Abstract
This paper presents API-MalDetect, a new deep learning-based automated framework for detecting malware attacks in Windows systems. The framework uses an NLP-based encoder for API calls and a hybrid automatic feature extractor based on convolutional neural networks (CNNs) and bidirectional gated recurrent units (BiGRU) to extract features from raw and long sequences of API calls. The proposed framework is designed to detect unseen malware attacks and prevent performance degradation over time or across different rates of exposure to malware by reducing temporal bias and spatial bias during training and testing. Experimental results show that API-MalDetect outperforms existing state-of-the-art malware detection techniques in terms of accuracy, precision, recall, F1-score, and AUC-ROC on different benchmark datasets of API call sequences. These results demonstrate that the ability to automatically identify unique and highly relevant patterns from raw and long sequences of API calls is effective in distinguishing malware attacks from benign activities in Windows systems using the proposed API-MalDetect framework. API-MalDetect is also able to show cybersecurity experts which API calls were most important in malware identification. Furthermore, we make our dataset available to the research community.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
