Efficient Malware Detection And Response Model Using Enhanced Parallel Deep Learning (EPDL-MDR)
Malware, such as spyware, ransomware, and self-replicating worms, is designed to steal credentials and gain remote access while obfuscating its code to evade detection by traditional analysis systems. The lack of RGB image-based malware datasets hampers the performance of existing deep learning (DL)...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | thesis::doctoral thesis |
| Language: | en_US |
| Published: |
Universiti Sains Islam Malaysia
2026
|
| Subjects: | |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Malware, such as spyware, ransomware, and self-replicating worms, is designed to steal credentials and gain remote access while obfuscating its code to evade detection by traditional analysis systems. The lack of RGB image-based malware datasets hampers the performance of existing deep learning (DL) models, which require large datasets for high accuracy and face challenges such as time-consuming hyperparameter optimization. Attackers use code obfuscation to conceal malicious code, making it difficult for conventional systems and machine learning classifiers to detect threats. Developing a visual dataset with parallel deep learning (PDL) techniques may help overcome these challenges. The three main objectives are: (i) to develop a malware RGB image-based dataset and classifier using a parallel CNN (PCNN), (ii) to develop an enhanced parallel deep learning (EPDL) model for malware detection (MD) and build a response system (RS) by applying PCNN, and (iii) to evaluate the developed model with previous studies based on the accuracy rate. This research addresses these challenges by proposing Enhanced Parallel Deep Learning for Malware Detection and Response (EPDL-MDR). To achieve these objectives, the researcher employed methods to convert the binary malware dataset into a red, green, blue (RGB) image dataset, comprising 176,000 and 10,000 benign Portable Executable (PE) files, collected from 86 families of open-source repositories (Kaggle, Virusshare, Malvis, MalwareBazaar, and VX-underground). Python 3.13 is used for dataset processing and EPDL model building. Upon converting PE files to images, the deep learning pixel-matching algorithm identifies obscured malware features. The enhanced harmony search (EHS) algorithm is employed to tune hyperparameters and increase model performance while mitigating overfitting in the EPDL model. To evaluate the model, the researcher split a 70/30 (130,200/55,800) train-test dataset. The final EPDL model gained 99.00% accuracy, outperforming five benchmark models (EfficientNetB2, MobileNetV2, RegNet, ResNet50, and SwinTransformer). The hyperparameter optimization achieved best performance by implementing the EHS algorithm at the system level, thereby increasing feature-detection accuracy and bridging the gap between deep learning innovation and real-world malware detection and response models. The significance of the parallel deep learning architectures, combined with an RGB-image-based malware dataset and enhanced hyperparameter tuning, lies in their ability to detect obfuscated malware. Practically, the model addresses real-world security challenges by providing accurate, efficient, and automated malware detection. These integrations reduce detection latency and false positives while supporting timely threat mitigation. The findings of this research will provide a valuable foundation for future researchers seeking to develop improved datasets and enhance malware detection and response models. |
|---|