{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,3]],"date-time":"2026-05-03T11:04:50Z","timestamp":1777806290386,"version":"3.51.4"},"reference-count":46,"publisher":"SAGE Publications","issue":"1","license":[{"start":{"date-parts":[[2025,9,2]],"date-time":"2025-09-02T00:00:00Z","timestamp":1756771200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/journals.sagepub.com\/page\/policies\/text-and-data-mining-license"}],"funder":[{"name":"Gansu Science and Technology Association Young Science and Technology Talents Lifting Project","award":["No. GXH20220530-10"],"award-info":[{"award-number":["No. GXH20220530-10"]}]},{"name":"Youth Foundation of Gansu Province","award":["No. 23JRRA1358"],"award-info":[{"award-number":["No. 23JRRA1358"]}]}],"content-domain":{"domain":["journals.sagepub.com"],"crossmark-restriction":true},"short-container-title":["Journal of Computer Security"],"published-print":{"date-parts":[[2026,1]]},"abstract":"<jats:p>\n                    Cybersecurity threats continue to escalate with the rapid advancement of internet technology, with malicious code posing a particularly daunting challenge. Traditional detection methods based on feature code matching struggle to keep pace with evolving anti-detection techniques and the proliferation of malicious code variants. Current malware detection often relies on extracting opcode sequences or converting binary files into grayscale maps for analysis based on deep learning. However, text-based methods for malware detection face decompilation errors due to obfuscation, which compromise feature extraction accuracy, and the limitation of n-gram in capturing global behavior patterns beyond local opcode sequences. Image-based methods, on the other hand, risk losing code structure and semantics during image conversion, and the need for fixed-size inputs in convolutional neural networks can lead to feature information loss during resizing or cropping. To address these challenges, this paper proposes feature fusion-based squeeze and excitation (FFSE)\u2013bidirectional temporal convolutional network (BiTCN), a novel hybrid malware detection model that integrates the advantages of FFSE and BiTCN. The FFSE is utilized to extract multi-scale features and fuse global and local features with a channel attention mechanism, while the BiTCN is adopted to capture temporal evolution of malware behavior and integrate features of different levels with a pooling fusion mechanism. Experimental results on the BIG2015 and DataCon datasets demonstrate that the proposed model outperforms existing malware detection methods in terms of\n                    <jats:inline-formula>\n                      <mml:math xmlns:mml=\"http:\/\/www.w3.org\/1998\/Math\/MathML\" display=\"inline\" overflow=\"scroll\">\n                        <mml:mtext>Accuracy<\/mml:mtext>\n                      <\/mml:math>\n                    <\/jats:inline-formula>\n                    ,\n                    <jats:inline-formula>\n                      <mml:math xmlns:mml=\"http:\/\/www.w3.org\/1998\/Math\/MathML\" display=\"inline\" overflow=\"scroll\">\n                        <mml:mtext>Recall<\/mml:mtext>\n                      <\/mml:math>\n                    <\/jats:inline-formula>\n                    , and\n                    <jats:inline-formula>\n                      <mml:math xmlns:mml=\"http:\/\/www.w3.org\/1998\/Math\/MathML\" display=\"inline\" overflow=\"scroll\">\n                        <mml:mtext>F1-score<\/mml:mtext>\n                      <\/mml:math>\n                    <\/jats:inline-formula>\n                    . It proves the robustness and generalization of the proposed model and contributes significantly to the field of malware detection.