ICCK Transactions on Information Security and Cryptography Home About Editors Current Issue
  1. Home
  2. Journals
  3. ICCK Transactions on Information Security and Cryptography
  4. Volume 2, Issue 1
Malware Image Classification Using Global Context Vision Transformers for Information Security
Research Article | Published: 20 December 2025
ICCK Transactions on Information Security and Cryptography Volume 2, Issue 1, 2026: 1-15
Volume 2, Issue 1, ICCK Transactions on Information Security and Cryptography
Volume 2, Issue 1, 2026
Submit Manuscript Edit a Special Issue
Article QR Code
Article QR Code
Scan the QR code for reading
Popular articles
Case Studies on Integrating Artificial Intelligence in Finance to Transform Decision Making and Risk Management for Enhanced Financial Outcomes Reservoir Science: A Multi-Coupling Communication Platform to Promote Energy Transformation, Climate Change and Environmental Protection Reinforcement Learning for Prompt Optimization in Language Models: A Comprehensive Survey of Methods, Representations, and Evaluation Challenges From CO$_2$ Sequestration to Hydrogen Storage: Further Utilization of Depleted Gas Reservoirs AI and the Future of Education: Advancing Personalized Learning and Intelligent Tutoring Systems Effects of Crosslinking Agents and Reservoir Conditions on the Propagation of Fractures in Coal Reservoirs During Hydraulic Fracturing The Influence of Geological Factors and Transmission Fluids on the Exploitation of Reservoir Geothermal Resources: Factor Discussion and Mechanism Analysis YOLOv8-Lite: A Lightweight Object Detection Model for Real-time Autonomous Driving Systems Plant Disease Detection Using Deep Learning Techniques Current Status and Development Prospects of Carbon Capture, Utilization, and Storage (CCUS) in China: Technical, Policy, and Market Perspectives
ICCK Transactions on Information Security and Cryptography, Volume 2, Issue 1, 2026: 1-15

