ACB-TriNet is a dual-branch deep learning architecture for malware classification that converts malware binaries into three-channel image representations: grayscale, entropy map, and Sobel edge features, enabling the model to simultaneously capture global structural patterns and fine-grained local textures.
Published at the International Conference on Emerging Trends in Cybersecurity (ICETCS 2025, UK) and awarded Best Technical Paper. Accepted for publication in Springer Lecture Notes.
Python PyTorch OpenCV NumPy Matplotlib Scikit-learn Malimg Dataset
The framework has three core innovations:
Directional feature extraction using asymmetric 1×k and k×1 kernels alongside standard k×k convolutions. Captures horizontal, vertical, and diagonal patterns in malware visualizations.
Cross-dimensional feature refinement across H×W, C×W, and C×H planes without dimensionality reduction, capturing inter-channel and spatial dependencies simultaneously.
Final feature fusion module that aggregates multi-scale representations from both branches, producing a discriminative global descriptor for classification.
Malware Binary → Grayscale visualization ┐
→ Entropy map ├→ 3-channel tensor → Dual-branch ACB-TriNet
→ Sobel edge features ┘
A class-balanced focal loss handles the significant class imbalance in the Malimg dataset (25 malware families with highly skewed distributions).
Accuracy
F1-Score
False Negative Rate
Malware Families
@inproceedings{shuvo2025acbtrinet,
author = {Shakil Mahmud Shuvo and Rezwanul Haque},
title = {ACB-TriNet: Asymmetric Convolutions and Triplet Attention for Effective Malware Classification},
booktitle = {Proc. ICETCS 2025},
year = {2025},
publisher = {Springer Lecture Notes},
note = {Best Technical Paper Award. Accepted, in press.}
}