Malware Classification using Long Short-term Memory Models

Dennis Dang, Fabio Di Troia, Mark Stamp

Abstract

Signature and anomaly based techniques are the quintessential approaches to malware detection. However, these techniques have become increasingly ineffective as malware has become more sophisticated and complex. Researchers have therefore turned to deep learning to construct better performing model. In this paper, we create four different long-short term memory (LSTM) based models and train each to classify malware samples from 20 families. Our features consist of opcodes extracted from malware executables. We employ techniques used in natural language processing (NLP), including word embedding and bidirection LSTMs (biLSTM), and we also use convolutional neural networks (CNN). We find that a model consisting of word embedding, biLSTMs, and CNN layers performs best in our malware classification experiments.

Download


Paper Citation


in Harvard Style

Dang D., Di Troia F. and Stamp M. (2021). Malware Classification using Long Short-term Memory Models.In Proceedings of the 7th International Conference on Information Systems Security and Privacy - Volume 1: ForSE, ISBN 978-989-758-491-6, pages 743-752. DOI: 10.5220/0010378007430752


in Bibtex Style

@conference{forse21,
author={Dennis Dang and Fabio Di Troia and Mark Stamp},
title={Malware Classification using Long Short-term Memory Models},
booktitle={Proceedings of the 7th International Conference on Information Systems Security and Privacy - Volume 1: ForSE,},
year={2021},
pages={743-752},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010378007430752},
isbn={978-989-758-491-6},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 7th International Conference on Information Systems Security and Privacy - Volume 1: ForSE,
TI - Malware Classification using Long Short-term Memory Models
SN - 978-989-758-491-6
AU - Dang D.
AU - Di Troia F.
AU - Stamp M.
PY - 2021
SP - 743
EP - 752
DO - 10.5220/0010378007430752