Free to Read | Research Article | 20 December 2025
Malware Image Classification Using Global Context Vision Transformers for Information Security
by
Muhammad Masab Muhammad Masab 1
Khubab Ahmad Khubab Ahmad 2 *
Muzammil Hussain Muzammil Hussain 1
Muhammad Shahbaz Khan Muhammad Shahbaz Khan 3
1 Department of Computer Science, HITEC University, Taxila 47080, Pakistan
2 Faculty of Engineering and Technology, Multimedia University, Melaka 75450, Malaysia
3 School of Computing, Engineering and the Built Environment, Edinburgh Napier University, Edinburgh EH10 5DT, United Kingdom
* Corresponding Author: Khubab Ahmad, [email protected]
DOI: 10.62762/TISC.2025.775760
ARK: ark:/57805/tisc.2025.775760
Received: 27 September 2025, Accepted: 27 November 2025, Published: 20 December 2025  
   PDF  (1.96 MB)
Article Metrics Cite This Article
Abstract
The continuous threat of malware against digital systems exists because its attack methods develop rapidly, reducing the effectiveness of traditional detection systems. Current static and dynamic analysis methods for malware detection face challenges with scalability and robustness when handling large and complex malware samples. Computer vision now shows that malware binaries contain specific structural patterns when displayed as grayscale images, which can be used for classification. This study investigates GCViT for malware detection through its application to the Malimg dataset, which contains 9,337 samples from 25 malware families. The dataset underwent preprocessing through a two-step process that involved converting binary files into grayscale images followed by applying viridis colormap transformation and normalization for better visual discrimination. The GCViT model trained using ImageNet-pretrained weights while keeping its backbone fixed and modifying only the classifier head for malware family classification. The model reached 99.46% test accuracy and showed high effectiveness across most malware families, with only a few errors among structurally similar variants. The results demonstrate that GCViT achieves better performance by detecting both local and global dependencies in images, leading to improved malware image classification. The research sets a new benchmark for the Malimg dataset and highlights the potential of Vision Transformers in cybersecurity.
Graphical Abstract
Malware Image Classification Using Global Context Vision Transformers for Information Security
Keywords
malware classification
global context vision transformer
deep learning
information security
malimg dataset
Data Availability Statement
The original Malimg dataset used in this study is publicly available and was obtained from the Kaggle online repository: https://www.kaggle.com/datasets/ikrambenabd/malimg-original.
Funding
This work was supported without any funding.
Conflicts of Interest
The authors declare no conflicts of interest.
Ethical Approval and Consent to Participate
Not applicable.
References
  1. Hatamizadeh, A., Yin, H., Heinrich, G., Kautz, J., & Molchanov, P. (2023, July). Global context vision transformers. In International Conference on Machine Learning (pp. 12633-12646). PMLR.
    [Google Scholar]
  2. Nataraj, L., Karthikeyan, S., Jacob, G., & Manjunath, B. S. (2011, July). Malware images: visualization and automatic classification. In Proceedings of the 8th international symposium on visualization for cyber security (pp. 1-7).
    [CrossRef]   [Google Scholar]
  3. Anderson, H. S., & Roth, P. (2018). Ember: an open dataset for training static pe malware machine learning models. arXiv preprint arXiv:1804.04637.
    [Google Scholar]
  4. Dosovitskiy, A. (2020). An image is worth 16x16 words: Transformers for image recognition at scale. arXiv preprint arXiv:2010.11929.
    [Google Scholar]
  5. Liu, Z., Lin, Y., Cao, Y., Hu, H., Wei, Y., Zhang, Z., ... & Guo, B. (2021, October). Swin Transformer: Hierarchical Vision Transformer using Shifted Windows. In 2021 IEEE/CVF International Conference on Computer Vision (ICCV) (pp. 9992-10002). IEEE.
    [CrossRef]   [Google Scholar]
  6. Schultz, M. G., Eskin, E., Zadok, F., & Stolfo, S. J. (2000, May). Data mining methods for detection of new malicious executables. In Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001 (pp. 38-49). IEEE.
    [CrossRef]   [Google Scholar]
  7. Bayer, U., Moser, A., Kruegel, C., & Kirda, E. (2006). Dynamic analysis of malicious code. Journal in Computer Virology, 2(1), 67-77.
    [CrossRef]   [Google Scholar]
  8. Ye, Y., Li, T., Adjeroh, D., & Iyengar, S. S. (2017). A survey on malware detection using data mining techniques. ACM Computing Surveys (CSUR), 50(3), 1-40.
    [CrossRef]   [Google Scholar]
  9. He, K., & Kim, D. S. (2019, August). Malware detection with malware images using deep learning techniques. In 2019 18th IEEE international conference on trust, security and privacy in computing and communications/13th IEEE international conference on big data science and engineering (TrustCom/BigDataSE) (pp. 95-102). IEEE.
    [CrossRef]   [Google Scholar]
  10. Kalash, M., Rochan, M., Mohammed, N., Bruce, N. D., Wang, Y., & Iqbal, F. (2018, February). Malware classification with deep convolutional neural networks. In 2018 9th IFIP international conference on new technologies, mobility and security (NTMS) (pp. 1-5). IEEE.
    [CrossRef]   [Google Scholar]
  11. Vinayakumar, R., Alazab, M., Soman, K., & Others. (2019). Deep learning approach for intelligent intrusion detection system. IEEE Access, 7, 41525–41550.
    [CrossRef]   [Google Scholar]
  12. Seneviratne, S., Shariffdeen, R., Rasnayaka, S., & Kasthuriarachchi, N. (2022). Self-supervised vision transformers for malware detection. IEEE Access, 10, 103121-103135.
    [CrossRef]   [Google Scholar]
