Abstract
Malicious software threats and their detection have been gaining importance as a subdomain of information security due to the expansion of ICT applications in daily settings. A major challenge in designing and developing anti-malware systems is the coverage of the detection, particularly the development of dynamic analysis methods that can detect polymorphic and metamorphic malware efficiently. In the present study, we propose a methodological framework for detecting malicious code by analyzing run trace outputs by Long Short-Term Memory (LSTM). We developed models of run traces of malicious and benign Portable Executable (PE) files. We created our dataset from run trace outputs obtained from dynamic analysis of PE files. The obtained dataset was in the instruction format as a sequence and was called Instruction as a Sequence Model (ISM). By splitting the first dataset into basic blocks, we obtained the second one called Basic Block as a Sequence Model (BSM). The experiments showed that the ISM achieved an accuracy of 87.51% and a false positive rate of 18.34%, while BSM achieved an accuracy of 99.26% and a false positive rate of 2.62%.
Highlights
Today’s evolving information systems are frequently attacked with malicious intent or different motivations
We focused on deep learning methods and used a specialized type of Recurrent Neural Network (RNN) called Long Short-Term Memory (LSTM) proposed by Hochreiter and Schmidhuber [6]
THE Instruction as a Sequence Model (ISM) (Instruction AS A SEQUENCE Model) We conducted a total of 16 experiments for the first model, ISM by manipulating 4 values for the sequence length, 3 values for dropout rate, 5 values for optimizer and 4 values for the number of LSTM nodes
Summary
Today’s evolving information systems are frequently attacked with malicious intent or different motivations. One of the main attack methods is malicious software, i.e., malware, which includes specific types such as viruses, worms, and trojans. Malware can be used to attack operating systems and applications and cause damage at both personal and corporate levels. Exploiting a vulnerability in computer systems through malicious software, real-time systems’ availability is targeted, and valuable data is rendered unusable. The spread of this type of malware is becoming faster due to the increased connectivity of new devices such as computers, smartphones, smart televisions, and devices in the home area network, i.e., IoT devices. The increase in mobile devices’ use encourages malware authors to focus on mobile operating systems and applications, which will eventually
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
