TY - GEN
T1 - A Novel Malware Detection Approach Based on Behavioral Semantic Analysis and LSTM Model
AU - Han, Weijie
AU - Xue, Jingfeng
AU - Qian, Kechang
N1 - Publisher Copyright:
© 2021 IEEE.
PY - 2021
Y1 - 2021
N2 - Malware has been a major security threat to cyberspace. To identify the maliciousness of a program, researchers usually extract relevant semantic features from the program to analyze the operational intent of the program, and the most common object of analysis is the sequence of system calls of the program. System call sequences can effectively reflect the behavioral characteristics of a program, but are relatively low-level and poorly comprehensible, making it difficult to intuitively reflect the behavioral intent of a program. For this reason, this paper further analyzes the operation behavior types corresponding to the program system calls on the basis of the analysis of the program system call sequences, so as to realize the understanding of the program behavior semantics based on the analysis of the program behavior operation sequences. In this paper, 15 behavior types are defined to characterize the behavior semantics of the program, and the program feature vector is constructed by extracting the operation sequence of the program behavior types, which can simplify the complexity of the feature vector and understand the behavior operation intention of the program more accurately, and finally the detection accuracy of the classifier constructed based on the deep learning model LSTM can reach 96.14 %.
AB - Malware has been a major security threat to cyberspace. To identify the maliciousness of a program, researchers usually extract relevant semantic features from the program to analyze the operational intent of the program, and the most common object of analysis is the sequence of system calls of the program. System call sequences can effectively reflect the behavioral characteristics of a program, but are relatively low-level and poorly comprehensible, making it difficult to intuitively reflect the behavioral intent of a program. For this reason, this paper further analyzes the operation behavior types corresponding to the program system calls on the basis of the analysis of the program system call sequences, so as to realize the understanding of the program behavior semantics based on the analysis of the program behavior operation sequences. In this paper, 15 behavior types are defined to characterize the behavior semantics of the program, and the program feature vector is constructed by extracting the operation sequence of the program behavior types, which can simplify the complexity of the feature vector and understand the behavior operation intention of the program more accurately, and finally the detection accuracy of the classifier constructed based on the deep learning model LSTM can reach 96.14 %.
KW - behavior type
KW - long short term memory network (LSTM)
KW - malware detection
KW - semantic features
UR - http://www.scopus.com/inward/record.url?scp=85124400721&partnerID=8YFLogxK
U2 - 10.1109/ICCT52962.2021.9658113
DO - 10.1109/ICCT52962.2021.9658113
M3 - Conference contribution
AN - SCOPUS:85124400721
T3 - International Conference on Communication Technology Proceedings, ICCT
SP - 339
EP - 343
BT - 2021 IEEE 21st International Conference on Communication Technology, ICCT 2021
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 21st IEEE International Conference on Communication Technology, ICCT 2021
Y2 - 13 October 2021 through 16 October 2021
ER -