A dynamic malware detection mothod based on Transformer and LSTM
GUAN Yichen
1
管怡晨(1996-),女,硕士研究生在读,主要研究方向:恶意软件检测
YANG Tan
1
杨谈(1982-),女,副教授、硕导,主要研究方向:网络测量与性能分析、社会网络分析、移动互联网
1、School of Computer Science, University of Posts and Telecommunications, Beijing 100876
Abstract:With the rapid development of the Internet, the continuous growth of malwares and their variants have brought great challenges to the information security of computer users. In order to solve the problem that traditional malware detection highly relies on professional knowledge and the malware detection method based on static analysis is lack of software dynamic runtime information, this paper proposes a dynamic analysis-based hybrid model T-BiLSTM that combines the structure of the Transformer and long-term memory network(LSTM).The T-BiLSTM model makes use of both the advantages fromthe Transformer and LSTM during the process of analysing dynamic malware API call sequences. Experiments have shown that the de-duplication of the malware API call sequence improves the model performance. The T-BiLSTM model achieves an accuracy of 88.69% on the eight-category dataset. Not only does the performance of the model better than the existing method, but alse surpasses the naive LSTM model.