A Dual-Branch CNN-LSTM Residual Network for Enhanced Windows Malware Detection

Authors

  • Nadia Mahmood Ali Institute of Medical Technology Al-Mansur, Middle Technical University, Baghdad, Iraq.
  • Munera A. Jabaar Institute of Medical Technology Al-Mansur, Middle Technical University, Baghdad, Iraq.
  • Ahmed Majid Taha College of Biomedical Informatics, University of Information Technology and Communications, Baghdad, Iraq. and Soft Computing and Data Mining Center, Universiti Tun Hussein Onn Malaysia 86400 Parit Raja, Batu Pahat Johor, Malaysia

The persistent evolution of Windows malware presents a significant challenge to static‐analysis techniques, which often rely on handcrafted features and single‐modality models that struggle to generalize across diverse and obfuscated samples. This study proposes a novel Dual‐Branch CNN‐LSTM Residual Network that concurrently processes a uniform static feature vector as both a pseudo‐image and a sequential input, thereby capturing complementary spatial and temporal patterns without necessitating multiple preprocessing pipelines. The architecture incorporates residual connections in each branch to preserve gradient flow and facilitate deep learning. Experiments conducted on the EMBER dataset demonstrate that the proposed method attains an accuracy of 97.1 %, alongside a precision of 96.9 %, a recall of 97.1 %, and an F1-score of 97.0 %, surpassing existing single‐branch and traditional baseline models. These results underscore the capacity of dual‐branch residual fusion to improve detection performance while maintaining computational efficiency and robustness to feature obfuscation. The unified preprocessing scheme further simplifies cross‐dataset evaluation, paving the way for scalable deployment in real‐world Windows environments

Keywords:

Windows Malware Detection, Convolutional Neural Network, Long Short‐Term Memory, Residual Network, Dual‐Branch Architecture, Deep Learning

[1] A. Bensaoud, J. Kalita, and M. Bensaoud, “A survey of malware detection using deep learning,” Mach. Learn. with Appl. 16, 100546 (2024).

[2] M. Woźniak, J. Siłka, M. Wieczorek, and M. Alrashoud, “Recurrent neural network model for IoT and networking malware threat detection,” IEEE Trans. Ind. Informat. 17, 5583–5594 (2020).

[3] M. G. Gaber, M. Ahmed, and H. Janicke, “Malware detection with artificial intelligence: A systematic literature review,” ACM Comput. Surv. 56, 1–33 (2024).

[4] P. K. Gurumallu, R. Dembala, D. Y. Gowda, A. K. M. Annaiah, M. K. M. V. Kumar, and H. Gohel, “Exploring deep learning approaches for ransomware detection: A comprehensive survey,” Recent Adv. Comput. Sci. Commun. 18, E290524230472 (2025).

[5] A. Redhu, P. Choudhary, K. Srinivasan, and T. K. Das, “Deep learning-powered malware detection in cyberspace: A contemporary review,” Front. Phys. 12, 1349463 (2024).

[6] P. Yadav, N. Menon, V. Ravi, S. Vishvanathan, and T. D. Pham, “EfficientNet convolutional neural networks-based Android malware detection,” Comput. Secur. 115, 102622 (2022).

[7] C. P. Chenet, A. Savino, and S. Di Carlo, “A survey on hardware-based malware detection approaches,” IEEE Access (2024).

[8] A. Hawana, E. S. Hassan, W. El‐Shafai, and S. A. El‐Dolil, “Enhancing malware detection with deep learning convolutional neural networks: Investigating the impact of image size variations,” Secur. Priv. 8, e70000 (2025).

[9] Y. Jian, H. Kuang, C. Ren, Z. Ma, and H. Wang, “A novel framework for image-based malware detection with a deep neural network,” Comput. Secur. 109, 102400 (2021).

[10] M. Dener, G. Ok, and A. Orman, “Malware detection using memory analysis data in big data environment,” Appl. Sci. 12, 8604 (2022).

[11] M. Almahmoud, D. Alzu’bi, and Q. Yaseen, “ReDroidDet: Android malware detection based on recurrent neural network,” Procedia Comput. Sci. 184, 841–846 (2021).

[12] H. Almajed, A. Alsaqer, and M. Frikha, “Imbalance datasets in malware detection: A review of current solutions and future directions,” Int. J. Adv. Comput. Sci. Appl. 16 (2025).

