{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,24]],"date-time":"2026-02-24T02:57:47Z","timestamp":1771901867190,"version":"3.50.1"},"reference-count":39,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2026,2,24]],"date-time":"2026-02-24T00:00:00Z","timestamp":1771891200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2026,2,24]],"date-time":"2026-02-24T00:00:00Z","timestamp":1771891200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["No. 62162009"],"award-info":[{"award-number":["No. 62162009"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100018533","name":"Major Scientific and Technological Special Project of Guizhou Province","doi-asserted-by":"publisher","award":["No. [2024]014"],"award-info":[{"award-number":["No. [2024]014"]}],"id":[{"id":"10.13039\/501100018533","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Big Data and Network Security Innovation Team of Universities in Guizhou Province","award":["No. [2023]052"],"award-info":[{"award-number":["No. [2023]052"]}]},{"name":"the Key Technologies R & D Program of He\u2019nan Province","award":["No. 242102211065"],"award-info":[{"award-number":["No. 242102211065"]}]},{"DOI":"10.13039\/501100013057","name":"Innovation Scientists and Technicians Troop Construction Projects of Henan Province","doi-asserted-by":"publisher","award":["No. CXTD2017099"],"award-info":[{"award-number":["No. CXTD2017099"]}],"id":[{"id":"10.13039\/501100013057","id-type":"DOI","asserted-by":"publisher"}]},{"name":"the Scientific Research Innovation Team of Xuchang University","award":["No. 2022CXTD003"],"award-info":[{"award-number":["No. 2022CXTD003"]}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cybersecurity"],"abstract":"Abstract<\/jats:title>\n \n In response to the increasing threat posed by the exponential growth of malware in cybersecurity, researchers have developed a number of malware classification methods based on malware images and deep learning in recent years. Newly proposed methods of this type tend to focus on generating malware images by extracting multiple types of information from a PE file, as well as on using complex convolutional neural network (CNN) models, to achieve high classification accuracy. Methods that involve extracting multiple types of information, especially those that require file disassembly for acquisition and the subsequent use of complex CNN models, result in a lengthy process for generating malware images and significantly increase model training durations. To alleviate this problem, we adopt the idea of using only a small part of the content that can be easily extracted from a PE file to efficiently generate a malware image, and implement malware classification without relying on complex CNN models. As a key component of a PE file, the PE header and the section table (we call them PE metadata) are characterized by a relatively low byte count and are likely to be useful for malware classification according to the similarities observed in the PE metadata between malware from both the same family and different families. Therefore, in this work, we explore the feasibility of using PE metadata alone to generate an image for malware classification and propose an Image of PE metadata (IPM) generated from PE metadata to represent malware. Based on the proposed IPM, we then construct a shallow CNN model and combine it with a support vector machine classifier to introduce a novel malware classification method called MCPDS (\n \n M<\/jats:italic>\n <\/jats:bold>\n alware\n \n c<\/jats:italic>\n <\/jats:bold>\n lassification method using\n \n P<\/jats:italic>\n <\/jats:bold>\n E metadata,\n \n d<\/jats:italic>\n <\/jats:bold>\n eep learning and\n \n s<\/jats:italic>\n <\/jats:bold>\n upport vector machine). The experimental results show that the MCPDS not only achieves high accuracy in terms of classifying malware on two malware datasets but also exhibits high efficiency in terms of image generation and good robustness against adversarial samples.