Dynamic Behavior Detection for Malware Based on Dual-stream Converged Networks
To address the problem that traditional static analysis methods are difficult to capture the complex and changeable dynamic behavior of malware,the experiment is based on dynamic feature analysis techniques,through studying the WindowsAPI call sequences of eight common malware,it is found that the before-and-after order of API call sequences and the call frequency will directly reflect the malicious behavior of malware.The experiment uses TF-IDF(Term Frequency-Inverse Document Frequency)technique to vectorize the API call sequences,and designs a Deep Learning model based on CNN-BiLSTM dual-stream converged network to model the before-and-after dependency relationship of such API calls and realize the dynamic detection of common malware.The experimental results indicate that the test accuracy of this model reaches 95.99%,which is better than RF,SVM,LSTM,BiLSTM and CNN-LSTM models,and provides reference for malware detection.
API call sequencedynamic detectionDeep Learningfeature representation
国家科技期刊平台
NSTL
万方数据
维普
