681.DOI: 10.3778/j.issn.1673-9418.2004069

• Network and Information Security • Previous Articles     Next Articles

Research on Application of Attention-CNN in Malware Detection

MA Dan, WAN Liang, CHENG Qiqin, SUN Zhiqiang   

  1. 1. College of Computer Science and Technology, Guizhou University, Guiyang 550025, China
    2. Institute of Computer Software and Theory, Guizhou University, Guiyang 550025, China
  • Online:2021-04-01 Published:2021-04-02



  1. 1. 贵州大学 计算机科学与技术学院,贵阳 550025
    2. 贵州大学 计算机软件与理论研究所,贵阳 550025


The attack of malware has become one of the most major threats to the Internet. What??s more, the existing malware data are huge and have multiple features. In order to extract the characteristics better and master the behaviors of malware, Attention-CNN malware detection model based on attention mechanism is proposed. Firstly, the Attention-CNN is constructed by combining convolutional neural network (CNN) and the attention mechanism. Secondly, the malwares are transformed into gray-scale images as the input of the detection model. The attention maps and detection results corresponding to the malware are obtained by training and testing the Attention-CNN model. Eventually, the important byte sequences extracted from the attention map are used for manual analysis to reveal the behaviors of malware. Experimental results show that, Attention-CNN can get better detection results than SVM (support vector machine), random forest, J48.trees and CNN without attention mechanism. Meanwhile, Attention-CNN improves the detection accuracy by 4.3 percentage points compared with vsNet. Moreover, the important byte sequences extracted from the attention map can effectively reduce the burden of manual analysis and obtain the relevant behaviors of malware, and make up for the non-interpretability of malware detection in the form of gray-scale image.

Key words: malware detection, convolutional neural network (CNN), attention mechanism, byte sequences, manual analysis



关键词: 恶意代码检测, 卷积神经网络(CNN), 注意力机制, 字节序列, 人工分析