Maryam Nisa,Jamal Hussain Shah,Shansa Kanwal,Mudassar Raza,Muhammad Attique Khan,Robertas Damaševičius,Tomas Blažauskas

DOI: https://doi.org/10.3390/app10144966

2020-07-19

Applied Sciences

Abstract:As the number of internet users increases so does the number of malicious attacks using malware. The detection of malicious code is becoming critical, and the existing approaches need to be improved. Here, we propose a feature fusion method to combine the features extracted from pre-trained AlexNet and Inception-v3 deep neural networks with features attained using segmentation-based fractal texture analysis (SFTA) of images representing the malware code. In this work, we use distinctive pre-trained models (AlexNet and Inception-V3) for feature extraction. The purpose of deep convolutional neural network (CNN) feature extraction from two models is to improve the malware classifier accuracy, because both models have characteristics and qualities to extract different features. This technique produces a fusion of features to build a multimodal representation of malicious code that can be used to classify the grayscale images, separating the malware into 25 malware classes. The features that are extracted from malware images are then classified using different variants of support vector machine (SVM), k-nearest neighbor (KNN), decision tree (DT), and other classifiers. To improve the classification results, we also adopted data augmentation based on affine image transforms. The presented method is evaluated on a Malimg malware image dataset, achieving an accuracy of 99.3%, which makes it the best among the competing approaches.

Walid El-Shafai,Iman Almomani,Aala AlKhayer

DOI: https://doi.org/10.3390/app11146446

2021-07-13

Applied Sciences

Abstract:There is a massive growth in malicious software (Malware) development, which causes substantial security threats to individuals and organizations. Cybersecurity researchers makes continuous efforts to defend against these malware risks. This research aims to exploit the significant advantages of Transfer Learning (TL) and Fine-Tuning (FT) methods to introduce efficient malware detection in the context of imbalanced families without the need to apply complex features extraction or data augmentation processes. Therefore, this paper proposes a visualized malware multi-classification framework to avoid false positives and imbalanced datasets’ challenges through using the fine-tuned convolutional neural network (CNN)-based TL models. The proposed framework comprises eight different FT CNN models including VGG16, AlexNet, DarkNet-53, DenseNet-201, Inception-V3, Places365-GoogleNet, ResNet-50, and MobileNet-V2. First, the binary files of different malware families were transformed into 2D images and then forwarded to the FT CNN models to detect and classify the malware families. The detection and classification performance was examined on a benchmark Malimg imbalanced dataset using different, comprehensive evaluation metrics. The evaluation results prove the FT CNN models’ significance in detecting malware types with high accuracy that reached 99.97% which also outperforms the performance of related machine learning (ML) and deep learning (DL)-based malware multi-classification approaches tested on the same malware dataset.

Sicong Li,Jian Wang,Yafei Song,Shuo Wang

DOI: https://doi.org/10.1007/s10489-024-05707-4

2024-01-01

Abstract:As malicious code attacks continue to evolve, attackers leverage techniques like packing and code obfuscation to generate numerous variants, challenging traditional detection methods. Addressing the limitations of current deep learning-based malicious code classification approaches in feature extraction and accuracy, this paper introduces an innovative RGB visualization detection method based on a hybrid multi-head attention mechanism. Initially, a feature representation method utilizing RGB images is introduced. This approach focuses on semantic relationships between a malware’s binary information, assembly details, and API data, generating images with richer textural information. This technique effectively uncovers the deep dependencies between the original and variant versions of malicious code, providing stronger support for subsequent classification tasks. Furthermore, to tackle the issues of malware encryption and obfuscation, a deep neural network framework is adopted, incorporating a modular design philosophy and integrating a multi-head attention mechanism. This design not only enhances the expressiveness of critical features but also helps the model better focus on key aspects of the malicious code, thereby improving classification accuracy. Through comparative experiments and in-depth analysis, the effectiveness and superiority of the proposed RGB visualization method and MSA-ResNet model in the field of malicious code variant classification are validated. The accuracy rates achieved on the Kaggle and DataCon datasets are 99.49

