Cryptomining Malware Early Detection Method Based on SDR
Cryptomining malware aims to steal computing resources from devices to mine cryptocurrency,seriously compromising network security while consuming a large amount of computing resources.Current dynamic detection methods for cryptomining malware mainly rely on host behavior or network traffic collected during a long sample run for detection,which does not balance the timeliness and accuracy of detection.By analyzing the DLL(dynamic link library)called and the return value of the API called by the cryptomining malware at the early stage of operation,we propose an API sentence embedding method based on DLL and API return value(SDR),and further propose a cryptomining malware early detection method based on SDR(CEDS).CEDS uses SDR to convert the API name sequences,API returns value sequences,and DLL sequences generated in the early stages of soft-ware operation into sentence vector sequences,and uses TextCNN to build a model for early detection of cryptomining malware.Experimental results show that CEDS can determine whether a software sample is cryptomining malware or benign software with an average time of 0.510 6 s and an accuracy of 96.75%.
NETL
NSTL
万方数据
