Affiliation:
1. Department of Information Security and Communication Technology, NTNU Norwegian University of Science and Technology, Gjøvik, Norway
2. TUBITAK Bilgem Cyber Security Institute, Kocaeli, Turkey
3. Cyber Security Engineering, Istanbul Sehir University, Istanbul, Turkey
Abstract
Malware development has seen diversity in terms of architecture and features. This advancement in the competencies of malware poses a severe threat and opens new research dimensions in malware detection. This study is focused on metamorphic malware, which is the most advanced member of the malware family. It is quite impossible for anti-virus applications using traditional signature-based methods to detect metamorphic malware, which makes it difficult to classify this type of malware accordingly. Recent research literature about malware detection and classification discusses this issue related to malware behavior. The main goal of this paper is to develop a classification method according to malware types by taking into consideration the behavior of malware. We started this research by developing a new dataset containing API calls made on the windows operating system, which represents the behavior of malicious software. The types of malicious malware included in the dataset are Adware, Backdoor, Downloader, Dropper, spyware, Trojan, Virus, and Worm. The classification method used in this study is LSTM (Long Short-Term Memory), which is a widely used classification method in sequential data. The results obtained by the classifier demonstrate accuracy up to 95% with 0.83 $F_1$-score, which is quite satisfactory. We also run our experiments with binary and multi-class malware datasets to show the classification performance of the LSTM model. Another significant contribution of this research paper is the development of a new dataset for Windows operating systems based on API calls. To the best of our knowledge, there is no such dataset available before our research. The availability of our dataset on GitHub facilitates the research community in the domain of malware detection to benefit and make a further contribution to this domain.
Reference28 articles.
1. “MEDUSA: Malware Detection Using Statistical Analysis of System’s Behavior”;Ahmed,2018
2. Malware detection based on structural and behavioural features of API calls;Alazab,2010
3. Towards understanding malware behaviour by the extraction of API calls;Alazab,2010
4. A proactive malicious software identification approach for digital forensic examiners;Ali;Journal of Information Security and Applications,2019
5. A Benchmark API Call Dataset for Windows PE Malware Classification. CoRR;Çatak,2019
Cited by
65 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献