\n                  <\/jats:p>","DOI":"10.1177\/0926227x251370259","type":"journal-article","created":{"date-parts":[[2025,9,2]],"date-time":"2025-09-02T12:25:45Z","timestamp":1756815945000},"page":"29-45","update-policy":"https:\/\/doi.org\/10.1177\/sage-journals-update-policy","source":"Crossref","is-referenced-by-count":0,"title":["Feature fusion-based squeeze and excitation (FFSE)\u2013bidirectional temporal convolutional network (BiTCN): A hybrid malware detection model"],"prefix":"10.1177","volume":"34","author":[{"given":"Jinxiong","family":"Zhao","sequence":"first","affiliation":[{"name":"State Grid Gansu Electric Power Research Institute,\u00a0Lanzhou,\u00a0Gansu, China"},{"name":"State Grid Gansu Electric Power Company,\u00a0Lanzhou, Gansu,\u00a0China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ji\u2019en","family":"Niu","sequence":"additional","affiliation":[{"name":"State Grid Gansu Electric Power Research Institute,\u00a0Lanzhou,\u00a0Gansu, China"},{"name":"State Grid Gansu Electric Power Company,\u00a0Lanzhou, Gansu,\u00a0China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yong","family":"Yang","sequence":"additional","affiliation":[{"name":"State Grid Gansu Electric Power Research Institute,\u00a0Lanzhou,\u00a0Gansu, China"},{"name":"State Grid Gansu Electric Power Company,\u00a0Lanzhou, Gansu,\u00a0China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zhiru","family":"Li","sequence":"additional","affiliation":[{"name":"State Grid Gansu Electric Power Research Institute,\u00a0Lanzhou,\u00a0Gansu, China"},{"name":"State Grid Gansu Electric Power Company,\u00a0Lanzhou, Gansu,\u00a0China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dongqing","family":"Liu","sequence":"additional","affiliation":[{"name":"State Grid Gansu Electric Power Research Institute,\u00a0Lanzhou,\u00a0Gansu, China"},{"name":"State Grid Gansu Electric Power Company,\u00a0Lanzhou, Gansu,\u00a0China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1416-472X","authenticated-orcid":false,"given":"Lei","family":"Zhang","sequence":"additional","affiliation":[{"name":"Hangzhou Innovation Institute of Beihang University,\u00a0Hangzhou, Zhejiang, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"179","published-online":{"date-parts":[[2025,9,2]]},"reference":[{"key":"e_1_3_2_2_2","unstructured":"CNNIC. The 52nd statistical report on the development of the internet in China. China Internet Network Information Center (CNNIC) August 2023. https:\/\/www.cnnic.net.cn\/n4\/2023\/0828\/c88-10829.html."},{"key":"e_1_3_2_3_2","unstructured":"kaspersky. 2022 cybercriminals-attack 2022. https:\/\/www.kaspersky.com.cn\/about\/press-releases\/2022cybercriminals-attack."},{"key":"e_1_3_2_4_2","volume-title":"Research on Malicious Code Family Detection Technology Based on Deep Learning","author":"Wang G","year":"2021","unstructured":"Wang G. Research on Malicious Code Family Detection Technology Based on Deep Learning. Chinese Public Security University, 2021. DOI: 10.27634\/d.cnki.gzrgu.2021.000278."},{"key":"e_1_3_2_5_2","first-page":"114","article-title":"Malicious code homology analysis technology research","volume":"11","author":"Sun T","year":"2021","unstructured":"Sun T, Wang B, Xin M. Malicious code homology analysis technology research. New Ind 2021; 11: 114\u2013117.","journal-title":"New Ind"},{"key":"e_1_3_2_6_2","volume-title":"Research on Network Worm Propagation and Control Model","author":"Li Y","year":"2013","unstructured":"Li Y. Research on Network Worm Propagation and Control Model. North University of China, 2013."},{"key":"e_1_3_2_7_2","volume-title":"Research on Homology Identification Technology of Malicious Code Based on Deep Learning","author":"Liu H","year":"2020","unstructured":"Liu H. Research on Homology Identification Technology of Malicious Code Based on Deep Learning. Electronic Science Research Institute of China Electronics Technology Corporation, 2020. DOI: 10.27728\/d.cnki.gdzkx.2020.000008."