Enhanced Malware Prediction and Containment Using Bayesian Neural Networks

In this paper, we present an integrated framework leveraging natural language processing (NLP) techniques and machine learning (ML) algorithms to detect malware at its early stage and predict its upcoming actions. We analyze application programming interface (API) call sequences in the same way as natural language inputs. Specifically, the proposed model employs Bi-LSTM neural networks and Bayesian neural networks (BNN) for this analysis. In the first part, a Bagging-XGBoost algorithm interprets consecutive API calls as 2-gram and 3-gram strings for early-stage malware detection and feature importance analysis. Additionally, a Bi-LSTM predicts the upcoming actions of an active malware by estimating the next API call in a sequence. Two separate Bayesian Bi-LSTMs are then developed in the second part to complement the above analysis. The first architecture is for early-stage malware detection, and the other is to predict the following action of active malware. The BNN not only predicts future malware actions but also assesses the uncertainty of each prediction. It enhances the process by providing the second and third most probable predictions, increasing system reliability and effectiveness. Our unified framework demonstrates efficiency in malware detection and action prediction, marking a significant advancement in countering malware threats. The Bayesian Bi-LSTM developed for predicting the next API call has an average accuracy of 89.53%. Additionally, the accuracy of the framework for malware detection at the early stage is 96.44%, demonstrating the superior performance of the proposed framework.