API Call-Based Malware Classification Using Recurrent Neural Networks

作     者：Li, Chen Zheng, Junjun 

作者机构：Department of Bioscience and Bioinformatics Faculty of Computer Science and Systems Engineering Kyushu Institute of Technology Iizuka Japan Department of Information Science and Engineering Ritsumeikan University Kusatsu 525-8577 Japan 

出 版 物：《Journal of Cyber Security and Mobility》 (J. Cyber Secur. Mobil.)

年 卷 期：2021年第10卷第3期

页      面：617-640页

主　　题：API call sequence Gated recurrent unit (GRU) Long short-term memory Malware classification Recurrent neural network 

摘      要：Malicious software, called malware, can perform harmful actions on computer systems, which may cause economic damage and information leakage. Therefore, malware classification is meaningful and required to prevent malware attacks. Application programming interface (API) call sequences are easily observed and are good choices as features for malware classification. However, one of the main issues is how to generate a suitable feature for the algorithms of classification to achieve a high classification accuracy. Different malware sample brings API call sequence with different lengths, and these lengths may reach millions, which may cause computation cost and time complexities. Recurrent neural networks (RNNs) is one of the most versatile approaches to process time series data, which can be used to API call-based Malware calssification. In this paper, we propose a malware classification model with RNN, especially the long short-term memory (LSTM) and the gated recurrent unit (GRU), to classify variants of malware by using long-sequences of API calls. In numerical experiments, a benchmark dataset is used to illustrate the proposed approach and validate its accuracy. The numerical results show that the proposed RNN model works well on the malware classification. © 2021. River Publishers. All Rights Reserved.