ASSCA: API sequence and statistics features combined architecture for malware detection

Abstract In this paper, a new deep learning and machine learning combined model is proposed for malware behavior analysis. One part of it analyzes the dependency relation in API (Application Programming Interface) call sequence at the functional level, and extracts features for random forest to learn and classify. The other part employs a bidirectional residual neural network to study the API sequence and discover malware with redundant information preprocessing. In the API call sequence, future information is much more important for conjecturing the semantic of the current API call. We conducted experiments on a malware dataset. The experiment results show that both methods can effectively detect malwares. However, the combined framework has better classification performance. The classification accuracy of the combined malware detection architecture is 0.967.

[1]  Vladimir A. Zakharov,et al.  On the Concept of Software Obfuscation in Computer Security , 2007, ISC.

[2]  Konstantin Berlin,et al.  Deep neural network based malware detection using two dimensional binary program features , 2015, 2015 10th International Conference on Malicious and Unwanted Software (MALWARE).

[3]  Chandrasekar Ravi,et al.  Malware Detection using Windows Api Sequence and Machine Learning , 2012 .

[4]  Rajkumar Buyya,et al.  CloudEyes: Cloud‐based malware detection with reversible sketch for resource‐constrained internet of things (IoT) devices , 2017, Softw. Pract. Exp..

[5]  Claudia Eckert,et al.  Deep Learning for Classification of Malware System Call Sequences , 2016, Australasian Conference on Artificial Intelligence.

[6]  Efstathios Stamatatos,et al.  N-Gram Feature Selection for Authorship Identification , 2006, AIMSA.

[7]  Udi Manber,et al.  A FAST ALGORITHM FOR MULTI-PATTERN SEARCHING , 1999 .

[8]  J. D. Koli,et al.  RanDroid: Android malware detection using random machine learning classifiers , 2018, 2018 Technologies for Smart-City Energy Security and Power (ICSESP).

[9]  Takeshi Yagi,et al.  Malware Detection with Deep Neural Network Using Process Behavior , 2016, 2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC).

[10]  Nirwan Ansari,et al.  Why Anti-Virus Products Slow Down Your Machine? , 2009, 2009 Proceedings of 18th International Conference on Computer Communications and Networks.

[11]  Avinash Srinivasan,et al.  Lightweight behavioral malware detection for windows platforms , 2017, 2017 12th International Conference on Malicious and Unwanted Software (MALWARE).

[12]  Eul Gyu Im,et al.  A Multimodal Deep Learning Method for Android Malware Detection Using Various Features , 2019, IEEE Transactions on Information Forensics and Security.

[13]  Gianluca Dini,et al.  MADAM: Effective and Efficient Behavior-based Android Malware Detection and Prevention , 2018, IEEE Transactions on Dependable and Secure Computing.

[14]  Muttukrishnan Rajarajan,et al.  Android Security: A Survey of Issues, Malware Penetration, and Defenses , 2015, IEEE Communications Surveys & Tutorials.

[15]  Eric Medvet,et al.  Detecting Android malware using sequences of system calls , 2015, DeMobile@SIGSOFT FSE.

[16]  Vijay Varadharajan,et al.  VAED: VMI‐assisted evasion detection approach for infrastructure as a service cloud , 2017, Concurr. Comput. Pract. Exp..

[17]  Alfred V. Aho,et al.  Efficient string matching , 1975, Commun. ACM.

[18]  Igor Santos,et al.  Opcode sequences as representation of executables for data-mining-based unknown malware detection , 2013, Inf. Sci..

[19]  Razvan Pascanu,et al.  Malware classification with recurrent networks , 2015, 2015 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).