Zilin Zhao,Dawei Zhao,Shumian Yang,Lijuan Xu

DOI: https://doi.org/10.1155/2023/6390023

IF: 1.968

2023-04-19

Security and Communication Networks

Abstract:In recent years, malware has experienced explosive growth and has become one of the most severe security threats. However, feature engineering easily restricts the traditional machine learning methods-based malware classification and is hard to deal with massive malware. At the same time, the dynamic analysis methods have the problems of complex operation and high cost, which are not suitable for efficiently classifying large quantities of malware. Therefore, we propose a novel static malware detection method based on this study's AlexNet convolutional neural network (CNN). Unlike existing solutions, we convert all malware bytes into color images, propose an improved AlexNet architecture, and solve the unbalanced datasets with the data enhancement method. Extensive experiments are performed using the Microsoft malware dataset and the Google Code Jam (GCJ) dataset. The experimental results show that the accuracy of the Microsoft malware dataset reaches 99.99%, and the GCJ dataset reaches 99.38%. We also verify that our method can better extract the texture features of malware and improve the accuracy and detection efficiency.

computer science, information systems,telecommunications

Jahez Abraham Johny,Vinod P.,Asmitha K. A.,G. Radhamani,Rafidha Rehiman K. A.,Mauro Conti

2024-05-23

Abstract:Malware has become a formidable threat as it has been growing exponentially in number and sophistication, thus, it is imperative to have a solution that is easy to implement, reliable, and effective. While recent research has introduced deep learning multi-feature fusion algorithms, they lack a proper explanation. In this work, we investigate the power of fusing Convolutional Neural Network models trained on different modalities of a malware executable. We are proposing a novel multimodal fusion algorithm, leveraging three different visual malware features: Grayscale Image, Entropy Graph, and SimHash Image, with which we conducted exhaustive experiments independently on each feature and combinations of all three of them using fusion operators such as average, maximum, add, and concatenate for effective malware detection and classification. The proposed strategy has a detection rate of 1.00 (on a scale of 0-1) in identifying malware in the given dataset. We explained its interpretability with visualization techniques such as t-SNE and Grad-CAM. Experimental results show the model works even for a highly imbalanced dataset. We also assessed the effectiveness of the proposed method on obfuscated malware and achieved state-of-the-art results. The proposed methodology is more reliable as our findings prove VGG16 model can detect and classify malware in a matter of seconds in real-time.

Cryptography and Security

Jian Zhang,Shengquan Liu,Zhihua Liu

DOI: https://doi.org/10.1371/journal.pone.0304066

IF: 3.7

2024-06-27

PLoS ONE

Abstract:In recent years, with the development of the Internet, the attribution classification of APT malware remains an important issue in society. Existing methods have yet to consider the DLL link library and hidden file address during the execution process, and there are shortcomings in capturing the local and global correlation of event behaviors. Compared to the structural features of binary code, opcode features reflect the runtime instructions and do not consider the issue of multiple reuse of local operation behaviors within the same APT organization. Obfuscation techniques more easily influence attribution classification based on single features. To address the above issues, (1) an event behavior graph based on API instructions and related operations is constructed to capture the execution traces on the host using the GNNs model. (2) ImageCNTM captures the local spatial correlation and continuous long-term dependency of opcode images. (3) The word frequency and behavior features are concatenated and fused, proposing a multi-feature, multi-input deep learning model. We collected a publicly available dataset of APT malware to evaluate our method. The attribution classification results of the model based on a single feature reached 89.24% and 91.91%. Finally, compared to single-feature classifiers, the multi-feature fusion model achieves better classification performance.

Jinpei Yan,Yong Qi,Qifan Rao

DOI: https://doi.org/10.1155/2018/7247095

IF: 1.968

2018-01-01

Security and Communication Networks

Abstract:Malware detection plays a crucial role in computer security. Recent researches mainly use machine learning based methods heavily relying on domain knowledge for manually extracting malicious features. In this paper, we propose MalNet, a novel malware detection method that learns features automatically from the raw data. Concretely, we first generate a grayscale image from malware file, meanwhile extracting its opcode sequences with the decompilation tool IDA. Then MalNet uses CNN and LSTM networks to learn from grayscale image and opcode sequence, respectively, and takes a stacking ensemble for malware classification. We perform experiments on more than 40,000 samples including 20,650 benign files collected from online software providers and 21,736 malwares provided by Microsoft. The evaluation result shows that MalNet achieves 99.88% validation accuracy for malware detection. In addition, we also take malware family classification experiment on 9 malware families to compare MalNet with other related works, in which MalNet outperforms most of related works with 99.36% detection accuracy and achieves a considerable speed-up on detecting efficiency comparing with two state-of-the-art results on Microsoft malware dataset.