  13. Szor, P. (2005). The art of computer virus research and defense. Pearson Education.
    [Google Scholar]
  14. Egele, M., Scholte, T., Kirda, E., & Kruegel, C. (2008). A survey on automated dynamic malware-analysis techniques and tools. ACM computing surveys (CSUR), 44(2), 1-42.
    [CrossRef]   [Google Scholar]
  15. Saxe, J., & Berlin, K. (2015, October). Deep neural network based malware detection using two dimensional binary program features. In 2015 10th international conference on malicious and unwanted software (MALWARE) (pp. 11-20). IEEE.
    [CrossRef]   [Google Scholar]
  16. El-Shafai, W., Almomani, I., & AlKhayer, A. (2021). Visualized malware multi-classification framework using fine-tuned CNN-based transfer learning models. Applied Sciences, 11(14), 6446.
    [CrossRef]   [Google Scholar]
  17. Gibert, D., Mateu, C., & Planes, J. (2020). The rise of machine learning for detection and classification of malware: Research developments, trends and challenges. Journal of Network and Computer Applications, 153, 102526.
    [CrossRef]   [Google Scholar]
  18. Alshomrani, M., Albeshri, A., Alturki, B., Alallah, F. S., & Alsulami, A. A. (2024). Survey of Transformer-Based Malicious Software Detection Systems. Electronics, 13(23), 4677.
    [CrossRef]   [Google Scholar]
  19. Benabdallah, I. (2021). Malimg original dataset [Data set]. Kaggle. Retrieved from https://www.kaggle.com/datasets/ikrambenabd/malimg-original (accessed: 19 December 2025).
    [Google Scholar]
  20. Anderson, K., & McGrew, D. (2015). Microsoft malware classification challenge (BIG 2015) [Data set]. Kaggle. Retrieved from https://www.kaggle.com/c/malware-classification (accessed: 19 December 2025).
    [Google Scholar]
  21. Pan, S. J., & Yang, Q. (2010). A survey on transfer learning. IEEE Transactions on Knowledge and Data Engineering, 22(10), 1345–1359.
    [CrossRef]   [Google Scholar]
  22. Bouchaib, P., & Bouhorma, M. (2021, April). Transfer learning and smote algorithm for image-based malware classification. In Proceedings of the 4th International Conference on Networking, Information Systems & Security (pp. 1-6).
    [CrossRef]   [Google Scholar]
  23. Venkatraman, S., Alazab, M., & Vinayakumar, R. (2019). A hybrid deep learning image-based analysis for effective malware detection. Journal of Information Security and Applications, 47, 377-389.
    [CrossRef]   [Google Scholar]
  24. Akritidis, L., Fevgas, A., Alamaniotis, M., & Bozanis, P. (2023, November). Conditional data synthesis with deep generative models for imbalanced dataset oversampling. In 2023 IEEE 35th international conference on tools with artificial intelligence (ICTAI) (pp. 444-451). IEEE.
    [CrossRef]   [Google Scholar]
  25. Goyal, P., Dollár, P., Girshick, R., Noordhuis, P., Wesolowski, L., Kyrola, A., ... & He, K. (2017). Accurate, large minibatch sgd: Training imagenet in 1 hour. arXiv preprint arXiv:1706.02677.
    [Google Scholar]
  26. Meng, L., Li, H., Chen, B. C., Lan, S., Wu, Z., Jiang, Y. G., & Lim, S. N. (2022, June). AdaViT: Adaptive Vision Transformers for Efficient Image Recognition. In 2022 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) (pp. 12299-12308). IEEE.
    [CrossRef]   [Google Scholar]
  27. Karat, G., Kannimoola, J. M., Nair, N., Vazhayil, A., VG, S., & Poornachandran, P. (2024). CNN-LSTM hybrid model for enhanced malware analysis and detection. Procedia Computer Science, 233, 492-503.
    [CrossRef]   [Google Scholar]
  28. Ashawa, M., Owoh, N., Hosseinzadeh, S., & Osamor, J. (2024). Enhanced Image-Based Malware Classification Using Transformer-Based Convolutional Neural Networks (CNNs). Electronics, 13(20), 4081.
    [CrossRef]   [Google Scholar]
  29. Raff, E., & Nicholas, C. (2017, November). Malware classification and class imbalance via stochastic hashed lzjd. In Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security (pp. 111-120).
    [CrossRef]   [Google Scholar]
  30. Moisejevs, I. (2019). Adversarial attacks and defenses in malware classification: A survey. International Journal of Artificial Intelligence and Expert Systems, 8.
    [Google Scholar]
  31. Kanadath, A., Jothi, J. A. A., & Urolagin, S. (2024). Cvits-net: A cnn-vit network with skip connections for histopathology image classification. IEEE Access.
    [CrossRef]   [Google Scholar]
  32. Demetrio, L., Coull, S. E., Biggio, B., Lagorio, G., Armando, A., & Roli, F. (2021). Adversarial exemples: A survey and experimental evaluation of practical attacks on machine learning for windows malware detection. ACM Transactions on Privacy and Security (TOPS), 24(4), 1-31.
    [CrossRef]   [Google Scholar]
  33. Cruickshank, I. J., & Carley, K. M. (2020). Analysis of malware communities using multi-modal features. IEEE Access, 8, 77435-77448.
    [CrossRef]   [Google Scholar]
  34. Dilshad, M., Almas, B., Tariq, N., Jazri, H. B., Alwakid, G. N., Khan, J. S., ... & Kumar, R. (2024, July). IoV Cyber Defense: Advancing DDoS Attack Detection with Gini Index in Tree Models. In 2024 International Conference on Emerging Trends in Networks and Computer Communications (ETNCC) (pp. 1-8). IEEE.
    [CrossRef]   [Google Scholar]
  35. Ramzan, T., Tariq, N., Farooq, U., Jazri, H. B., Ashraf, H., Khan, J. S., & Kumar, P. (2024, July). An ANN-Based Resampling Approach for Handling Imbalance and Overlapped Data. In 2024 International Conference on Emerging Trends in Networks and Computer Communications (ETNCC) (pp. 1-8). IEEE.
    [CrossRef]   [Google Scholar]
  36. Cohen, J. (1960). A coefficient of agreement for nominal scales. Educational and psychological measurement, 20(1), 37-46.
    [CrossRef]   [Google Scholar]
  37. Matthews, B. W. (1975). Comparison of the predicted and observed secondary structure of T4 phage lysozyme. Biochimica et Biophysica Acta (BBA)-Protein Structure, 405(2), 442-451.