\n <\/jats:p>","DOI":"10.1186\/s42400-025-00455-5","type":"journal-article","created":{"date-parts":[[2026,2,24]],"date-time":"2026-02-24T02:02:03Z","timestamp":1771898523000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["MCPDS: image-based malware classification method using PE metadata alone"],"prefix":"10.1186","volume":"9","author":[{"given":"Yonglin","family":"Zhao","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3341-220X","authenticated-orcid":false,"given":"Chun","family":"Guo","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yuan","family":"Ping","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yi","family":"Chen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yunhe","family":"Cui","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Guowei","family":"Shen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2026,2,24]]},"reference":[{"key":"455_CR1","unstructured":"AV-Atlas (2025) Malware statistics. https:\/\/portal.av-atlas.org\/malware\/statistics. Accessed 18 May 2025"},{"key":"455_CR2","doi-asserted-by":"publisher","first-page":"603","DOI":"10.1016\/j.future.2024.03.051","volume":"157","author":"MR Babaei Mosleh","year":"2024","unstructured":"Babaei Mosleh MR, Sharifian S (2024) An efficient cloud-integrated distributed deep neural network framework for IoT malware classification. Future Gener Comput Syst 157:603\u2013617. https:\/\/doi.org\/10.1016\/j.future.2024.03.051","journal-title":"Future Gener Comput Syst"},{"key":"455_CR3","doi-asserted-by":"publisher","DOI":"10.1016\/j.knosys.2024.111543","volume":"290","author":"A Bensaoud","year":"2024","unstructured":"Bensaoud A, Kalita J (2024) CNN-LSTM and transfer learning models for malware classification based on opcodes and API calls. Knowl-Based Syst 290:111543. https:\/\/doi.org\/10.1016\/j.knosys.2024.111543","journal-title":"Knowl-Based Syst"},{"key":"455_CR4","doi-asserted-by":"publisher","unstructured":"Brosolo M, Puthuvath V, KA A, et\u00a0al (2024) Sok: Visualization-based malware detection techniques. In: Proceedings of the 19th international conference on availability, reliability and security. Association for Computing Machinery, New York, NY, USA, ARES \u201924. https:\/\/doi.org\/10.1145\/3664476.3664514","DOI":"10.1145\/3664476.3664514"},{"key":"455_CR5","doi-asserted-by":"publisher","DOI":"10.1016\/j.asoc.2021.107234","volume":"105","author":"G D\u2019Angelo","year":"2021","unstructured":"D\u2019Angelo G, Ficco M, Palmieri F (2021) Association rule-based malware classification using common subsequences of API calls. Appl Soft Comput 105:107234. https:\/\/doi.org\/10.1016\/j.asoc.2021.107234","journal-title":"Appl Soft Comput"},{"key":"455_CR6","unstructured":"Dataedo (2024) What is metadata. https:\/\/dataedo.com\/kb\/data-glossary\/what-is-metadata. Accessed 19 Jun 2024"},{"key":"455_CR7","doi-asserted-by":"publisher","DOI":"10.1145\/3473039","author":"L Demetrio","year":"2021","unstructured":"Demetrio L, Coull SE, Biggio B et al (2021) Adversarial exemples: a survey and experimental evaluation of practical attacks on machine learning for windows malware detection. ACM Trans Priv Secur. https:\/\/doi.org\/10.1145\/3473039","journal-title":"ACM Trans Priv Secur"},{"key":"455_CR8","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.103084","volume":"126","author":"H Deng","year":"2023","unstructured":"Deng H, Guo C, Shen G et al (2023) Mctvd: a malware classification method based on three-channel visualization and deep learning. Comput Secur 126:103084. https:\/\/doi.org\/10.1016\/j.cose.2022.103084","journal-title":"Comput Secur"},{"key":"455_CR9","doi-asserted-by":"publisher","unstructured":"Fuyong Z, Tiezhu Z (2017) Malware detection and classification based on n-grams attribute similarity. In: 2017 IEEE international conference on computational science and engineering (CSE) and IEEE international conference on embedded and ubiquitous computing (EUC), Guangzhou, China, pp 793\u2013796. https:\/\/doi.org\/10.1109\/CSE-EUC.2017.157","DOI":"10.1109\/CSE-EUC.2017.157"},{"key":"455_CR10","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2019.102526","volume":"153","author":"D