An Efficient Framework for Multi-Class Malware Classification in Cloud Environments
DOI:
https://doi.org/10.54654/isj.v1i24.1092Keywords:
Malware classification, Random undersampling, Low variance filtering and scaling, Cloud-based malware detectionTóm tắt
Malware classification in cloud
environments remains a critical challenge due to the
increasing complexity and volume of cyber threats.
This paper proposes CMC (Cloud-based Malware
Classification), a novel framework that enhances
multi-class malware classification efficiency through
the integration of feature selection, dimensionality
reduction, and imbalanced data handling
techniques. The CMC framework aims to improve
classification accuracy and computational efficiency
by optimizing feature representation and addressing
class imbalance, which are common issues in
real-world malware datasets. To evaluate its
effectiveness, we apply the proposed model to two
public benchmark datasets: CMD_2024 and
CIC-MalMem-2022. Experimental results
demonstrate that CMC outperforms existing
approaches in terms of classification accuracy,
F1-score, and computational efficiency, proving its
potential for real-world deployment in cloud-based
security solutions. These findings highlight the
importance of intelligent data preprocessing and
feature optimization in enhancing malware
classification on cloud platforms.
Downloads
References
. T. Panker, A. Cohen, T. Landman, C. Bery, and N. Nissim, “Mincloud: Trusted and transferable minhash-based framework for unknown malware detection for linux cloud environments,” Journal of Information Security and Applications, vol. 87, p.
, 2024.
. P. Maniriho, A. N. Mahmood, and M. J. M. Chowdhury, “A systematic literature review on windows malware detection: Techniques, research issues, and future directions,” Journal of Systems and Software, vol. 209, p. 111921, 2024.
. P. Mishra, T. Jain, P. Aggarwal, G. Paul, B. B. Gupta, R. W. Attar, and A. Gaurav, “Cloudintellmal: An advanced cloud based intelligent malware detection framework to analyze android applications,” Computers and Electrical Engineering, vol. 119, p. 109483, 2024.
. O. Aslan, M. Ozkan Okay, and D. Gupta, “A review of cloud-based malware detection system: Opportunities, advances and challenges,” 03 2021.
. Aslan, M. Ozkan-Okay, and D. Gupta, “Intelligent behavior-based malware detection system on cloud computing environment,” IEEE Access, vol. 9, pp. 83 252–83 271, 2021.
. G. Kale, G. E. Bostancı, and F. V. C¸ elebi, “Evolutionary feature selection for machine learning based malware classification,” Engineering Science and Technology, an International Journal, vol. 56, p. 101762, 2024.
. T. Carrier, P. Victor, A. Tekeoglu, and A. Habibi Lashkari, “Detecting obfuscated malware using memory feature engineering,” 01 2022, pp. 177–188.
. P. S. Nguyen, T. N. Huy, T. A. Tuan, P. D. Trung, and H. V. Long, “Hybrid feature extraction and integrated deep learning for cloud-based malware detection,” Computers & Security, vol. 150, p. 104233, 2025.
. S. Matharaarachchi, M. Domaratzki, and S. Muthukumarana, “Enhancing smote for imbalanced data with abnormal minority instances,” Machine Learning with Applications, vol. 18, p. 100597, 2024.
. H. D. Misalkar and P. Harshavardhanan, “Tdbamla: Temporal and dynamic behavior analysis in android malware using lstm and attention mechanisms,” Computer Standards & Interfaces, vol. 92, p. 103920, 2025.
. C. Li, Z. Cheng, H. Zhu, L. Wang, Q. Lv, Y. Wang, N. Li, and D. Sun, “Dmalnet: Dynamic malware analysis based on api feature engineering and graph learning,” Computers Security, vol. 122, p. 102872, 2022.
. F. H. da Costa, I. Medeiros, T. Menezes, J. V. da Silva, I. L. da Silva, R. Bonifácio, K. Narasimhan, and M. Ribeiro, “Exploring the use of static and dynamic analysis to improve the performance of the mining sandbox approach for android malware identification,” Journal of Systems and Software, vol. 183, p. 111092, 2022.
. H. juan Zhu, Y. Li, L. min Wang, and V. S. Sheng, “A multi-model ensemble learning framework for imbalanced android malware detection,” Expert Systems with Applications, vol. 234, p. 120952, 2023.
. A. Bensaoud and J. Kalita, “Cnn-lstm and transfer learning models for malware classification based on opcodes and api calls,” Knowledge-Based Systems, vol. 290, p. 111543, 2024.
. R. Chaganti, V. Ravi, and T. D. Pham, “Deep learning based cross architecture internet of things malware
detection and classification,” Computers Security, vol. 120, p. 102779, 2022.
. Prachi., N. Dabas, and P. Sharma, “Malanalyser: An effective and efficient windows malware detection method based on api call sequences,” Expert Systems with Applications, vol. 230, p. 120756, 2023.
. S. Kumar and K. Panda, “Sdif-cnn: Stacking deep image features using fine-tuned convolution neural network models for real-world malware detection and classification,” Applied Soft Computing, vol. 146, p. 110676, 2023.
. S. Yang, Y. Yang, D. Zhao, L. Xu, X. Li, F. Yu, and J. Hu, “Dynamic malware detection based on supervised contrastive learning,” Computers and Electrical Engineering, vol. 123, p. 110108, 2025.
. D. Zhang, Y. Song, Q. Xiang, and Y. Wang, “Imcmkcnn: A lightweight convolutional neural network with multi-scale kernels for image-based malware classification,” Alexandria Engineering Journal, vol. 111, pp. 203–220, 2025.
. B. B. Gupta, A. Gaurav, V. Arya, S. Bansal, R. W. Attar, A. Alhomoud, and K. Psannis, “Earthworm optimization algorithm based cascade lstm-gru model for android malware detection,” Cyber Security and Applications, vol. 3, p. 100083, 2025.
. M. Alotaibi, G. Aldehim, M. Maashi, M. M. Asiri, F. A. Alrslani, S. R. Alotaibi, A. Yafoz, and R. Alsini, “Chaos game optimization with stacked lstm sequence to sequence autoencoder for malware detection in iot cloud environment,” Alexandria Engineering Journal, vol. 112, pp. 688–700, 2025.
. N. Minh, N. V. Hung, and N. Shone, “Using deep graph learning to improve dynamic analysis-based malware detection in pe files,” Journal of Computer Virology and Hacking Techniques, vol. 20, pp. 1–20, 10 2023.
. P. V. Dinh, N. Shone, P. H. Dung, Q. Shi, N. V. Hung, and T. N. Ngoc, “Behaviour-aware malware classification: Dynamic feature selection,” in 2019 11th International Conference on Knowledge and Systems Engineering (KSE), 2019, pp. 1–5.
. A. C¸ ayır, U. Unal, and H. Da ¨ g, “Random capsnet forest ˘ model for imbalanced malware type classification task,” Computers Security, vol. 102, p. 102133, 2021.
. F. Demirkıran, A. C¸ ayır, U. Unal, and H. Da ¨ g, “An ensemble of pre-trained transformer models
for imbalanced multiclass malware classification,”Computers Security, vol. 121, p. 102846, 2022.
. L. Xue and T. Zhu, “Hybrid resampling and weighted majority voting for multi-class anomaly detection on imbalanced malware and network traffic data,” Engineering Applications of Artificial Intelligence, vol. 128, p. 107568, 2024.
. M. A. Latif, Z. Mushtaq, S. Rahman, S. Arif, S. Mursal, M. Irfan, and H. Aziz, “Oversamplingenhanced feature fusion based hybrid vit-1dcnn model for ransomware cyber attack detection,” Computer Modeling in Engineering Sciences, vol. 142, pp. 1667–1695, 01 2025.
. N. Anđelic, S. Baressi ´ Segota, and V. Mrzljak, “Application of symbolic classifiers and multiensemble threshold techniques for android malware detection,” Big Data and Cognitive Computing, vol. 9, pp. 1–49, 01 2025.
. M. A. R. Putra, T. Ahmad, D. P. Hostiadi, and R. M. Ijtihadie, “Ensemble network graph-based classification for botnet detection using adaptive weighting and feature extraction,” IEEE Access, vol. 13, pp. 31 183–31 204, 2025.
. K. S. Roy, T. Ahmed, P. B. Udas, M. E. Karim, and S. Majumdar, “Malhystack: A hybrid stacked ensemble learning framework with feature engineering schemes for obfuscated malware analysis,” Intelligent Systems with Applications, vol. 20, p. 200283, 2023.
Downloads
Published
How to Cite
Issue
Section
License
Proposed Policy for Journals That Offer Open Access
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
Proposed Policy for Journals That Offer Delayed Open Access
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication, with the work [SPECIFY PERIOD OF TIME] after publication simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