},{"key":"e_1_3_2_8_2","doi-asserted-by":"crossref","unstructured":"Bazrafshan Z Hashemi H Fard SMH et al. A survey on heuristic malware detection techniques. In: The 5th conference on information and knowledge technology Shiraz Iran 28\u201330 May 2013 pp.113\u2013120. IEEE.","DOI":"10.1109\/IKT.2013.6620049"},{"key":"e_1_3_2_9_2","doi-asserted-by":"crossref","unstructured":"Vasilescu M Gheorghe L Tapus N. Practical malware analysis based on sandboxing. In: 2014 RoEduNet conference 13th edition: Networking in education and research joint event RENAM 8th conference Chisinau Moldova 11\u201313 September 2014 pp.1\u20136. IEEE.","DOI":"10.1109\/RoEduNet-RENAM.2014.6955304"},{"key":"e_1_3_2_10_2","unstructured":"Agarap AF. Towards building an intelligent anti-malware system: a deep learning approach using support vector machine (SVM) for malware classification. arXiv preprint arXiv:180100318 2017."},{"key":"e_1_3_2_11_2","doi-asserted-by":"crossref","unstructured":"Zulkifli A Hamid IRA Shah WM et al. Android malware detection based on network traffic using decision tree algorithm. In: Recent advances on soft computing and data mining: proceedings of the third international conference on soft computing and data mining (SCDM 2018) Johor Malaysia 6\u20137 February 2018 pp.485\u2013494.","DOI":"10.1007\/978-3-319-72550-5_46"},{"key":"e_1_3_2_12_2","first-page":"100546","article-title":"A survey of malware detection using deep learning","volume":"16","author":"Bensaoud A","year":"2024","unstructured":"Bensaoud A, Kalita J, Bensaoud M. A survey of malware detection using deep learning. Mach Learn Appl 2024; 16: 100546.","journal-title":"Mach Learn Appl"},{"key":"e_1_3_2_13_2","doi-asserted-by":"crossref","unstructured":"Rbah Y Mahfoudi M Fattah M et al. A comprehensive survey on deep learning approaches for safeguarding the internet of medical things from malicious intrusions. In: 2024 international conference on circuit systems and communication (ICCSC) Fes Morocco 28\u201329 June 2024 pp.1\u20136.","DOI":"10.1109\/ICCSC62074.2024.10616971"},{"key":"e_1_3_2_14_2","doi-asserted-by":"crossref","unstructured":"Gibert D Mateu C Planes J. A hierarchical convolutional neural network for malware classification. In: 2019 International joint conference on neural networks (IJCNN) Budapest Hungary 14\u201319 July 2019 pp.1\u20138. IEEE.","DOI":"10.1109\/IJCNN.2019.8852469"},{"key":"e_1_3_2_15_2","doi-asserted-by":"publisher","DOI":"10.7717\/peerj-cs.285"},{"key":"e_1_3_2_16_2","doi-asserted-by":"crossref","unstructured":"Bae J Lee C. Easy data augmentation for improved malware detection: a comparative study. In: 2021 IEEE international conference on big data and smart computing (BigComp) Jeju Island Korea (South) 17\u201320 January 2021 pp.214\u2013218. IEEE.","DOI":"10.1109\/BigComp51126.2021.00048"},{"key":"e_1_3_2_17_2","first-page":"103151","article-title":"Malicious code classification based on opcode sequences and textCNN network","volume":"67","author":"Wang Q","year":"2022","unstructured":"Wang Q, Qian Q. Malicious code classification based on opcode sequences and textCNN network. J Inf Secur Appl 2022; 67: 103151.","journal-title":"J Inf Secur Appl"},{"key":"e_1_3_2_18_2","first-page":"67","article-title":"BiLSTM malicious code classification based on multi-feature fusion","volume":"30","author":"Liu Z","year":"2022","unstructured":"Liu Z, Wang C. BiLSTM malicious code classification based on multi-feature fusion. Electron Des Eng 2022; 30: 67\u201372.","journal-title":"Electron Des Eng"},{"key":"e_1_3_2_19_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2022.3179384"},{"key":"e_1_3_2_20_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2023.3287395"},{"key":"e_1_3_2_21_2","doi-asserted-by":"publisher","DOI":"10.1109\/TII.2018.2822680"},{"key":"e_1_3_2_22_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2906934"},{"key":"e_1_3_2_23_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2020.107138"},{"key":"e_1_3_2_24_2","first-page":"670","article-title":"Research