Gibert","year":"2020","unstructured":"Gibert D, Mateu C, Planes J (2020) The rise of machine learning for detection and classification of malware: Research developments, trends and challenges. J Netw Comput Appl 153:102526. https:\/\/doi.org\/10.1016\/j.jnca.2019.102526","journal-title":"J Netw Comput Appl"},{"key":"455_CR11","doi-asserted-by":"publisher","DOI":"10.1016\/j.cosrev.2022.100529","volume":"47","author":"M Gopinath","year":"2023","unstructured":"Gopinath M, Sethuraman SC (2023) A comprehensive survey on deep learning based malware detection techniques. Comput Sci Rev 47:100529. https:\/\/doi.org\/10.1016\/j.cosrev.2022.100529","journal-title":"Comput Sci Rev"},{"issue":"5","key":"455_CR12","doi-asserted-by":"publisher","first-page":"29","DOI":"10.1145\/2898969","volume":"59","author":"S Greengard","year":"2016","unstructured":"Greengard S (2016) Cybersecurity gets smart. Commun ACM 59(5):29\u201331. https:\/\/doi.org\/10.1145\/2898969","journal-title":"Commun ACM"},{"key":"455_CR13","doi-asserted-by":"publisher","unstructured":"Hassen M, Chan PK (2017) Scalable function call graph-based malware classification. In: Proceedings of the 7th ACM on conference on data and application security and privacy. Association for Computing Machinery, New York, NY, USA, CODASPY \u201917, pp 239\u2013248. https:\/\/doi.org\/10.1145\/3029806.3029824","DOI":"10.1145\/3029806.3029824"},{"issue":"1","key":"455_CR14","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1186\/s42400-024-00205-z","volume":"7","author":"MA Hossain","year":"2024","unstructured":"Hossain MA, Islam MS (2024) Enhanced detection of obfuscated malware in memory dumps: a machine learning approach for advanced cybersecurity. Cybersecurity 7(1):16. https:\/\/doi.org\/10.1186\/s42400-024-00205-z","journal-title":"Cybersecurity"},{"key":"455_CR15","unstructured":"Ioffe S, Szegedy C (2015) Batch normalization: accelerating deep network training by reducing internal covariate shift. In: Proceedings of the 32nd international conference on international conference on machine learning - Volume 37. JMLR.org, ICML\u201915, p 448\u2013456"},{"key":"455_CR16","doi-asserted-by":"publisher","first-page":"6","DOI":"10.1186\/s42400-023-00139-y","volume":"6","author":"HHR Manzil","year":"2023","unstructured":"Manzil HHR, Manohar Naik S (2023) Android malware category detection using a novel feature vector-based machine learning model. Cybersecurity 6:6. https:\/\/doi.org\/10.1186\/s42400-023-00139-y","journal-title":"Cybersecurity"},{"key":"455_CR17","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1109\/TIFS.2025.3539937","volume":"1","author":"J Mi","year":"2025","unstructured":"Mi J, Li Q, Han Z et al (2025) Graph learning on instruction stream-augmented CFG for malware variant detection. IEEE Trans Inf Forensics Secur 1:1. https:\/\/doi.org\/10.1109\/TIFS.2025.3539937","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"455_CR18","unstructured":"Microsoft (2024a) Pe format. https:\/\/learn.microsoft.com\/en-us\/windows\/win32\/debug\/pe-format. Accessed 19 Jun 2024"},{"key":"455_CR19","unstructured":"Microsoft (2024b) What is malware? https:\/\/www.microsoft.com\/en-us\/security\/business\/security-101\/what-is-malware. Accessed 19 Jun 2024"},{"key":"455_CR20","doi-asserted-by":"publisher","unstructured":"Narayanan BN, Djaneye-Boundjou O, Kebede TM (2016) Performance analysis of machine learning and pattern recognition algorithms for malware classification. In: 2016 IEEE national aerospace and electronics conference (NAECON) and Ohio innovation summit (OIS). IEEE, pp 338\u2013342. https:\/\/doi.org\/10.1109\/NAECON.2016.7856826","DOI":"10.1109\/NAECON.2016.7856826"},{"key":"455_CR21","doi-asserted-by":"publisher","unstructured":"Nataraj L, Karthikeyan S, Jacob G, et\u00a0al (2011) Malware images: visualization and automatic classification. In: Proceedings of the 8th international symposium on visualization for cyber security. Association for