Research on intelligent detection method of malicious behavior based on Self-Attention
Conference: ICMLCA 2021 - 2nd International Conference on Machine Learning and Computer Application
12/17/2021 - 12/19/2021 at Shenyang, China
Proceedings: ICMLCA 2021
Pages: 5Language: englishTyp: PDF
Personal VDE Members are entitled to a 10% discount on this title
Authors:
He, Ying; Zhao, Yuntao; Feng, Yongxin (School of Information Science and Engineering, Shenyang Ligong University, Shenyang, Liaoning, China)
Geng, Shengnan (Beijing Institute of Astronautic Systems Engineering, Beijing, China)
Abstract:
With the increasing malware variants and malicious attacks, cyberspace security has attracted more and more attention. In the paper, a detection method combining Self-Attention mechanism with LSTM (Long-Short Term Memory) is proposed to detect malware. Malware and its variants perform malicious operations through the API sequence provided by the OS. Therefore, malicious behavior can be determined by analyzing the API sequence with context connection and semantic information on the code. In the paper, we vectorize the API sequence for representation of malicious behaviors with the word2vec model which can transform the semantic information sequence into Dense Vectors. Also, the attention mechanism is introduced to enhance the differentiation of key features. We obtain API call sequence with labels of five major malicious families including Ramnit, Lethic, Sality, Emotet, and Ursnif, and compare the detection effectiveness of five families on different models. The experimental results show that the Self-Attention+LSTM model is better for malicious behavior detection, with an accuracy of 91%.