{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,8]],"date-time":"2026-01-08T23:52:39Z","timestamp":1767916359207,"version":"3.49.0"},"reference-count":43,"publisher":"Wiley","license":[{"start":{"date-parts":[[2020,12,4]],"date-time":"2020-12-04T00:00:00Z","timestamp":1607040000000},"content-version":"unspecified","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100007085","name":"National University of Defense Technology","doi-asserted-by":"publisher","award":["1908085QF291"],"award-info":[{"award-number":["1908085QF291"]}],"id":[{"id":"10.13039\/501100007085","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100003995","name":"Natural Science Foundation of Anhui Province","doi-asserted-by":"publisher","award":["1908085QF291"],"award-info":[{"award-number":["1908085QF291"]}],"id":[{"id":"10.13039\/501100003995","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Security and Communication Networks"],"published-print":{"date-parts":[[2020,12,4]]},"abstract":"<jats:p>In recent years, the research on malware variant classification has attracted much more attention. However, there are still many challenges, including the low accuracy of classification of samples of similar malware families, high time, and resource consumption. This paper proposes a new method of malware classification based on multiple visual features of malware and deep learning algorithms. In prior research, visualization techniques and entropy demonstrated exemplary performance in many areas. This paper extracts numerous visual features from the raw bytes and entropy sequence of the malware, which makes it more sensitive to malware samples of similar families and endows it the ability to classify malware variants more accurately. To evaluate the proposed method, this paper conducted a series of experiments on two malware datasets with a total of more than 20,000 samples provided by the Malware Research Lab and Microsoft Research. Through experiments, the method showed its superiority compared with some leading malware visual classification methods, achieving good performance on the accuracy with at least 1% improvement. The accuracy of the method even could reach 99.73% and 99.54%, respectively, on the two datasets.<\/jats:p>","DOI":"10.1155\/2020\/8881760","type":"journal-article","created":{"date-parts":[[2020,12,4]],"date-time":"2020-12-04T21:11:05Z","timestamp":1607116265000},"page":"1-19","source":"Crossref","is-referenced-by-count":4,"title":["Binary File\u2019s Visualization and Entropy Features Analysis Combined with Multiple Deep Learning Networks for Malware Classification"],"prefix":"10.1155","volume":"2020","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-4537-0710","authenticated-orcid":true,"given":"Hui","family":"Guo","sequence":"first","affiliation":[{"name":"College of Electronic Engineering, National University of Defense Technology, Hefei 230011, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6255-8278","authenticated-orcid":true,"given":"Shuguang","family":"Huang","sequence":"additional","affiliation":[{"name":"College of Electronic Engineering, National University of Defense Technology, Hefei 230011, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5871-946X","authenticated-orcid":true,"given":"Cheng","family":"Huang","sequence":"additional","affiliation":[{"name":"College of Cybersecurity, Sichuan University, Chengdu 610065, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4533-2706","authenticated-orcid":true,"given":"Fan","family":"Shi","sequence":"additional","affiliation":[{"name":"College of Electronic Engineering, National University of Defense Technology, Hefei 230011, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4082-7486","authenticated-orcid":true,"given":"Min","family":"Zhang","sequence":"additional","affiliation":[{"name":"College of Electronic Engineering, National University of Defense Technology, Hefei 230011, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5775-5824","authenticated-orcid":true,"given":"Zulie","family":"Pan","sequence":"additional","affiliation":[{"name":"College of Electronic Engineering, National University of Defense Technology, Hefei 230011, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"311","reference":[{"key":"1","article-title":"Internet security threat report","author":"SYMANTEC","year":"2020"},{"key":"2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2018.11.001"},{"key":"3","first-page":"1","article-title":"Malware images: visualization and automatic classification","author":"L. Nataraj"},{"key":"4","doi-asserted-by":"publisher","DOI":"10.1109\/tii.2018.2822680"},{"key":"5","first-page":"21","article-title":"A comparative assessment of malware classification using binary texture analysis and dynamic analysis","author":"L. Nataraj"},{"key":"6","doi-asserted-by":"publisher","DOI":"10.1016\/j.compeleceng.2019.03.015"},{"key":"7","doi-asserted-by":"publisher","DOI":"10.3390\/app10082847"},{"key":"8","doi-asserted-by":"publisher","DOI":"10.1016\/j.jides.2016.10.009"},{"key":"9","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-016-0330-4"},{"key":"10","doi-asserted-by":"publisher","DOI":"10.1016\/j.asoc.2019.105598"},{"key":"11","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2016.04.009"},{"issue":"3","key":"12","doi-asserted-by":"crossref","first-page":"293","DOI":"10.14257\/ijsia.2015.9.3.23","article-title":"On the comparison of malware detection methods using data mining with two feature sets","volume":"9","author":"S. S. W. Piyanuntcharatsr","year":"2015","journal-title":"International