on application of attention-CNN in malware detection","volume":"15","author":"Ma D","year":"2021","unstructured":"Ma D, Wan L, Cheng Q. Research on application of attention-CNN in malware detection. Comput Sci Explor 2021; 15: 670\u2013681.","journal-title":"Comput Sci Explor"},{"key":"e_1_3_2_25_2","doi-asserted-by":"publisher","DOI":"10.3390\/e23030344"},{"key":"e_1_3_2_26_2","first-page":"1142","article-title":"Malicious code detection based on multi-channel image deep learning","volume":"41","author":"Jiang K","year":"2021","unstructured":"Jiang K, Bai W, Zhang L, et al. Malicious code detection based on multi-channel image deep learning. J Comput Appl 2021; 41: 1142.","journal-title":"J Comput Appl"},{"key":"e_1_3_2_27_2","doi-asserted-by":"publisher","DOI":"10.3390\/s22228739"},{"key":"e_1_3_2_28_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102761"},{"key":"e_1_3_2_29_2","first-page":"4754","article-title":"Dynamic prototype network based on sample adaptation for few-shot malware detection","volume":"35","author":"Chai Y","year":"2022","unstructured":"Chai Y, Du L, Qiu J, et al. Dynamic prototype network based on sample adaptation for few-shot malware detection. IEEE Trans Knowl Data Eng 2022; 35: 4754\u20134766.","journal-title":"IEEE Trans Knowl Data Eng"},{"key":"e_1_3_2_30_2","doi-asserted-by":"crossref","unstructured":"Nataraj L Karthikeyan S Jacob G et al. Malware images: visualization and automatic classification. In: Proceedings of the 8th international symposium on visualization for cyber security Pittsburgh Pennsylvania USA 20 July 2011 pp.1\u20137. Association for Computing Machinery New York NY United States.","DOI":"10.1145\/2016904.2016908"},{"key":"e_1_3_2_31_2","doi-asserted-by":"publisher","DOI":"10.1002\/sec.1600"},{"key":"e_1_3_2_32_2","first-page":"57","article-title":"A fast malicious code detection method based on feature fusion","volume":"51","author":"Wang S","year":"2023","unstructured":"Wang S, Wang J, Wang Y, et al. A fast malicious code detection method based on feature fusion. Chin J Electron 2023; 51: 57\u201366.","journal-title":"Chin J Electron"},{"key":"e_1_3_2_33_2","first-page":"104","article-title":"Malicious code classification method based on BiTCN-DLP","volume":"23","author":"Li S","year":"2023","unstructured":"Li S, Wang J, Song Y, et al. Malicious code classification method based on BiTCN-DLP. Inf Netw Secur 2023; 23: 104\u2013117.","journal-title":"Inf Netw Secur"},{"key":"e_1_3_2_34_2","unstructured":"Royi R Marian R Corina F et al.\u00a0Microsoft malware classification challenge.\u00a0arXiv preprint arXiv: 1802.10135 2018."},{"key":"e_1_3_2_35_2","unstructured":"Institute QAXTR. DataCon: multi-domain large-scale competition open data for security research[EB\/OL]. [2020-08-25]. https:\/\/DataCon.qianxin.com\/opendata."},{"key":"e_1_3_2_36_2","first-page":"332","article-title":"Research on multi-classification method of malicious code family based on one-dimensional convolutional neural network","volume":"38","author":"Wang D","year":"2021","unstructured":"Wang D, Yang K, Xuan J, et al. Research on multi-classification method of malicious code family based on one-dimensional convolutional neural network. Comput Appl Softw 2021; 38: 332\u2013336.","journal-title":"Comput Appl Softw"},{"key":"e_1_3_2_37_2","doi-asserted-by":"crossref","unstructured":"Ren Z Bai TMalware visualization based on deep learning. In: 2021 14th international congress on image and signal processing biomedical engineering and informatics (CISP-BMEI) Shanghai China \u00a0October 23-25 2021 pp.1\u20135. IEEE.","DOI":"10.1109\/CISP-BMEI53629.2021.9624362"},{"key":"e_1_3_2_38_2","first-page":"881","article-title":"Research on the classification of malicious code families with attention mechanism","volume":"15","author":"Wang