Leveraging the Power of Zero-shot Learning for Malware Detection using Application Programming Interface Call Sequences

Currently one of the biggest threats to computer security is malware, which is software designed specifically to harm or infiltrate computers without the owner’s consent. Malware developers often utilize Application Programming Interface (API) calls to carry out these attacks. Recently, the use of Deep Learning (DL) has emerged as a possible solution for recognizing malware from these API calls. Supervised deep learning methods have proven their usefulness in recognizing exploitative code patterns in known big data sets by crafting super complicated systems. These approaches are ineffective against concealed or zero-day malware variants as they depend on vast amounts of datasets that are updated frequently. To solve these problems, this paper employs zero-shot learning to analyze the model’s ability to recognize unseen malware samples without any labeling. The proposed DL system can use zero-shot learning to recognize new evolution of malware before they come into existence, thus decreasing the reliance on up-to-date threat databases. The proposed method achieved accuracies of 0.98 on the Kaggle Malware Detection dataset, 0.98 on the API Call Sequences dataset, and 1.0 on the UCI Malware Detection dataset. The research results show that deep learning is effective for malware detection and exemplify how online emerging threats can be countered with zero-shot learning.