Malware Classification Based on GAF Visualization of Dynamic API Call Sequences | |
---|---|
Author | |
Abstract |
Malware Classification - Due to the constant updates of malware and its variants and the continuous development of malware obfuscation techniques. Malware intrusions targeting Windows hosts are also on the rise. Traditional static analysis methods such as signature matching mechanisms have been difficult to adapt to the detection of new malware. Therefore, a novel visual detection method of malware is proposed for first-time to convert the Windows API call sequence with sequential nature into feature images based on the Gramian Angular Field (GAF) idea, and train a neural network to identify malware. The experimental results demonstrate the effectiveness of our proposed method. For the binary classification of malware, the GAF visualization image of the API call sequence is compared with its original sequence. After GAF visualization, the classification accuracy of the classic machine learning model MLP is improved by 9.64%, and the classification accuracy of the deep learning model CNN is improved by 4.82%. Furthermore, our experiments show that the proposed method is also feasible and effective for the multi-class classification of malware. |
Year of Publication |
2022
|
Conference Name |
2022 IEEE 22nd International Conference on Communication Technology (ICCT)
|
Date Published |
March
|
DOI |
10.1109/ICCT56141.2022.10073202
|
Google Scholar | BibTeX | DOI |