Computing Machinery, New York, NY, USA, VizSec \u201911, pp 1\u20137. https:\/\/doi.org\/10.1145\/2016904.2016908","DOI":"10.1145\/2016904.2016908"},{"key":"455_CR22","doi-asserted-by":"publisher","first-page":"871","DOI":"10.1016\/j.cose.2018.04.005","volume":"77","author":"S Ni","year":"2018","unstructured":"Ni S, Qian Q, Zhang R (2018) Malware identification using visualization images and deep learning. Comput Secur 77:871\u2013885. https:\/\/doi.org\/10.1016\/j.cose.2018.04.005","journal-title":"Comput Secur"},{"key":"455_CR23","unstructured":"Ronen R, Radu M, Feuerstein C, et\u00a0al (2018) Microsoft malware classification challenge. arXiv:1802.10135"},{"key":"455_CR24","doi-asserted-by":"publisher","DOI":"10.1016\/j.engappai.2023.106030","volume":"122","author":"K Shaukat","year":"2023","unstructured":"Shaukat K, Luo S, Varadharajan V (2023) A novel deep learning-based approach for malware detection. Eng Appl Artif Intell 122:106030. https:\/\/doi.org\/10.1016\/j.engappai.2023.106030","journal-title":"Eng Appl Artif Intell"},{"key":"455_CR25","doi-asserted-by":"publisher","unstructured":"Soni H, Kishore P, Mohapatra DP (2022) Opcode and API based machine learning framework for malware classification. In: 2022 2nd international conference on intelligent technologies (CONIT), pp 1\u20137. https:\/\/doi.org\/10.1109\/CONIT55038.2022.9848152","DOI":"10.1109\/CONIT55038.2022.9848152"},{"key":"455_CR26","first-page":"1929","volume":"15","author":"N Srivastava","year":"2014","unstructured":"Srivastava N, Hinton G, Krizhevsky A et al (2014) Dropout: a simple way to prevent neural networks from overfitting. J Mach Learn Res 15:1929\u20131958","journal-title":"J Mach Learn Res"},{"key":"455_CR27","doi-asserted-by":"publisher","unstructured":"Su J, Vasconcellos DV, Prasad S, et\u00a0al (2018) Lightweight classification of IoT malware based on image recognition. In: 2018 IEEE 42Nd annual computer software and applications conference (COMPSAC), pp 664\u2013669. https:\/\/doi.org\/10.1109\/COMPSAC.2018.10315","DOI":"10.1109\/COMPSAC.2018.10315"},{"key":"455_CR28","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103118","volume":"128","author":"Y Tang","year":"2023","unstructured":"Tang Y, Qi X, Jing J et al (2023) Bhmdc: a byte and hex n-gram based malware detection and classification method. Comput Secur 128:103118. https:\/\/doi.org\/10.1016\/j.cose.2023.103118","journal-title":"Comput Secur"},{"key":"455_CR29","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.101748","volume":"92","author":"D Vasan","year":"2020","unstructured":"Vasan D, Alazab M, Wassan S et al (2020) Image-based malware classification using ensemble of CNN architectures (IMCEC). Comput Secur 92:101748. https:\/\/doi.org\/10.1016\/j.cose.2020.101748","journal-title":"Comput Secur"},{"key":"455_CR30","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2024.103784","volume":"83","author":"F Wang","year":"2024","unstructured":"Wang F, Shi X, Yang F et al (2024) Malsort: lightweight and efficient image-based malware classification using masked self-supervised framework with swin transformer. J Inf Secur Appl 83:103784. https:\/\/doi.org\/10.1016\/j.jisa.2024.103784","journal-title":"J Inf Secur Appl"},{"key":"455_CR31","doi-asserted-by":"publisher","unstructured":"Wang S, Zhou G, Lu J, et\u00a0al (2019) A novel malware detection and classification method based on capsule network. In: Sun X, Pan Z, Bertino E (eds), Artificial Intelligence and Security: ICAIS 2019, Lecture Notes in Computer Science, vol 11632. Springer, Cham. https:\/\/doi.org\/10.1007\/978-3-030-24274-9sps52","DOI":"10.1007\/978-3-030-24274-9sps52"},{"key":"455_CR32","doi-asserted-by":"publisher","unstructured":"Wu TD, Yen Y, Wang JH, et\u00a0al (2020) Automatic target recognition in SAR images based on a combination of CNN and SVM. In 2020 international workshop on electromagnetics: applications and student innovation competition (iWEM). IEEE, pp 