CAG-Malconv: A Byte-Level Malware Detection Method With CBAM and Attention-GRU

With the rise of generative artificial intelligence, malware creation has become more accessible, leading to a surge in malware and its variants. Traditional detection methods struggle to keep pace with this evolution. Dynamic analysis, though detailed, is resource intensive and susceptible to variations in computer hardware and simulation environments. Static analysis, on the other hand, faces the challenge of discerning valuable features from an extensive pool, especially for software across diverse architectures. To tackle these issues, we propose a binary sample classification approach based on raw bytes, named CAG-Malconv, which incorporates Convolutional Block Attention Module (CBAM) and Bidirectional Gated Recurrent Unit (BiGRU) to extract byte-level features. We evaluated it on two datasets with 48,000 samples of different file types and families. It outperforms state-of-the-art methods based on advanced features and raw bytes in terms of accuracy (ACC), Area Under the Curve (AUC), F1 score, and recall. Furthermore, it allows for the visualization of raw samples, facilitating the precise identification of malicious components like C&C URLs and encryption loops by analyzing activation patterns in hidden layers, thus streamlining malware investigative procedures.