A System-call Behavior Language System for Malware Detection Using A Sensitivity-based LSTM Model

Abstract

With the increasing number and variety of malware, it is imperative to design behavior analysis system to detect them. In this paper, we propose a sensitivity-based LSTM model to design a System-call Behavioral Language (SBL) system for malware detection. The behavior of software can be represented by a System-call sequence. Each System-call has different sensitivity which is related with the resource it handles and so should be paid different attention. The model we designed in SBL system consists of two parts: behavior language learning and sensitivity-based attention calculation. Our model obtains the AUC values of 0.99 on the test dataset, and 0.93 on the unknown dataset which is 0.15 higher than KNN and 0.02 higher than Random Forest. Especially, our model achieves 78% specificity on the unknown attack dataset, while the classic language model can only reach 66%.