Lixia Zhang,Tianxu Liu,Kaihui Shen,Cheng Chen

2024-10-12

Abstract:With the rapid advancement of Internet technology, the threat of malware to computer systems and network security has intensified. Malware affects individual privacy and security and poses risks to critical infrastructures of enterprises and nations. The increasing quantity and complexity of malware, along with its concealment and diversity, challenge traditional detection techniques. Static detection methods struggle against variants and packed malware, while dynamic methods face high costs and risks that limit their application. Consequently, there is an urgent need for novel and efficient malware detection techniques to improve accuracy and robustness. This study first employs the minhash algorithm to convert binary files of malware into grayscale images, followed by the extraction of global and local texture features using GIST and LBP algorithms. Additionally, the study utilizes IDA Pro to decompile and extract opcode sequences, applying N-gram and tf-idf algorithms for feature vectorization. The fusion of these features enables the model to comprehensively capture the behavioral characteristics of malware. In terms of model construction, a CNN-BiLSTM fusion model is designed to simultaneously process image features and opcode sequences, enhancing classification performance. Experimental validation on multiple public datasets demonstrates that the proposed method significantly outperforms traditional detection techniques in terms of accuracy, recall, and F1 score, particularly in detecting variants and obfuscated malware with greater stability. The research presented in this paper offers new insights into the development of malware detection technologies, validating the effectiveness of feature and model fusion, and holds promising application prospects.

Cryptography and Security,Artificial Intelligence

Shuo Wang,Jian Wang,Yafei Song,Song Li

DOI: https://doi.org/10.1155/2021/1070586

IF: 3.12

2021-12-14

Computational Intelligence and Neuroscience

Abstract:The increasing volume and types of malwares bring a great threat to network security. The malware binary detection with deep convolutional neural networks (CNNs) has been proved to be an effective method. However, the existing malware classification methods based on CNNs are unsatisfactory to this day because of their poor extraction ability, insufficient accuracy of malware classification, and high cost of detection time. To solve these problems, a novel approach, namely, multiscale feature fusion convolutional neural networks (MFFCs), was proposed to achieve an effective classification of malware based on malware visualization utilizing deep learning, which can defend against malware variants and confusing malwares. The approach firstly converts malware code binaries into grayscale images, and then, these images will be normalized in size by utilizing the MFFC model to identify malware families. Comparative experiments were carried out to verify the performance of the proposed method. The results indicate that the MFFC stands out among the recent advanced methods with an accuracy of 98.72% and an average cost of 5.34 milliseconds on the Malimg dataset. Our method can effectively identify malware and detect variants of malware families, which has excellent feature extraction capability and higher accuracy with lower detection time.

mathematical & computational biology,neurosciences

Vinayakumar Ravi,Rajasekhar Chaganti

DOI: https://doi.org/10.1007/s11042-022-14236-6

IF: 2.577

2022-12-16

Multimedia Tools and Applications

Abstract:A survey of literature shows that transforming the application files into images and employing deep learning-based models for image classification has been considered as one of the significant directions for malware detection and classification. Mainly, convolutional neural networks (CNN)-based models are successfully employed for Android malware detection and classification. This is mainly due to the reason that this type of malware detection and classification approach is platform independent and has the capability to detect metamorphic and polymorphic malware. The Image-based Android malware detection is resilient to both unpacked and packed malware. Following, this work employs various 26 CNN-based pretrained models and the detailed investigation and analysis of experiments are shown on the Image-based Android malware dataset. Each of these models have the capability to extract its own optimal features and these features are distinct to each other. The penultimate layer features of best performed CNN-based pretrained models are extracted and dimensionality of the features were reduced using kernel principal component analysis (KPCA). The reduced features were fused together and passed into a meta-classifier or stacked classifier for classification. This classifier has two levels; in the first level support vector machine (SVM) and random forest (RForest) machine learning classifier were included for prediction and logistic regression in the second level for classification. The four combinations of fused models are DenseNet, ResNet, InceptionResNet, and EfficientNet. EfficientNet-based fused models showed better performances compared to other fused models and non-fused CNN-based pretrained models. Moreover, the EfficientNet-based fused models outperformed the existing approaches for Android malware detection. All the model performances were shown on two different testing datasets and the proposed model has shown the similar performances on both the testing datasets with attaining better performances during training and testing. This indicates that the proposed model is more generalizable, robust, and it can be used as tool that can be deployed in any application play store.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

