基于注意力的BiLSTM恶意软件族分类

Proceedings of the 2023 4th International Conference on Computing, Networks and Internet of Things Pub Date : 2023-05-26 DOI:10.1145/3603781.3603838

Yonglin Liao, Nurbol Luktarhan, Yue Wang, Qinlin Chen

{"title":"基于注意力的BiLSTM恶意软件族分类","authors":"Yonglin Liao, Nurbol Luktarhan, Yue Wang, Qinlin Chen","doi":"10.1145/3603781.3603838","DOIUrl":null,"url":null,"abstract":"Due to API calls being the most prominent characteristic of malicious software, this paper uses Windows API call sequences as features to classify malware families. A BiLSTM model based on attention mechanism is proposed. First, to address the problem of significantly different sample lengths, an algorithm for preprocessing Windows API call sequences of different lengths is improved, referred to as RD in this paper. RD can effectively remove duplicate APIs and reduce the length of API call sequences, and experimental results show that this preprocessing algorithm can improve the classification accuracy. Then, considering the temporal nature of API calls, this paper uses a BiLSTM model that can perceive contextual information and integrates an attention mechanism to improve the model's performance. Experimental results show that the attention-based BiLSTM model outperforms other models.","PeriodicalId":391180,"journal":{"name":"Proceedings of the 2023 4th International Conference on Computing, Networks and Internet of Things","volume":"45 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-05-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Attention-Based BiLSTM For Malware Family Classification\",\"authors\":\"Yonglin Liao, Nurbol Luktarhan, Yue Wang, Qinlin Chen\",\"doi\":\"10.1145/3603781.3603838\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Due to API calls being the most prominent characteristic of malicious software, this paper uses Windows API call sequences as features to classify malware families. A BiLSTM model based on attention mechanism is proposed. First, to address the problem of significantly different sample lengths, an algorithm for preprocessing Windows API call sequences of different lengths is improved, referred to as RD in this paper. RD can effectively remove duplicate APIs and reduce the length of API call sequences, and experimental results show that this preprocessing algorithm can improve the classification accuracy. Then, considering the temporal nature of API calls, this paper uses a BiLSTM model that can perceive contextual information and integrates an attention mechanism to improve the model's performance. Experimental results show that the attention-based BiLSTM model outperforms other models.\",\"PeriodicalId\":391180,\"journal\":{\"name\":\"Proceedings of the 2023 4th International Conference on Computing, Networks and Internet of Things\",\"volume\":\"45 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-05-26\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2023 4th International Conference on Computing, Networks and Internet of Things\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3603781.3603838\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2023 4th International Conference on Computing, Networks and Internet of Things","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3603781.3603838","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

由于API调用是恶意软件最突出的特征，本文采用Windows API调用序列作为特征对恶意软件家族进行分类。提出了一种基于注意机制的BiLSTM模型。首先，为了解决样本长度明显不同的问题，改进了一种预处理不同长度的Windows API调用序列的算法，本文称之为RD。RD可以有效地去除重复API，减少API调用序列的长度，实验结果表明该预处理算法可以提高分类精度。然后，考虑到API调用的时效性，本文采用了能够感知上下文信息的BiLSTM模型，并集成了注意机制来提高模型的性能。实验结果表明，基于注意的BiLSTM模型优于其他模型。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Attention-Based BiLSTM For Malware Family Classification

Due to API calls being the most prominent characteristic of malicious software, this paper uses Windows API call sequences as features to classify malware families. A BiLSTM model based on attention mechanism is proposed. First, to address the problem of significantly different sample lengths, an algorithm for preprocessing Windows API call sequences of different lengths is improved, referred to as RD in this paper. RD can effectively remove duplicate APIs and reduce the length of API call sequences, and experimental results show that this preprocessing algorithm can improve the classification accuracy. Then, considering the temporal nature of API calls, this paper uses a BiLSTM model that can perceive contextual information and integrates an attention mechanism to improve the model's performance. Experimental results show that the attention-based BiLSTM model outperforms other models.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 2023 4th International Conference on Computing, Networks and Internet of Things

自引率

0.00%

发文量