Malware detection has noticeably increased in computer security community. However, little is known about a malware’s intentions. In this study, we propose a novel idea to adopt sequence-to-sequence (seq2seq) neural network architecture to analyze a sequence of Windows API invocation calls recording a malware at runtime, and generate tags to describe its malicious behavior. To the best of our knowledge, this is the first research effort which incorporate a malware’s intentions in malware analysis and in security domain. It is important to note that we design three embedding modules for transforming Windows API’s parameter values, registry, a file name and URL, into low-dimension vectors to preserve the semantics. Also, we apply the attention mechanism [10] to capture the relationship between a tag and certain API invocation calls when predicting tags. This will be helpful for security analysts to understand malicious intentions with easy-to-understand description. Results demonstrated that seq2seq model could mostly find possible malicious actions.
CITATION STYLE
Huang, Y. T., Chen, Y. Y., Yang, C. C., Sun, Y., Hsiao, S. W., & Chen, M. C. (2019). Tagging Malware Intentions by Using Attention-Based Sequence-to-Sequence Neural Network. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 11547 LNCS, pp. 660–668). Springer Verlag. https://doi.org/10.1007/978-3-030-21548-4_38
Mendeley helps you to discover research relevant for your work.