TianYue Liu,HongQi Zhang,HaiXia Long,Jinmei Shi,YuHua Yao

DOI: https://doi.org/10.1038/s41598-022-18402-6

2022-08-17

Abstract:Deep learning technology is changing the landscape of cybersecurity research, especially the study of large amounts of data. With the rapid growth in the number of malware, developing of an efficient and reliable method for classifying malware has become one of the research priorities. In this paper, a new method, BIR-CNN, is proposed to classify of Android malware. It combines convolution neural network (CNN) with batch normalization and inception-residual (BIR) network modules by using 347-dim network traffic features. CNN combines inception-residual modules with a convolution layer that can enhance the learning ability of the model. Batch Normalization can speed up the training process and avoid over-fitting of the model. Finally, experiments are conducted on the publicly available network traffic dataset CICAndMal2017 and compared with three traditional machine learning algorithms and CNN. The accuracy of BIR-CNN is 99.73% in binary classification (2-classifier). Moreover, the BIR-CNN can classify malware by its category (4-classifier) and malicious family (35-classifier), with a classification accuracy of 99.53% and 94.38%, respectively. The experimental results show that the proposed model is an effective method for Android malware classification, especially in malware category and family classifier.

Duc-Ly Vu,Trong-Kha Nguyen,Tam V. Nguyen,Tu N. Nguyen,Fabio Massacci,Phu H. Phung

DOI: https://doi.org/10.48550/arXiv.1909.07227

2019-09-16

Abstract:Modern malware evolves various detection avoidance techniques to bypass the state-of-the-art detection methods. An emerging trend to deal with this issue is the combination of image transformation and machine learning techniques to classify and detect malware. However, existing works in this field only perform simple image transformation methods that limit the accuracy of the detection. In this paper, we introduce a novel approach to classify malware by using a deep network on images transformed from binary samples. In particular, we first develop a novel hybrid image transformation method to convert binaries into color images that convey the binary semantics. The images are trained by a deep convolutional neural network that later classifies the test inputs into benign or malicious categories. Through the extensive experiments, our proposed method surpasses all baselines and achieves 99.14% in terms of accuracy on the testing set.

Cryptography and Security,Machine Learning

Junyao Huang,Chenhui Lu,Guolou Ping,Lin Sun,Xiaojun Ye

DOI: https://doi.org/10.1007/978-3-030-47436-2_14

2020-01-01

Abstract:Malware detection based on API call sequences is widely used for the ability to model program behaviours. But RNN-based models for this task usually have bottlenecks in efficiency and accuracy due to their recurrent structure. In this paper, we propose a Temporal Convolutional Network with ATTention (TCN-ATT) architecture, which processes sequences with high parallelization and is robust to sequence length. The proposed TCN-ATT consists of three components: (1) a TCN module which processes sequence with convolutional structure, (2) an attention layer to select effective features and (3) a split-and-combine mechanism to fit inputs with various size. A formalized deduplication method is also proposed to reduce redundancy with less information loss. According to our experiments, the proposed model reaches an accuracy of 98.60% and reduces time cost by over 60% compared with existing RNN-based models.

Hong Huang,Rui Du,Zhaolian Wang,Xin Li,Guotao Yuan

DOI: https://doi.org/10.3390/s23167084

IF: 3.9

2023-08-11

Sensors

Abstract:To address the challenges of weak model generalization and limited model capacity adaptation in traditional malware detection methods, this article presents a novel malware detection approach based on stacked depthwise separable convolutions and self-attention, termed CoAtNet. This method combines the strengths of the self-attention module's robust model adaptation and the convolutional networks' powerful generalization abilities. The initial step involves transforming the malicious code into grayscale images. These images are subsequently processed using a detection model that employs stacked depthwise separable convolutions and an attention mechanism. This model effectively recognizes and classifies the images, automatically extracting essential features from malicious software images. The effectiveness of the method was validated through comparative experiments using both the Malimg dataset and the augmented Blended+ dataset. The approach's performance was evaluated against popular models, including XceptionNet, EfficientNetB0, ResNet50, VGG16, DenseNet169, and InceptionResNetV2. The experimental results highlight that the model surpasses other malware detection models in terms of accuracy and generalization ability. In conclusion, the proposed method addresses the limitations of traditional malware detection approaches by leveraging stacked depthwise separable convolutions and self-attention. Comprehensive experiments demonstrate its superior performance compared to existing models. This research contributes to advancing the field of malware detection and provides a promising solution for enhanced accuracy and robustness.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Xiaoqian Yun,Hongmei Zhang,Xiaoxiong Zhong,Xiaofang Deng