[13] T. S. Lakshmi, M. Govindarajan, and A. Srinivasulu, “Embedding and Siamese deep neural network-based malware detection in Internet of Things,” Int. J. Pervasive Comput. Commun. 21, 14–25 (2025).

[14] A. Razaque, G. Bektemyssova, J. Yoo, S. Hariri, M. J. Khan, N. Nalgozhina, and M. A. Khan, “Review of malicious code detection in data mining applications: challenges, algorithms, and future direction,” Cluster Comput. 28, 1–37 (2025).

[15] N. A. Azeez, S. S. Shitharth, A. S. Al-Mashaqbeh, H. H. Alweshah, and O. Kaiwartya, “A novel deep learning framework for malware detection based on ensemble of neural network classifiers,” Informatics 8, 10 (2021).

[16] A. Aziz, N. A. Zainol, and A. H. Abdullah, “Evaluation of machine learning classifiers for Windows malware detection using PE headers,” Neutrosophic Sets Syst. 40, 85–96 (2022).

[17] F. ALGorain and J. Clark, “Bayesian hyper-parameter optimisation for malware detection,” Electronics 11, 1640 (2022).

[18] H. Ayoub, A. Mousannif, and H. Al Moatassime, “PE-MalNet: A static Windows PE malware dataset and machine learning-based detection,” PeerJ Comput. Sci. 9, e1319 (2023).

[19] U. Divakarla, K. H. K. Reddy, and K. Chandrasekaran, “Detection of malware using neural network: A deep learning approach,” Procedia Comput. Sci. 215, 148–157 (2023).

[20] K. Komarudin, I. E. Maulani, T. Herdianto, M. Oga Laksana, and D. Febri Syawaludin, “Exploring the effectiveness of artificial intelligence in detecting malware and improving cyber-security in computer networks,” Eduvest: J. Univers. Stud. 3 (2023).

[21] T. B. Hammi, R. Ben Ayed, and A. M. Al-Sariera, “Windows malware detection using ensemble voting techniques on API call sequences,” in Proc. 9th Int. Conf. Mobile Secure Serv. (MOBISECSERV), Miami, USA, pp. 77–84 (2024).

[22] S. Ilić, D. Malbasa, A. Pavlović, and A. Adamović, “Sandbox-based Windows malware detection using full execution reports,” Electronics 13, 3553 (2024).

[23] M. Mishchenko and M. Dorosh, “Malware detection using word2vec feature encoding of PE file imports,” Int. J. Comput. 23, 3765–3773 (2024).

[24] E. Baghirov, R. Dadaşov, and I. Jafarov, “Static malware detection using LightGBM with explainable AI methods,” J. Mod. Technol. Eng. 9, 825–832 (2024).

[25] D. Syeda and M. Asghar, “Dynamic malware classification and API categorisation of Windows portable executable files using machine learning,” Appl. Sci. 14, 1015 (2024).

[26] N. V. Sarı, “A hybrid GAT-CNN-GRU model for PE malware detection using graph-based feature representations,” Appl. Sci. 15, 4775 (2025).

[27] M. Miraoui and M. B. Belgacem, “Comparative analysis of classical and deep learning models for Windows malware classification,” Front. Comput. Sci. 2, 634–642 (2025).

[28] H. S. Anderson and P. Roth, “EMBER: An open dataset for training static PE malware machine learning models,” arXiv:1804.04637 (2018).

[29] D. G. Corlatescu, A. Dinu, M. P. Gaman, and P. Sumedrea, “EMBERSim: A large-scale databank for boosting similarity search in malware analysis,” Adv. Neural Inf. Process. Syst. 36, 26722–26743 (2023).

[30] R. Harang and E. M. Rudd, “SOREL-20M: A large scale benchmark dataset for malicious PE detection,” arXiv:2012.07634 (2020).

A Dual-Branch CNN-LSTM Residual Network for Enhanced Windows Malware Detection. (2025). Journal Port Science Research, 8(4). https://doi.org/10.36371/port.2025.4.6

License

Copyright (c) 2025 Journal Port Science Research

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

How to Cite

A Dual-Branch CNN-LSTM Residual Network for Enhanced Windows Malware Detection. (2025). Journal Port Science Research, 8(4). https://doi.org/10.36371/port.2025.4.6