A novel malware detection method based on API embedding and API parameters

Bo Zhou, Hai Huang, Jun Xia, Donghai Tian*

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

1 Citation (Scopus)

Abstract

Malware is becoming increasingly prevalent in recent years with the widespread deployment of the information system. Many malicious programs pose a great threat to information systems. In the past decade, various malware detection methods are proposed. Particularly, many studies rely on API features for identifying malware. However, the existing methods do not fully make use of the API features. To address these issues, we propose APInspector, a novel dynamic malware detection solution by carefully inspecting API invocations. This method first leverages a dynamic instrumentation tool to hook the target program for collecting the API sequence and argument features. Then, it exploits a HAN (Hierarchical Attention Network) model to analyze the API sequence features. For analyzing the API argument features, we apply an MLP (Multi-Layer Perceptron) model. To fully leverage the API sequence and argument features, we propose a hybrid model, which combines the HAN and MLP models. The evaluation shows that our approach can detect and classify malware effectively and it outperforms the single models.

Original languageEnglish
Pages (from-to)2748-2766
Number of pages19
JournalJournal of Supercomputing
Volume80
Issue number2
DOIs
Publication statusPublished - Jan 2024

Keywords

  • API
  • Hierarchical attention network
  • Malware detection
  • Multi-layer perceptron

Fingerprint

Dive into the research topics of 'A novel malware detection method based on API embedding and API parameters'. Together they form a unique fingerprint.

Cite this