DOI: https://doi.org/10.1109/ICCT56141.2022.10073202

2022-11-11

Abstract:Due to the constant updates of malware and its variants and the continuous development of malware obfuscation techniques. Malware intrusions targeting Windows hosts are also on the rise. Traditional static analysis methods such as signature matching mechanisms have been difficult to adapt to the detection of new malware. Therefore, a novel visual detection method of malware is proposed for first-time to convert the Windows API call sequence with sequential nature into feature images based on the Gramian Angular Field (GAF) idea, and train a neural network to identify malware. The experimental results demonstrate the effectiveness of our proposed method. For the binary classification of malware, the GAF visualization image of the API call sequence is compared with its original sequence. After GAF visualization, the classification accuracy of the classic machine learning model MLP is improved by 9.64%, and the classification accuracy of the deep learning model CNN is improved by 4.82%. Furthermore, our experiments show that the proposed method is also feasible and effective for the multi-class classification of malware.

Computer Science

Moses Ashawa,Nsikak Owoh,Salaheddin Hosseinzadeh,Jude Osamor

DOI: https://doi.org/10.3390/electronics13204081

IF: 2.9

2024-10-18

Electronics

Abstract:As malware samples grow in complexity and employ advanced evasion techniques, traditional detection methods are insufficient for accurately classifying large volumes of sophisticated malware variants. To address this issue, image-based malware classification techniques leveraging machine learning algorithms have been developed as a more optimal solution to this challenge. However, accurately classifying content distribution-based features with unique pixel intensities from grayscale images remains a challenge. This paper proposes an enhanced image-based malware classification system using convolutional neural networks (CNNs) using ResNet-152 and vision transformer (ViT). The two architectures are then compared to determine their classification abilities. A total of 6137 benign files and 9861 malicious executables are converted from text files to unsigned integers and then to images. The ViT examined unsigned integers as pixel values, while ResNet-152 converted the pixel values into floating points for classification. The result of the experiments demonstrates a high-performance accuracy of 99.62% with effective hyperparameters of 10-fold cross-validation. The findings indicate that the proposed model is capable of being implemented in dynamic and complex malware environments, achieving a practical computational efficiency of 47.2 s for the identification and classification of new malware samples.

engineering, electrical & electronic,computer science, information systems,physics, applied

Sanjeev Kumar,B. Janet,Subramanian Neelakantan

DOI: https://doi.org/10.1016/j.comcom.2023.12.036

IF: 5.047

2024-02-01

Computer Communications

Abstract:Traditional malware detection systems based on signature-based detection methods cannot detect new and unseen malware. Moreover, conventional machine learning methods for malware detection have utilized features extracted through static program analysis or dynamic analysis, which requires code debugging and execution primarily through offline processing; hence not a scalable approach. This paper proposes a novel intelligent malware classification using a deep convolution neural network (IMCNN) in organizational networks enabled with Honeypots. Systematic customization of pre-trained convolutional neural networks(CNN) as a transfer learning and ensemble learning as a classification is presented to detect intelligent modern-day malware. Real-world malware samples are systematically labeled and visualized into grayscale images. Four cutting-edge deep CNN models - VGG16, VGG19, InceptionV3, and ResNet50, are trained on the ImageNet database ( ≥ 1 million) and fine-tuned as feature extractors along with a basic CNN model. Three strategies are designed for feature extraction and selection: Rectified linear unit (ReLU) fully connected layer embedded in a deep CNN model, principal component analysis (PCA), and singular value decomposition(SVD). Reduced sets of features are stacked and used to train k-nearest neighbor (k-NN), support vector machine (SVM), and random forest (RF) classifiers for predictions. Subsequently, the predictive probabilities of different machine-learned models are ensembled using a soft voting method for final classification. The proposed method is evaluated on MalImg datasets (9339 malware samples of 25 families) and real-world modern malware datasets (690 malware of 22 families). The experimental results reveal that despite using a reduced feature set, the IMCNN effectively detects malware with 99.36% test accuracy on unseen data for MalImg datasets and 92.11% for real-world malware. In addition, the proposed method is compared with several existing state-of-art malware detection models in terms of performance accuracy and found performing as the best. Experiments demonstrated that the proposed method is resilient to polymorphic code obfuscation used by the malware authors.

