Skip to main content
Springer Nature Link
Log in

An Explainable Method for Malware Detection Through Convolutional Neural Networks

  • Conference paper
  • First Online:
Availability, Reliability and Security (ARES 2025)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 15994))

Included in the following conference series:

  • 81 Accesses

Abstract

Considering that current antimalware, typically based on signature-based approaches, are not able to identify threats whose signatures are not present in the antiviral database, in this paper we propose a method to identify malware based on deep learning, in particular on convolutional neural networks to identify whether an application is malicious. A distinctive feature of the proposed method is the ability to explain the reasons why the classifier predicts whether an application is malware or trusted, in fact in addition to the binary prediction, the proposed method is able to select the opcodes of the identified application that according to the model are symptomatic of the malicious behavior, thus providing a kind of explainability. Experimental results have shown satisfactory results, thus demonstrating the effectiveness of the proposed method.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+
from €37.37 /Month
  • Starting from 10 chapters or articles per month
  • Access and download chapters and articles from more than 300k books and 2,500 journals
  • Cancel anytime
View plans

Buy Now

Chapter
EUR 29.95
Price includes VAT (Austria)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
EUR 48.14
Price includes VAT (Austria)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
EUR 63.79
Price includes VAT (Austria)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    https://linux.die.net/man/1/objdump.

  2. 2.

    identified by the 52b9970cf2d50af70ad1938a77e44c41a334667fbcf6e08506b9a209cc1e1d2d hash.

  3. 3.

    https://www.virustotal.com/gui/file/52b9970cf2d50af70ad1938a77e44c41a334667fbcf6e08506b9a209cc1e1d2dhttps://www.virustotal.com/gui/file/52b9970cf2d50af70ad1938a77e44c41a334667fbcf6e08506b9a209cc1e1d2d.

  4. 4.

    identified by the 52e12f1e41fb8d7763a7c2966a53e6e7b7c3a9275a5942e9d7ff1cd84708d9a6 hash.

  5. 5.

    https://www.virustotal.com/gui/file/52e12f1e41fb8d7763a7c2966a53e6e7b7c3a9275a5942e9d7ff1cd84708d9a6.https://www.virustotal.com/gui/file/52e12f1e41fb8d7763a7c2966a53e6e7b7c3a9275a5942e9d7ff1cd84708d9a6.

  6. 6.

    identified by the 2d901bf0cb31995d596329a8406471c6e82671811c0d16255cfa02154e6dd90b.

  7. 7.

    https://www.virustotal.com/gui/file/2d901bf0cb31995d596329a8406471c6e82671811c0d16255cfa02154e6dd90b.https://www.virustotal.com/gui/file/2d901bf0cb31995d596329a8406471c6e82671811c0d16255cfa02154e6dd90b.

  8. 8.

    identified by the 4c77b3ecfe7ff1be8b05f7bc58d2360531c67997c3fae399f6f24132cb05065a.

  9. 9.

    https://www.virustotal.com/gui/file/4c77b3ecfe7ff1be8b05f7bc58d2360531c67997c3fae399f6f24132cb05065a.https://www.virustotal.com/gui/file/4c77b3ecfe7ff1be8b05f7bc58d2360531c67997c3fae399f6f24132cb05065a.

  10. 10.

    https://github.com/iosifache/DikeDataset.

  11. 11.

    0ab06167cb7fd6d00a08079bbcd2d2ca05cbb5a9edaa943543dca37d7aaed05b hash.

  12. 12.

    https://www.virustotal.com/gui/file/0ab06167cb7fd6d00a08079bbcd2d2ca05cbb5a9edaa943543dca37d7aaed05b.https://www.virustotal.com/gui/file/0ab06167cb7fd6d00a08079bbcd2d2ca05cbb5a9edaa943543dca37d7aaed05b.

  13. 13.

    0ae694c5332ae2c89f5cfb1e65ac6805c34e02c0b63b33197b5cb7f554c7cf76 hash.

  14. 14.

    https://www.virustotal.com/gui/file/0ae694c5332ae2c89f5cfb1e65ac6805c34e02c0b63b33197b5cb7f554c7cf76.https://www.virustotal.com/gui/file/0ae694c5332ae2c89f5cfb1e65ac6805c34e02c0b63b33197b5cb7f554c7cf76.

References

  1. Almobaideen, W., Abu Alghanam, O., Abdullah, M., Hussain, S.B., Alam, U.: Comprehensive review on machine learning and deep learning techniques for malware detection in android and IOT devices. Int. J. Inf. Secur. 24(3), 1–34 (2025)

    Google Scholar 

  2. Azeez, N.A., Odufuwa, O.E., Misra, S., Oluranti, J., Damaševičius, R.: Windows PE malware detection using ensemble learning. Informatics 8, 10 (2021)

    Google Scholar 

  3. Biondi, F., Enescu, M.A., Given-Wilson, T., Legay, A., Noureddine, L., Verma, V.: Effective, efficient, and robust packing detection and classification. Comput. Secur. 85, 436–451 (2019)

    Google Scholar 

  4. Borgli, H., Stensland, H.K., Halvorsen, P.: Better image segmentation with classification: guiding zero-shot models using class activation maps. In: International Conference on Multimedia Modeling, pp. 105–111. Springer (2025)

    Google Scholar 

  5. Chander, B., John, C., Warrier, L., Gopalakrishnan, K.: Toward trustworthy artificial intelligence (tai) in the context of explainability and robustness. ACM Comput. Surv. 57(6), 1–49 (2025)

    Google Scholar 

  6. Chen, X., et al.: Deep learning-based software engineering: progress, challenges, and opportunities. SCI. CHINA Inf. Sci. 68(1), 1–88 (2025)

