Feature fusion-based malicious code detection with dual attention mechanism and BiLSTM

Abstract

Malicious code has become an important factor threatening network security. Single feature-based malicious code detection methods have achieved good detection results, but when faced with some similar malicious code families, the detection effect is often poor. To address this concern, we propose a feature fusion-based malicious code detection with dual attention mechanism and Bi-directional Long Short-Term Memory (BiLSTM). The dual attention mechanism module gives different focuses on the channel and space of feature maps to extract local texture features of malicious code grayscale images. At the same time, the BiLSTM module extracts global texture structure features of malicious code grayscale images, and fuse local texture features with global texture features, which can not only reflect the detailed characteristics of malicious code, but also retain the overall structural characteristics. Finally, we use the focal loss function to reduce the impact of data imbalance. The experimental results show that our feature fusion approach has a better detection effect compared with the single feature approach, especially in the detection of similar malicious code families.