Malware classification using long short-term memory models

Authors

Dennis Dang, San Jose State University
Fabio Di Troia, San Jose State UniversityFollow
Mark Stamp, San Jose State UniversityFollow

Publication Date

1-1-2021

Document Type

Conference Proceeding

Publication Title

ICISSP 2021 - Proceedings of the 7th International Conference on Information Systems Security and Privacy

DOI

10.5220/0010378007430752

First Page

743

Last Page

752

Abstract

Signature and anomaly based techniques are the quintessential approaches to malware detection. However, these techniques have become increasingly ineffective as malware has become more sophisticated and complex. Researchers have therefore turned to deep learning to construct better performing model. In this paper, we create four different long-short term memory (LSTM) based models and train each to classify malware samples from 20 families. Our features consist of opcodes extracted from malware executables. We employ techniques used in natural language processing (NLP), including word embedding and bidirection LSTMs (biLSTM), and we also use convolutional neural networks (CNN). We find that a model consisting of word embedding, biLSTMs, and CNN layers performs best in our malware classification experiments.

Keywords

BiLSTM, CNN, Deep Learning, LSTM, Machine Learning, Malware

Creative Commons License

This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.

Department

Computer Science

Recommended Citation

Dennis Dang, Fabio Di Troia, and Mark Stamp. "Malware classification using long short-term memory models" ICISSP 2021 - Proceedings of the 7th International Conference on Information Systems Security and Privacy (2021): 743-752. https://doi.org/10.5220/0010378007430752