Journal of Security and Its Applications"},{"key":"13","first-page":"19","article-title":"A hybrid framework for malware detection","author":"Z. Feng"},{"key":"14","first-page":"1007","article-title":"An alternative to ncd for large sequences, lempel-ziv jaccard distance","author":"E. Raff"},{"key":"15","first-page":"1357","article-title":"Discriminant malware distance learning on structural information for automated malware classification","author":"D. Kong"},{"key":"16","first-page":"31","article-title":"Variant: a malware similarity testing framework","author":"J. Upchurch"},{"key":"17","first-page":"138","article-title":"Malware function classification using apis in initial behavior","author":"N. Kawaguchi"},{"key":"18","first-page":"771","article-title":"Maxs: scaling malware execution with sequential multi-hypothesis testing","author":"P. Vadrevu"},{"key":"19","doi-asserted-by":"publisher","DOI":"10.1007\/s10586-017-1110-2"},{"key":"20","doi-asserted-by":"publisher","DOI":"10.1109\/access.2019.2934012"},{"issue":"3","key":"21","first-page":"965","article-title":"Feature selection and extraction for malware classification","volume":"31","author":"C.-T. Lin","year":"2015","journal-title":"Journal of Information Science and Engineering"},{"key":"22","first-page":"1","article-title":"Machine learning and images for malware detection and clxassification","author":"K. Kosmidis"},{"issue":"7","key":"23","article-title":"A cross-platform malware variant classification based on image representation","volume":"13","author":"H. Naeem","year":"2019","journal-title":"KSII Transactions on Internet & Information Systems"},{"key":"24","first-page":"5334","article-title":"Malware variant detection using similarity search over content fingerprint","author":"B. Xiaofang"},{"key":"25","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-018-0314-1"},{"key":"26","first-page":"1","article-title":"Malware variant detection using opcode image recognition with small training sets","author":"J. Zhang"},{"key":"27","doi-asserted-by":"publisher","DOI":"10.1155\/2014\/132713"},{"key":"28","doi-asserted-by":"crossref","first-page":"51","DOI":"10.1007\/978-3-319-77028-4_9","article-title":"Malicious software classification using vgg16 deep neural network\u2019s bottleneck features","volume-title":"Information Technology-New Generations","author":"E. Rezende","year":"2018"},{"key":"29","first-page":"770","article-title":"Deep residual learning for image recognition","author":"K. He"},{"key":"30","first-page":"1251","article-title":"Xception: deep learning with depthwise separable convolutions","author":"F. Chollet"},{"key":"31","first-page":"1","article-title":"Going deeper with convolutions","author":"C. Szegedy"},{"key":"32","article-title":"Batch normalization: accelerating deep network training by reducing internal covariate shift","author":"S. Ioffe","year":"2015"},{"key":"33","first-page":"2818","article-title":"Rethinking the inception architecture for computer vision","author":"C. Szegedy"},{"key":"34","article-title":"Inception-v4, inception-resnet and the impact of residual connections on learning","author":"C. Szegedy","year":"2016"},{"key":"35","article-title":"Very deep convolutional networks for large-scale image recognition","author":"K. Simonyan","year":"2014"},{"key":"36","doi-asserted-by":"publisher","DOI":"10.1109\/72.279181"},{"issue":"1","key":"37","article-title":"Untersuchungen zu dynamischen neuronalen netzen","volume":"91","author":"S. Hochreiter","year":"1991","journal-title":"Diploma, Technische Universit\u00e4t M\u00fcnchen"},{"issue":"9","key":"38","doi-asserted-by":"crossref","first-page":"1704","DOI":"10.1109\/TPAMI.2011.235","article-title":"Aggregating local image descriptors into compact codes","volume":"34","author":"H. Jegou","year":"2011","journal-title":"IEEE Transactions on Pattern Analysis and Machine Intelligence"},{"key":"39","first-page":"249","article-title":"Understanding the difficulty of training deep feedforward neural networks","author":"X. Glorot"},{"key":"40","first-page":"1026","article-title":"Delving deep into rectifiers: surpassing human-level performance on imagenet classification","author":"K. He"},{"key":"41","first-page":"5353","article-title":"Convolutional neural networks at constrained time cost","author":"K. He"},{"key":"42","article-title":"Rectified linear units improve restricted Boltzmann machines","author":"V. Nair"},{"key":"43","article-title":"Microsoft malware classification challenge (big 2015)","author":"Microsoft","year":"2020"}],"container-title":["Security and Communication Networks"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2020\/8881760.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2020\/8881760.xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2020\/8881760.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,12,4]],"date-time":"2020-12-04T21:11:56Z","timestamp":1607116316000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.hindawi.com\/journals\/scn\/2020\/8881760\/"}},"subtitle":[],"editor":[{"given":"Liguo","family":"Zhang","sequence":"additional","affiliation":[],"role":[{"role":"editor","vocabulary":"crossref"}]}],"short-title":[],"issued":{"date-parts":[[2020,12,4]]},"references-count":43,"alternative-id":["8881760","8881760"],"URL":"https:\/\/doi.org\/10.1155\/2020\/8881760","relation":{},"ISSN":["1939-0122","1939-0114"],"issn-type":[{"value":"1939-0122","type":"electronic"},{"value":"1939-0114","type":"print"}],"subject":[],"published":{"date-parts":[[2020,12,4]]}}}