BD-MDLC: Behavior description-based enhanced malware detection for windows environment using longformer classifier

Abstract

The digital landscape faces an escalating wave of sophisticated malware threats to organizations and individuals, and it is increasingly vulnerable to cyber attacks. The dominance of Windows operating systems across corporate and individual computing environments renders Windows a prime target for cyber threats. As malware increasingly employs advanced code obfuscation and packing techniques to evade static detection, dynamic analysis through API calls has become more helpful in identifying malicious behavior. The deep learning techniques emerge as a promising strategy, significantly advancing the field of malware detection in response to the ever-evolving cyber threat landscape. Leveraging advanced deep learning techniques, we introduce a cutting-edge malware detection framework that utilizes the Longformer model, specifically designed to handle extensive text sequences. Our novel approach transforms API call sequences into detailed natural language descriptions with the help of API descriptions and arguments, thereby enabling a deeper understanding of software behaviors. This transformation allows the Longformer model to identify malicious patterns, offering enhanced detection accuracy efficiently. Comparative analyses with state-of-the-art techniques and conventional deep learning models reveal that our proposed method showcases significant performance improvements in terms of accuracy, precision, recall, and F1 score. The proposed model achieves an accuracy of 0.992, highlighting its efficacy in accurately identifying and classifying malicious behavior.