computer science, information systems,telecommunications,engineering, electrical & electronic

R. E. Davis,Jingsheng Xu,Kaushik Roy

DOI: https://doi.org/10.1109/access.2024.3391022

IF: 3.9

2024-04-30

IEEE Access

Abstract:Network traffic classification plays a crucial role in detecting malware threats. However, most existing research focuses on extracting statistical features from the network traffic, ignoring the rich information contained within raw packet capture (pcap) files. To achieve higher accuracy in malware traffic classification, a novel approach is proposed that fully utilizes the information contained in the pcap files by representing them with images and then training deep Convolutional Neural Networks (CNN) to learn the features automatically and classify them with higher accuracy. Selected fields of the IP headers in network sessions are transformed into RGB images. These images serve as input to CNN, and malware samples are grouped by class or malware name. The model is initially trained and validated on the MCFP dataset with more than 140 malware classes and subsequently tested on separate datasets, namely USTC-TFC2016, Taltech.ee MedBIoT, and IEEE-Mirai. The macro F1 scores and accuracy of this method are significantly higher than the baseline statistical-feature based approach both in the validation dataset and in the test datasets from different sources. The results of this research have the potential to be extended beyond malware classification to enable the classification of various types of network traffic data.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jinting Zhu,Julian Jang-Jaccard,Amardeep Singh,Paul A. Watters,Seyit Camtepe

DOI: https://doi.org/10.3390/fi15060214

2023-06-15

Abstract:Malware authors apply different techniques of control flow obfuscation, in order to create new malware variants to avoid detection. Existing Siamese neural network (SNN)-based malware detection methods fail to correctly classify different malware families when such obfuscated malware samples are present in the training dataset, resulting in high false-positive rates. To address this issue, we propose a novel task-aware few-shot-learning-based Siamese Neural Network that is resilient against the presence of malware variants affected by such control flow obfuscation techniques. Using the average entropy features of each malware family as inputs, in addition to the image features, our model generates the parameters for the feature layers, to more accurately adjust the feature embedding for different malware families, each of which has obfuscated malware variants. In addition, our proposed method can classify malware classes, even if there are only one or a few training samples available. Our model utilizes few-shot learning with the extracted features of a pre-trained network (e.g., VGG-16), to avoid the bias typically associated with a model trained with a limited number of training samples. Our proposed approach is highly effective in recognizing unique malware signatures, thus correctly classifying malware samples that belong to the same malware family, even in the presence of obfuscated malware variants. Our experimental results, validated by N-way on N-shot learning, show that our model is highly effective in classification accuracy, exceeding a rate \textgreater 91\%, compared to other similar methods.

Cryptography and Security,Artificial Intelligence

Zhiguo Chen,Shuangshuang Xing,Xuanyu Ren

DOI: https://doi.org/10.3389/fpls.2023.1123696

2023-02-15

Abstract:Due to developments in science and technology, the field of plant protection and the information industry have become increasingly integrated, which has resulted in the creation of plant protection information systems. Plant protection information systems have modernized how pest levels are monitored and improved overall control capabilities. They also provide data to support crop pest monitoring and early warnings and promote the sustainable development of plant protection networks, visualization, and digitization. However, cybercriminals use technologies such as code reuse and automation to generate malware variants, resulting in continuous attacks on plant protection information terminals. Therefore, effective identification of rapidly growing malware and its variants has become critical. Recent studies have shown that malware and its variants can be effectively identified and classified using convolutional neural networks (CNNs) to analyze the similarity between malware binary images. However, the malware images generated by such schemes have the problem of image size imbalance, which affects the accuracy of malware classification. In order to solve the above problems, this paper proposes a malware identification and classification scheme based on bicubic interpolation to improve the security of a plant protection information terminal system. We used the bicubic interpolation algorithm to reconstruct the generated malware images to solve the problem of image size imbalance. We used the Cycle-GAN model for data augmentation to balance the number of samples among malware families and build an efficient malware classification model based on CNNs to improve the malware identification and classification performance of the system. Experimental results show that the system can significantly improve malware classification efficiency. The accuracy of RGB and gray images generated by the Microsoft Malware Classification Challenge Dataset (BIG2015) can reach 99.76% and 99.62%, respectively.