A Novel Malware Detection Model in the Software Supply Chain Based on LSTM and SVMs-Reference-Cited by-同舟云学术

A Novel Malware Detection Model in the Software Supply Chain Based on LSTM and SVMs

Published:2024-07-31 Issue:15 Volume:14 Page:6678
ISSN:2076-3417
Container-title:Applied Sciences
language:en
Short-container-title:Applied Sciences

Author:

Zhou Shuncheng¹^ORCID,Li Honghui¹^ORCID,Fu Xueliang¹,Jiao Yuanyuan¹^ORCID

Affiliation:

1. College of Computer and Information Engineering, Inner Mongolia Agricultural University, Hohhot 010018, China

Abstract

With the increasingly severe challenge of Software Supply Chain (SSC) security, the rising trend in guarding against security risks has attracted widespread attention. Existing techniques still face challenges in both accuracy and efficiency when detecting malware in SSC. To meet this challenge, this paper introduces two novel models, named the Bayesian Optimization-based Support Vector Machine (BO-SVM) and the Long Short-Term Memory–BO-SVM (LSTM-BO-SVM). The BO-SVM model is constructed on an SVM foundation, with its hyperparameters optimized by Bayesian Optimization. To further enhance its accuracy and efficiency, the LSTM-BO-SVM model is proposed, building upon BO-SVM and employing LSTM networks for pre-classification. Extensive experiments were conducted on two datasets: the balanced ClaMP dataset and the unbalanced CICMalDroid-2020 dataset. The experimental results indicate that the BO-SVM model is superior to other models in terms of accuracy; the accuracy of the LSTM-BO-SVM model on the two datasets is 98.2% and 98.6%, respectively, which is 2.9% and 2.2% higher than that of the BO-SVM on these two datasets.

Funder

National Natural Science Foundation of China

Basic Scientific Research Foundation Project of Colleges and Universities directly under the Inner Mongolia Autonomous Region

Inner Mongolia Autonomous Region Science and Technology Program

China Ministry of Education industry–university cooperative education project

Natural Science Foundation project of the Inner Mongolia Autonomous Region

Inner Mongolia Autonomous Region Graduate Research Innovation Project

Publisher

MDPI AG

Link

https://www.mdpi.com/2076-3417/14/15/6678/pdf

Reference40 articles.

1. Open-source software supply chain security research review;Ji;J. Softw.,2023

2. Masum, M., Nazim, M., Faruk, M.J.H., Shahriar, H., Valero, M., Khan, M.A.H., Uddin, G., Barzanjeh, S., Saglamyurek, E., and Rahman, A. (July, January 27). Quantum machine learning for software supply chain attacks: How far can we go?. Proceedings of the 2022 IEEE 46th Annual Computers, Software, and Applications Conference (COMPSAC), Los Alamitos, CA, USA.

3. Sonatype (2024, July 08). 2020 State of the Software Supply Chain. Available online: https://www.globenewswire.com/.

4. Sonicwall (2023, July 06). Sonicwall Cyber Threat Report. Available online: https://www.sonicwall.com/medialibrary/en/white-paper/2023-cyber-threat-report.pdf.

5. A comprehensive review on malware detection approaches;Aslan;IEEE Access,2020