Abstract
Malicious software is designed to destroy or occupy the resources of the target computer, which seriously violates the legitimate interests of users.
Currently, methods based on static detection have certain limitations to the malicious samples of system call confusion. The existing dynamic detection methods mainly extract features from the local system Application Programming Interface (API) sequence dynamically invoked, and combine them with Random Forests and N-grams, which have limited accuracy for detection results. This paper proposes a weight generation algorithm based on Attention mechanism and multi-feature fusion approach, combined with the advantages of Convolutional Neural Networks (CNN) and Gated Recurrent Unit (GRU) algorithms to learn local features of the API sequence and dependencies and relations among API sequences. The experiment tested eight of the most common types of malware. Experimental results show that the proposed method shows a better work than traditional malware detection model in the research of malware detection based on system API call sequences.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Vinod, P., Zemmari, A., Conti, M.: A machine learning based approach to detect malicious android apps using discriminant system calls. Future Gener. Comput. Syst. 94, 333–350 (2019)
Yang, H., Xu, J.: Android malware detection based on improved random forest algorithm. J. Commun. 38(04), 8–16 (2017)
Dahl, G.E., Stokes, J.W., Deng, L., et al.: Large-scale malware classification using random projections and neural networks. In: 38th IEEE International Conference on Acoustics, Speech and Signal Processing, pp. 3422–3426. IEEE Press, New York (2013)
Saxe, J., Berlin, K.: Deep neural network based malware detection using two dimensional binary program features. In: 10th International Conference on Malicious and Unwanted Software, pp. 11–20. IEEE Press, New York (2015)
Sami, A., Yadegari, B., Rahimi, H., Peiravian, N., Hashemi, S., Hamze, A.: Malware detection based on mining API calls. In: 25th Proceedings of the 2010 ACM Symposium on Applied Computing, pp. 1020–1025. ACM Press, New York (2010)
Alazab, M., Venkataraman, S., Watters, P.: Towards understanding malware behaviour by the extraction of API calls. In: 2nd 2010 Second Cybercrime and Trustworthy Computing Workshop, pp. 52–59. IEEE Press, New York (2010)
Vaswani, A., Shazeer, N., Parmar, N., et al.: Attention is all you need. In: Advances in Neural Information Processing Systems, pp. 5998–6008 (2017)
Bahdanau, D., Chorowski, J., Serdyuk, D., Brakel, P., Bengio, Y.: End-to-end attention-based large vocabulary speech recognition. In: 13th 2016 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pp. 4945–4949. IEEE Press, New York (2016)
Cho, K., Van Merrienboer, B., Gulcehre, C., Bahdanau, D., Bougares, F., Schwenk, H., et al.: Learning phrase representations using RNN encoder-decoder for statistical machine translation. In: Conference on Empirical Methods in Natural Language Processing (2014)
Dai, Y., Li, H., Qian, Y., Yang, R., Zheng, M.: SMASH: a malware detection method based on multi-feature ensemble learning. IEEE Access 7, 112588–112597 (2019)
Yakura, H., Shinozaki, S., Nishimura, R., Oyama, Y., Sakuma, J.: Malware analysis of imaged binary samples by convolutional neural network with attention mechanism. In: Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy, pp. 127–134. ACM Press, New York (2018)
Kim, Y.: Convolutional neural networks for sentence classification. In: Conference on Empirical Methods in Natural Language Processing (EMNLP), pp. 1746–1751 (2014)
Cho, K., Van Merrienboer, B., Gulcehre, C., Bahdanau, D., Bougares, F., Schwenk, H., et al.: Learning phrase representations using RNN encoder-decoder for statistical machine translation. In: Conference on Empirical Methods in Natural Language Processing(EMNLP) (2014)
Gulcehre, C., Cho, K., Pascanu, R., Bengio, Y.: Learned-norm pooling for deep Feedforward and recurrent neural networks. In: Calders, T., Esposito, F., Hüllermeier, E., Meo, R. (eds.) ECML PKDD 2014. LNCS (LNAI), vol. 8724, pp. 530–546. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44848-9_34
Shin, H.C., Roth, H.R., Gao, M., et al.: Deep convolutional neural networks for computer-aided detection: CNN architectures, dataset characteristics and transfer learning. IEEE Trans. Med. Imaging 35(5), 1285–1298 (2016)
Ling, H., Wu, J., Li, P., et al.: Attention-aware network with latent semantic analysis for clothing invariant gait recognition. Comput. Mater. Continua 60(3), 1041–1054 (2019)
Xiong, Z., Shen, Q., Wang, Y., et al.: Paragraph vector representation based on word to vector and CNN learning. Comput. Mater. Continua 55(2), 213–227 (2018)
Qiu, J., et al.: Dependency-based local attention approach to neural machine translation. Comput. Mater. Continua 59(2), 547–562 (2019)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Wang, Y., Xu, S. (2020). Method of Multi-feature Fusion Based on Attention Mechanism in Malicious Software Detection. In: Sun, X., Wang, J., Bertino, E. (eds) Artificial Intelligence and Security. ICAIS 2020. Lecture Notes in Computer Science(), vol 12239. Springer, Cham. https://doi.org/10.1007/978-3-030-57884-8_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-57884-8_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-57883-1
Online ISBN: 978-3-030-57884-8
eBook Packages: Computer ScienceComputer Science (R0)