R","year":"2021","unstructured":"Wang R, Gao J, Tong X, et al. Research on the classification of malicious code families with attention mechanism. J Front Comput Sci Technol 2021; 15: 881\u2013892.","journal-title":"J Front Comput Sci Technol"},{"key":"e_1_3_2_39_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jksuci.2022.02.026"},{"key":"e_1_3_2_40_2","first-page":"351","article-title":"Android malware family classification method based on synthetic image and Xception improved model","volume":"50","author":"Yu X","year":"2023","unstructured":"Yu X, Lu T, Du Y, et al. Android malware family classification method based on synthetic image and Xception improved model. Comput Sci 2023; 50: 351.","journal-title":"Comput Sci"},{"key":"e_1_3_2_41_2","doi-asserted-by":"crossref","unstructured":"Zhu X He S Wang X et al. Simplified-Xception: a new way to speed up malicious code classification. In: 2023 26th International conference on computer supported cooperative work in design (CSCWD) Rio de Janeiro Brazil 24\u201326 May 2023 pp.582\u2013587. IEEE.","DOI":"10.1109\/CSCWD57460.2023.10152755"},{"key":"e_1_3_2_42_2","doi-asserted-by":"crossref","unstructured":"Kumar S Sapru Y Chahal NS. Malicious program detection using distinct textural features and fine-tuned InceptionV3 model. In: 2024 IEEE 5th India council international subsections conference (INDISCON) Chandigarh India 22\u201324 August 2024 pp.1\u20136.","DOI":"10.1109\/INDISCON62179.2024.10744315"},{"key":"e_1_3_2_43_2","volume-title":"DeepCG: Classifying metamorphic malware through deep learning of call graphs","author":"Zhao S","year":"2019","unstructured":"Zhao S, Ma X, Zou W, et al. DeepCG: Classifying metamorphic malware through deep learning of call graphs. Cham: Springer, 2019."},{"key":"e_1_3_2_44_2","first-page":"2339","article-title":"A malicious code feature extraction method based on probabilistic topic model","volume":"56","author":"Liu Y","year":"2019","unstructured":"Liu Y, Wang Z, Hou Y, et al. A malicious code feature extraction method based on probabilistic topic model. Comput Res Dev 2019; 56: 2339\u20132348.","journal-title":"Comput Res Dev"},{"key":"e_1_3_2_45_2","doi-asserted-by":"crossref","unstructured":"Guo H Huang S Zhang M et al. Classification of malware variant based on ensemble learning. In: International Conference on Machine learning for cyber security Guangzhou China 8\u201310 October 2020 pp.125\u2013139. Cham: Springer International Publishing.","DOI":"10.1007\/978-3-030-62223-7_11"},{"key":"e_1_3_2_46_2","doi-asserted-by":"crossref","unstructured":"Saadat S Joseph Raymond V. Malware classification using CNN-XGBoost model. In: Artificial intelligence techniques for advanced computing applications: proceedings of ICACT 2020 Chennai India 23\u201324 January 2020 pp.191\u2013202. Singapore: Springer Singapore.","DOI":"10.1007\/978-981-15-5329-5_19"},{"key":"e_1_3_2_47_2","doi-asserted-by":"publisher","DOI":"10.3390\/app12199593"}],"container-title":["Journal of Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.1177\/0926227X251370259","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/full-xml\/10.1177\/0926227X251370259","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.1177\/0926227X251370259","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,29]],"date-time":"2026-04-29T20:45:56Z","timestamp":1777495556000},"score":1,"resource":{"primary":{"URL":"https:\/\/journals.sagepub.com\/doi\/10.1177\/0926227X251370259"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,9,2]]},"references-count":46,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2026,1]]}},"alternative-id":["10.1177\/0926227X251370259"],"URL":"https:\/\/doi.org\/10.1177\/0926227x251370259","relation":{},"ISSN":["0926-227X","1875-8924"],"issn-type":[{"value":"0926-227X","type":"print"},{"value":"1875-8924","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,9,2]]}}}