Open AccessAPI Call-Based Malware Classification Using Recurrent Neural Networks
Author(s) -
Chen Li,
Junjun Zheng
Publication year - 2021
Publication title -
journal of cyber security and mobility
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.198
H-Index - 9
eISSN - 2245-4578
pISSN - 2245-1439
DOI - 10.13052/jcsm2245-1439.1036
Subject(s) - malware , computer science , recurrent neural network , machine learning , benchmark (surveying) , artificial intelligence , artificial neural network , data mining , long short term memory , application programming interface , computer security , operating system , geodesy , geography
Malicious software, called malware, can perform harmful actions on computer systems, which may cause economic damage and information leakage. Therefore, malware classification is meaningful and required to prevent malware attacks. Application programming interface (API) call sequences are easily observed and are good choices as features for malware classification. However, one of the main issues is how to generate a suitable feature for the algorithms of classification to achieve a high classification accuracy. Different malware sample brings API call sequence with different lengths, and these lengths may reach millions, which may cause computation cost and time complexities. Recurrent neural networks (RNNs) is one of the most versatile approaches to process time series data, which can be used to API call-based Malware calssification. In this paper, we propose a malware classification model with RNN, especially the long short-term memory (LSTM) and the gated recurrent unit (GRU), to classify variants of malware by using long-sequences of API calls. In numerical experiments, a benchmark dataset is used to illustrate the proposed approach and validate its accuracy. The numerical results show that the proposed RNN model works well on the malware classification.