Tagging Malware Intentions By Using Attention-Based Sequence-To-Sequence Neural Network
INFORMATION SECURITY AND PRIVACY, ACISP 2019(2019)
摘要
Malware detection has noticeably increased in computer security community. However, little is known about a malware's intentions. In this study, we propose a novel idea to adopt sequence-to-sequence (seq2seq) neural network architecture to analyze a sequence of Windows API invocation calls recording a malware at runtime, and generate tags to describe its malicious behavior. To the best of our knowledge, this is the first research effort which incorporate a malware's intentions in malware analysis and in security domain. It is important to note that we design three embedding modules for transforming Windows API's parameter values, registry, a file name and URL, into low-dimension vectors to preserve the semantics. Also, we apply the attention mechanism [10] to capture the relationship between a tag and certain API invocation calls when predicting tags. This will be helpful for security analysts to understand malicious intentions with easy-to-understand description. Results demonstrated that seq2seq model could mostly find possible malicious actions.
更多查看译文
关键词
Malware analysis, Dynamic analysis, seq2seq neural network
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络