1\u20132. https:\/\/doi.org\/10.1109\/iWEM49354.2020.9237422","DOI":"10.1109\/iWEM49354.2020.9237422"},{"key":"455_CR33","doi-asserted-by":"publisher","first-page":"49","DOI":"10.1016\/j.jpdc.2020.03.012","volume":"141","author":"G Xiao","year":"2020","unstructured":"Xiao G, Li J, Chen Y et al (2020) Malfcs: an effective malware classification framework with automated feature extraction based on deep convolutional neural networks. J Parallel Distrib Comput 141:49\u201358. https:\/\/doi.org\/10.1016\/j.jpdc.2020.03.012","journal-title":"J Parallel Distrib Comput"},{"key":"455_CR34","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102420","volume":"110","author":"M Xiao","year":"2021","unstructured":"Xiao M, Guo C, Shen G et al (2021) Image-based malware classification using section distribution information. Comput Secur 110:102420. https:\/\/doi.org\/10.1016\/j.cose.2021.102420","journal-title":"Comput Secur"},{"key":"455_CR35","doi-asserted-by":"publisher","unstructured":"Yang L, Ciptadi A, Laziuk I, et\u00a0al (2021) Bodmas: an open dataset for learning based temporal analysis of PE malware. In: 2021 IEEE security and privacy workshops (SPW). IEEE, San Francisco, CA, USA, pp 78\u201384. https:\/\/doi.org\/10.1109\/SPW53761.2021.00020","DOI":"10.1109\/SPW53761.2021.00020"},{"key":"455_CR36","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2024.103865","volume":"86","author":"L Yao","year":"2024","unstructured":"Yao L, Liu B, Xin Y (2024) Visualization-based comprehensive feature representation with improved EfficientNet for malicious file and variant recognition. J Inf Secur Appl 86:103865. https:\/\/doi.org\/10.1016\/j.jisa.2024.103865","journal-title":"J Inf Secur Appl"},{"key":"455_CR37","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.101740","volume":"92","author":"B Yuan","year":"2020","unstructured":"Yuan B, Wang J, Liu D et al (2020) Byte-level malware classification based on Markov images and deep learning. Comput Secur 92:101740. https:\/\/doi.org\/10.1016\/j.cose.2020.101740","journal-title":"Comput Secur"},{"issue":"5","key":"455_CR38","doi-asserted-by":"publisher","first-page":"3770","DOI":"10.1109\/JIOT.2021.3100063","volume":"9","author":"B Yuan","year":"2022","unstructured":"Yuan B, Wang J, Wu P et al (2022) Iot malware classification based on lightweight convolutional neural networks. IEEE Internet Things J 9(5):3770\u20133783. https:\/\/doi.org\/10.1109\/JIOT.2021.3100063","journal-title":"IEEE Internet Things J"},{"key":"455_CR39","doi-asserted-by":"publisher","first-page":"211","DOI":"10.1016\/j.future.2018.07.052","volume":"90","author":"H Zhang","year":"2019","unstructured":"Zhang H, Xiao X, Mercaldo F et al (2019) Classification of ransomware families with machine learning based on n-gram of opcodes. Future Gener Comput Syst 90:211\u2013221. https:\/\/doi.org\/10.1016\/j.future.2018.07.052","journal-title":"Future Gener Comput Syst"}],"container-title":["Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-025-00455-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s42400-025-00455-5","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-025-00455-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,2,24]],"date-time":"2026-02-24T02:02:07Z","timestamp":1771898527000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1186\/s42400-025-00455-5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,2,24]]},"references-count":39,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2026,12]]}},"alternative-id":["455"],"URL":"https:\/\/doi.org\/10.1186\/s42400-025-00455-5","relation":{},"ISSN":["2523-3246"],"issn-type":[{"value":"2523-3246","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,2,24]]},"assertion":[{"value":"11 November 2024","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"21 July 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"24 February 2026","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no known competing financial interests or personal relationships that could have appeared to inuence the work reported in this paper","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}],"article-number":"34"}}