    [CrossRef]   [Google Scholar]
Cite This Article
APA Style
Masab, M., Ahmad, K., Hussain, M., & Khan, M. S. (2025). Malware Image Classification Using Global Context Vision Transformers for Information Security. ICCK Transactions on Information Security and Cryptography, 2(1), 1–15. https://doi.org/10.62762/TISC.2025.775760
Export Citation
RIS Format
Compatible with EndNote, Zotero, Mendeley, and other reference managers
RIS format data for reference managers
TY  - JOUR
AU  - Masab, Muhammad
AU  - Ahmad, Khubab
AU  - Hussain, Muzammil
AU  - Khan, Muhammad Shahbaz
PY  - 2025
DA  - 2025/12/20
TI  - Malware Image Classification Using Global Context Vision Transformers for Information Security
JO  - ICCK Transactions on Information Security and Cryptography
T2  - ICCK Transactions on Information Security and Cryptography
JF  - ICCK Transactions on Information Security and Cryptography
VL  - 2
IS  - 1
SP  - 1
EP  - 15
DO  - 10.62762/TISC.2025.775760
UR  - https://www.icck.org/article/abs/TISC.2025.775760
KW  - malware classification
KW  - global context vision transformer
KW  - deep learning
KW  - information security
KW  - malimg dataset
AB  - The continuous threat of malware against digital systems exists because its attack methods develop rapidly, reducing the effectiveness of traditional detection systems. Current static and dynamic analysis methods for malware detection face challenges with scalability and robustness when handling large and complex malware samples. Computer vision now shows that malware binaries contain specific structural patterns when displayed as grayscale images, which can be used for classification. This study investigates GCViT for malware detection through its application to the Malimg dataset, which contains 9,337 samples from 25 malware families. The dataset underwent preprocessing through a two-step process that involved converting binary files into grayscale images followed by applying viridis colormap transformation and normalization for better visual discrimination. The GCViT model trained using ImageNet-pretrained weights while keeping its backbone fixed and modifying only the classifier head for malware family classification. The model reached 99.46% test accuracy and showed high effectiveness across most malware families, with only a few errors among structurally similar variants. The results demonstrate that GCViT achieves better performance by detecting both local and global dependencies in images, leading to improved malware image classification. The research sets a new benchmark for the Malimg dataset and highlights the potential of Vision Transformers in cybersecurity.
SN  - 3070-2429
PB  - Institute of Central Computation and Knowledge
LA  - English
ER  -
BibTeX Format
Compatible with LaTeX, BibTeX, and other reference managers
BibTeX format data for LaTeX and reference managers
@article{Masab2025Malware,
  author = {Muhammad Masab and Khubab Ahmad and Muzammil Hussain and Muhammad Shahbaz Khan},
  title = {Malware Image Classification Using Global Context Vision Transformers for Information Security},
  journal = {ICCK Transactions on Information Security and Cryptography},
  year = {2025},
  volume = {2},
  number = {1},
  pages = {1-15},
  doi = {10.62762/TISC.2025.775760},
  url = {https://www.icck.org/article/abs/TISC.2025.775760},
  abstract = {The continuous threat of malware against digital systems exists because its attack methods develop rapidly, reducing the effectiveness of traditional detection systems. Current static and dynamic analysis methods for malware detection face challenges with scalability and robustness when handling large and complex malware samples. Computer vision now shows that malware binaries contain specific structural patterns when displayed as grayscale images, which can be used for classification. This study investigates GCViT for malware detection through its application to the Malimg dataset, which contains 9,337 samples from 25 malware families. The dataset underwent preprocessing through a two-step process that involved converting binary files into grayscale images followed by applying viridis colormap transformation and normalization for better visual discrimination. The GCViT model trained using ImageNet-pretrained weights while keeping its backbone fixed and modifying only the classifier head for malware family classification. The model reached 99.46\% test accuracy and showed high effectiveness across most malware families, with only a few errors among structurally similar variants. The results demonstrate that GCViT achieves better performance by detecting both local and global dependencies in images, leading to improved malware image classification. The research sets a new benchmark for the Malimg dataset and highlights the potential of Vision Transformers in cybersecurity.},
  keywords = {malware classification, global context vision transformer, deep learning, information security, malimg dataset},
  issn = {3070-2429},
  publisher = {Institute of Central Computation and Knowledge}
}
Article Metrics
Citations:

Google Scholar
0

Crossref

0

Scopus

0

Web of Science

0
Article Access Statistics:
Views: 521
PDF Downloads: 104
Publisher's Note
ICCK stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and Permissions
Institute of Central Computation and Knowledge (ICCK) or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
ICCK Transactions on Information Security and Cryptography

ICCK Transactions on Information Security and Cryptography

ISSN: 3070-2429 (Online)

Email: [email protected]

Portico

Portico

All published articles are preserved here permanently:
https://www.portico.org/publishers/icck/