Affiliation:
1. Key Laboratory of Computing Power Network and Information Security, Ministry of Education, Shandong Computer Science Center (National Supercomputer Center in Jinan), Qilu University of Technology (Shandong Academy of Sciences), Jinan 250014, China
2. Shandong Provincial Key Laboratory of Computer Networks, Shandong Fundamental Research Center for Computer Science, Jinan 250014, China
Abstract
As the amount of malware has grown rapidly in recent years, it has become the most dominant attack method in network security. Learning execution behavior, especially Application Programming Interface (API) call sequences, has been shown to be effective for malware detection. However, it is troublesome in practice to adequate mining of API call features. Among the current research methods, most of them only analyze single features or inadequately analyze the features, ignoring the analysis of structural and semantic features, which results in information loss and thus affects the accuracy. In order to deal with the problems mentioned above, we propose a novel method of malware detection based on semantic information of behavioral features. First, we preprocess the sequence of API function calls to reduce redundant information. Then, we obtain a vectorized representation of the API call sequence by word embedding model, and encode the API call name by analyzing it to characterize the API name’s semantic structure information and statistical information. Finally, a malware detector consisting of CNN and bidirectional GRU, which can better understand the local and global features between API calls, is used for detection. We evaluate the proposed model in a publicly available dataset provided by a third party. The experimental results show that the proposed method outperforms the baseline method. With this combined neural network architecture, our proposed model attains detection accuracy of 0.9828 and an F1-Score of 0.9827.
Funder
Natural Science Foundation of Shandong Province
National Natural Science Foundation of China
National Major Program for Technological Innovation 2030-New Generation Artifical Intelligence
Taishan Scholars Program
Graduate Education and Teaching Reform Research Project of Shandong Province
Education Reform Project of Qilu University of Technology
Subject
Fluid Flow and Transfer Processes,Computer Science Applications,Process Chemistry and Technology,General Engineering,Instrumentation,General Materials Science
Reference56 articles.
1. Minimum dominating set of multiplex networks: Definition, application, and identification;Zhao;IEEE Trans. Syst. Man Cybern. Syst.,2020
2. Detecting Semantic Attack in SCADA System: A Behavioral Model Based on Secondary Labeling of States-Duration Evolution Graph;Xu;IEEE Trans. Netw. Sci. Eng.,2021
3. MalDAE: Detecting and explaining malware based on correlation and fusion of static and dynamic characteristics;Han;Comput. Secur.,2019
4. Korczynski, D., and Yin, H. (November, January 30). Capturing malware propagations with code injections and code-reuse attacks. Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, Dallas, TX, USA.
5. Multi-Mode Attack Detection and Evaluation of Abnormal States for Industrial Control Network;Xu;J. Comput. Res. Dev.,2021
Cited by
1 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献