Malware has become a formidable threat as it has been growing exponentially in number and sophistication, thus, it is imperative to have a solution that is easy to implement, reliable, and effective. While recent research has introduced deep learning multi-feature fusion algorithms, they lack a proper explanation. In this work, we investigate the power of fusing Convolutional Neural Network models trained on different modalities of a malware executable. We are proposing a novel multimodal fusion algorithm, leveraging three different visual malware features: Grayscale Image, Entropy Graph, and SimHash Image, with which we conducted exhaustive experiments independently on each feature and combinations of all three of them using fusion operators such as average, maximum, add, and concatenate for effective malware detection and classification. The proposed strategy has a detection rate of 1.00 (on a scale of 0-1) in identifying malware in the given dataset. We explained its interpretability with visualization techniques such as t-SNE and Grad-CAM. Experimental results show the model works even for a highly imbalanced dataset. We also assessed the effectiveness of the proposed method on obfuscated malware and achieved state-of-the-art results. The proposed methodology is more reliable as our findings prove VGG16 model can detect and classify malware in a matter of seconds in real-time.

翻译：恶意软件在数量和复杂性上呈指数级增长，已成为一项严峻威胁，因此亟需一种易于实施、可靠且有效的解决方案。尽管近期研究引入了深度学习多特征融合算法，但这些算法缺乏合理解释。本研究探讨了融合在不同模态恶意软件可执行文件上训练的卷积神经网络模型的效能。我们提出了一种新颖的多模态融合算法，利用三种不同的视觉恶意软件特征：灰度图像、熵图和SimHash图像。我们使用平均、最大值、加法和拼接等融合算子，分别对每种特征以及三者的组合进行了详尽的实验，以实现有效的恶意软件检测与分类。所提策略在给定数据集中识别恶意软件的检测率达到1.00（量程0-1）。我们通过t-SNE和Grad-CAM等可视化技术阐释了其可解释性。实验结果表明，该模型即使在高度不平衡的数据集上也能有效工作。我们还评估了所提方法对混淆恶意软件的有效性，并取得了最先进的结果。我们的研究证明VGG16模型能在数秒内实时检测并分类恶意软件，因此所提方法具有更高的可靠性。