    MathSciNet  Google Scholar 

  7. Ciaramella, G., Iadarola, G., Martinelli, F., Mercaldo, F., Santone, A.: Explainable ransomware detection with deep learning techniques. J. Comput. Virol. Hacking Tech. 20(2), 317–330 (2024)

    Google Scholar 

  8. Devi, D., Nandi, S.: Detection of packed malware. In: Proceedings of the First International Conference on Security of Internet of Things, pp. 22–26 (2012)

    Google Scholar 

  9. Di Giammarco, M., et al.: A robust and explainable deep learning method for cervical cancer screening. In: International Conference on Applied Intelligence and Informatics, pp. 111–125. Springer (2023)

    Google Scholar 

  10. Gao, X., Hu, C., Shan, C., Han, W.: Malicage: a packed malware family classification framework based on DNN and GAN. J. Inf. Secur. Appl. 68, 103267 (2022). https://doi.org/10.1016/j.jisa.2022.103267, https://www.sciencedirect.com/science/article/pii/S2214212622001296

  11. He, H., Yang, H., Mercaldo, F., Santone, A., Huang, P.: Isolation forest-voting fusion-multioutput: a stroke risk classification method based on the multidimensional output of abnormal sample detection. Comput. Methods Programs Biomed. 108255 (2024)

    Google Scholar 

  12. Huang, X., Ma, L., Yang, W., Zhong, Y.: A method for windows malware detection based on deep learning. J. Sig. Process. Syst. 93, 265–273 (2021)

    Google Scholar 

  13. Iadarola, G., Martinelli, F., Mercaldo, F., Santone, A.: Towards an interpretable deep learning model for mobile malware detection and family identification. Comput. Secur. 105, 102198 (2021)

    Google Scholar 

  14. Kim, J.W., Namgung, J., Moon, Y.S., Choi, M.J.: Experimental comparison of machine learning models in malware packing detection. In: 2020 21st Asia-Pacific Network Operations and Management Symposium (APNOMS), pp. 377–380. IEEE (2020)

    Google Scholar 

  15. Martinelli, F., Mercaldo, F., Petrillo, L., Santone, A.: Security policy generation and verification through large language models: a proposal. In: Proceedings of the Fourteenth ACM Conference on Data and Application Security and Privacy, pp. 143–145 (2024)

    Google Scholar 

  16. Qu, Y., et al.: CGAM: an end-to-end causality graph attention mamba network for esophageal pathology grading. Biomed. Signal Process. Control 103, 107452 (2025)

    Google Scholar 

  17. Rabadi, D., Teo, S.G.: Advanced windows methods on malware detection and classification. In: Proceedings of the 36th Annual Computer Security Applications Conference, pp. 54–68 (2020)

    Google Scholar 

  18. Rabitti, G., Khorrami Chokami, A., Coyle, P., Cohen, R.D.: A taxonomy of cyber risk taxonomies. Risk Anal. 45(2), 376–386 (2025)

    Google Scholar 

Download references

Acknowledgment

This work has been partially supported by EU DUCA, EU CyberSecPro, SYNAPSE, PTR 22-24 P2.01 (Cybersecurity) and SERICS (PE00000014) under the MUR National Recovery and Resilience Plan funded by the EU - NextGenerationEU projects, by MUR - REASONING: foRmal mEthods for computAtional analySis for diagnOsis and progNosis in imagING - PRIN, e-DAI (Digital ecosystem for integrated analysis of heterogeneous health data related to high-impact diseases: innovative model of care and research), Health Operational Plan, FSC 2014-2020, PRIN-MUR-Ministry of Health, Progetto MolisCTe, Ministero delle Imprese e del Made in Italy, Italy, CUP: D33B22000060001, FORESEEN: FORmal mEthodS for attack dEtEction in autonomous driviNg systems CUP N.P2022WYAEW and ALOHA: a framework for monitoring the physical and psychological health status of the Worker through Object detection and federated machine learning, Call for Collaborative Research BRiC -2024, INAIL.

Author information

Authors and Affiliations

  1. Department of Medicine and Health Sciences V. Tiberio, University of Molise, Campobasso, Italy

    Francesco Mercaldo & Antonella Santone

  2. Faculty of Computer Science, University of Vienna, Vienna, Austria

    Francesco Mercaldo & Paul Tavolato

  3. Institute of High Performance Computing and Networking, National Research Council of Italy (CNR), Rende, Italy

    Fabio Martinelli

Authors
  1. Francesco Mercaldo
    View author publications

    Search author on:PubMed Google Scholar

  2. Paul Tavolato
    View author publications

    Search author on:PubMed Google Scholar

  3. Antonella Santone
    View author publications

    Search author on:PubMed Google Scholar

  4. Fabio Martinelli
    View author publications

    Search author on:PubMed Google Scholar

Corresponding author

Correspondence to Francesco Mercaldo .

Editor information

Editors and Affiliations

  1. Ghent University, Ghent, Belgium

    Bart Coppens

  2. Ghent University, Ghent, Belgium

    Bruno Volckaert

  3. KU Leuven, Ghent, Belgium

    Vincent Naessens

  4. Ghent University, Ghent, Belgium

    Bjorn De Sutter

Rights and permissions

Reprints and permissions

Copyright information

© 2025 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Mercaldo, F., Tavolato, P., Santone, A., Martinelli, F. (2025). An Explainable Method for Malware Detection Through Convolutional Neural Networks. In: Coppens, B., Volckaert, B., Naessens, V., De Sutter, B. (eds) Availability, Reliability and Security. ARES 2025. Lecture Notes in Computer Science, vol 15994. Springer, Cham. https://doi.org/10.1007/978-3-032-00630-1_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-032-00630-1_18

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-032-00629-5

  • Online ISBN: 978-3-032-00630-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics