Research on intelligent detection method of malicious behavior based on Self-Attention

Konferenz: ICMLCA 2021 - 2nd International Conference on Machine Learning and Computer Application
17.12.2021 - 19.12.2021 in Shenyang, China

Tagungsband: ICMLCA 2021

Seiten: 5Sprache: EnglischTyp: PDF

Persönliche VDE-Mitglieder erhalten auf diesen Artikel 10% Rabatt

Autoren:
He, Ying; Zhao, Yuntao; Feng, Yongxin (School of Information Science and Engineering, Shenyang Ligong University, Shenyang, Liaoning, China)
Geng, Shengnan (Beijing Institute of Astronautic Systems Engineering, Beijing, China)

Inhalt:
With the increasing malware variants and malicious attacks, cyberspace security has attracted more and more attention. In the paper, a detection method combining Self-Attention mechanism with LSTM (Long-Short Term Memory) is proposed to detect malware. Malware and its variants perform malicious operations through the API sequence provided by the OS. Therefore, malicious behavior can be determined by analyzing the API sequence with context connection and semantic information on the code. In the paper, we vectorize the API sequence for representation of malicious behaviors with the word2vec model which can transform the semantic information sequence into Dense Vectors. Also, the attention mechanism is introduced to enhance the differentiation of key features. We obtain API call sequence with labels of five major malicious families including Ramnit, Lethic, Sality, Emotet, and Ursnif, and compare the detection effectiveness of five families on different models. The experimental results show that the Self-Attention+LSTM model is better for malicious behavior detection, with an accuracy of 91%.