计算机科学
恶意软件
分类器(UML)
应用程序编程接口
人工智能
文字2vec
数据挖掘
机器学习
降级
后门
概化理论
模式识别(心理学)
离散余弦变换
信息安全
信息敏感性
行为建模
补语(音乐)
散列函数
人工神经网络
特征提取
验证码
行为模式
块(置换群论)
深度学习
密码学
标识
DOI:10.1093/comjnl/bxag031
摘要
Abstract In dynamic malware detection, analyzing application programming interface (API) parameters is proven to effectively complement the security information provided by APIs. Previous research on API parameters has focused on the security behavior of APIs and their parameters, while overlooking the behavioral correlation among parameters. This oversight results in limited generalizability of detection models and diminished accuracy. In this study, we present WHPar, a novel deep neural network-based malware detection approach for analyzing API parameters to identify behavioral relationships among them. It first employs the Word2Vec method to capture context-containing Information on security behavior from the API and its parameters, respectively. Then, it employs discrete cosine transform from the perceptual hash algorithm to transform the contextual information and perform embedding, for a sequence containing more comprehensive behavioral information derived from the API parameters. Finally, it feeds the sequences into the bidirectional long short-term memory model for training a binary classifier to detect malware. Experimental results demonstrate that WHPar significantly outperforms baseline methods. Moreover, when malicious samples are less prevalent than benign samples, WHPar yields superior detection results compared with other established methods in this field.
科研通智能强力驱动
Strongly Powered by AbleSci AI